[4053] in linux-net channel archive
Re: need insight on transparent proxy
daemon@ATHENA.MIT.EDU (Jos Vos)
Fri Aug 16 15:36:14 1996
From: Jos Vos <jos@xos.nl>
To: rdm@tad.micro.umn.edu
Date: Fri, 16 Aug 1996 16:18:38 +0200 (MET DST)
Cc: linux-net@vger.rutgers.edu
In-Reply-To: <19960815222658.5547.qmail@tad.micro.umn.edu> from "rdm@tad.micro.umn.edu" at Aug 15, 96 10:26:58 pm
> I've found it useful to put forwarding services on standard ports -- these
> are tcp servers that just forward to some other machine while logging
> the traffic.
>
> I'm doing this enough that it's getting in the way of normal use of my
> machine (e.g. I want peoplt to be able to telnet and ftp to my machine
> even when it's rigged up to log/forward telnet and ftp traffic off to
> another machine). It seems to me that ip transparent proxy ought to
> do the trick for me -- I just put the forwarding services on otherwise
> unused ports, and have ipfwadm take direct traffic to some othe ip
> address to those ports.
Yep, that certainly is possible, so that you can, for example, redirect
traffic coming from certain IP addresses or coming in via some interface
to the "real" daemon (on some other port) and all other traffic goes
to the forwarding daemon.
> Only thing is, it doesn't seem to be working for me. I've not spent a
> lot of time trying out things (e.g. is -b important?). Is this what
> I need to do? Can someone point me in the right direction?
I need to know what you rconfiguration is, what rules you define, etc.
The -b flag is normally not important, it justs swaps -S and -D so that
you can use 1 rule i.s.o. 2 rules and is mainly used in accounting rules.
I assume you did configure CONFIG_IP_TRANSPARENT_PROXY in your kernel
(after choosing CONFIG_EXPERIMENTAL in the beginning of the config steps)?
--
-- Jos Vos <jos@xos.nl>
-- X/OS Experts in Open Systems BV | Phone: +31 20 6938364
-- Amsterdam, The Netherlands | Fax: +31 20 6948204
