[4184] in linux-net channel archive
New problems with transparent proxying
daemon@ATHENA.MIT.EDU (lilo)
Sun Aug 25 11:17:53 1996
From: lilo@linpeople.org (lilo)
Date: Sun, 25 Aug 1996 10:11:40 -0500 (CDT)
To: Linux Net Mailing List <linux-net@vger.rutgers.edu>
-----BEGIN PGP SIGNED MESSAGE-----
I'm trying to use transparent proxying to allow me to pipe ftp sessions to a
host through ssh. The ssh piping is working fine; I pipe 4840 to port 20
remotely, 4841 to port 21 remotely, 4842 to port 22 remotely.
However, the transparent proxying is not behaving. Maybe I don't understand
how it's used, though I've certainly read all the available doc (sort of
minimal as far as I can tell). I've configured transparent proxying in the
kernel I'm running.
My ipfwadm statements are:
ipfwadm -I -d accept -P tcp -r 4840 -S varley.linpeople.org 20 -D 0.0.0.0/0 -o
ipfwadm -I -d accept -P tcp -r 4841 -S varley.linpeople.org 21 -D 0.0.0.0/0 -o
ipfwadm -I -d accept -P tcp -r 4842 -S varley.linpeople.org 22 -D 0.0.0.0/0 -o
The packets match--but they don't go through the local pipe. I get log
messages such as:
Aug 25 03:41:02 LiONS kernel: IP fw-in acc/r4842 ppp0 TCP 207.16.36.11:22 128.83.113.22:1023 L=40 S=0x10 I=14501 F=0x0000 T=51
Aug 25 03:41:07 LiONS kernel: IP fw-in acc/r4842 ppp0 TCP 207.16.36.11:22 128.83.113.22:1023 L=40 S=0x10 I=14513 F=0x0000 T=51
Aug 25 03:56:02 LiONS kernel: IP fw-in acc/r4842 ppp0 TCP 207.16.36.11:22 128.83.113.22:1023 L=40 S=0x10 I=17985 F=0x0000 T=51
Aug 25 03:56:07 LiONS kernel: IP fw-in acc/r4842 ppp0 TCP 207.16.36.11:22 128.83.113.22:1023 L=40 S=0x10 I=17991 F=0x0000 T=51
Aug 25 04:11:02 LiONS kernel: IP fw-in acc/r4842 ppp0 TCP 207.16.36.11:22 128.83.113.22:1023 L=40 S=0x10 I=20243 F=0x0000 T=51
But an examination of netstat -at reveals that I have ports open to the
actual ftp site, and tcpdump confirms that the packets are going out
unencrypted to the actual port on the actual site.
`ncftp -p 4841 localhost' works fine, indicating the piping is set up
properly, though of course I can't use the data port.
I'd appreciate any assistance. I'm running kernel 2.0.14....
lilo
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Government is always benevolent. Privacy is overrated.
iQCVAwUBMiBtPZ23L4XLlypxAQFErQP+IPr7Xx87pCqml9Av4rPHsilVsafVNZFx
JJ0VSgU/LkU5VPMr/eidbzNQten2jjVwxLLbX2hw0SgXZN0inwMuobNfusb0SCym
b3DfjN0kHnT8Rb1Q5ujc+FYVRFBcxQfkijdoi5Ck+yaFr8//BoH6WIwU0mSyxDyt
4YJfQDZeT2s=
=B73J
-----END PGP SIGNATURE-----
