[556] in linux-net channel archive
Transparent application-level gateways
daemon@ATHENA.MIT.EDU (Julio Sanchez)
Wed Jun 21 22:10:47 1995
Date: Wed, 21 Jun 95 17:47:18 GMT
From: jsanchez@gmv.es (Julio Sanchez)
To: linux-net@vger.rutgers.edu
Now we have blocking and forwarding filters and masquerading. As far as
I know there is only one piece missing: kernel support for application-
level gateways. In case it is not clear what I mean:
- You put a host along the default route (the gateway) for some
network.
- You start a client application from some host in that network
that connects to some remote host
- The packets, even if their destination address is for
none of the gateway addresses are captured and passed
upstream.
- An application running in the gateway then does the right
thing (depending on what we are trying to achieve), possibly
connecting to the real destination on behalf of the requestor.
This has several applications:
- Firewalls that use application level gateways (TIS' Gauntlet
is but one example) transparently. Currently, you can use
the TIS firewall toolkit but unless you modify your clients,
the gateway is not transparent.
- Transparent caching servers for HTTP, FTP, etc. You can do
some of this with, say, the CERN httpd proxy, but all clients
must be configured to do so. If you have a large network,
unless you are firewalling many clients will not use the cache,
diminishing its effectiveness.
I have not fully studied the way to do it and I guess I will not know
what is the right way to do it (whether overload some of the firewall
filters and whether running as root would be needed for some things,
etc.) until I actually do it.
Before wasting anytime on this, is there anyone doing or planning to do
this?
Julio
--
Julio Sanchez, GMV SA, Isaac Newton 11, PTM Tres Cantos, E-28760 Madrid, Spain
Ph. +34 1 807 21 85 | jsanchez@gmv.es | Traveller, there is no
Fax +34 1 807 21 99 | jsanchez%gmv.es@Spain.EU.net | path; paths are made by
Telex 48487 GMEV E | jsanchez@esegi.es | walking (A. Machado)
