[3785] in linux-net channel archive
Re: CONFIG_IP_TRANSPARENT_PROXY sample programs?
daemon@ATHENA.MIT.EDU (Jos Vos)
Sat Jul 20 14:46:05 1996
From: Jos Vos <jos@xos.nl>
To: shaver@neon.ingenia.ca (Mike Shaver)
Date: Thu, 18 Jul 1996 22:37:57 +0200 (MET DST)
Cc: linux-net@vger.rutgers.edu
In-Reply-To: <199607172122.RAA06899@neon.ingenia.com> from "Mike Shaver" at Jul 17, 96 05:22:47 pm
> Why don't you just have a means of letting a transparent proxy bind to
> an arbitrary address?
I'm not sure whether I understand you correctly, but this is possible
_today_ (that's part of our transparent proxy implementation).
It will only work as root.
> The proxy accepts the connection, then, when it gets a port command:
> bind to a port on 205.207.219.29 for the real server to talk to
> issue an appropriate port command to the real server
> bind to a port on 128.214.48.39
> connect to the port on 10.1.1.2 specified by the client
Yes, this should be possible now (2.0.x). Note that, when a local
process is bound to some foreign address/port, this is an implicit
redirect (so you don't need to insert firewall rules for this part
of the game).
--
-- Jos Vos <jos@xos.nl>
-- X/OS Experts in Open Systems BV | Phone: +31 20 6938364
-- Amsterdam, The Netherlands | Fax: +31 20 6948204
