Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 31 Jul 2001 14:20:15 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 31 Jul 2001 14:20:05 -0400 Received: from srvr3.telecom.lt ([212.59.0.2]:1083 "EHLO mail.takas.lt") by vger.kernel.org with ESMTP id ; Tue, 31 Jul 2001 14:19:56 -0400 Message-Id: <200107311820.UAA1793604@mail.takas.lt> Date: Tue, 31 Jul 2001 20:13:08 +0200 (EET) From: Nerijus Baliunas Subject: Re: Transparent proxies and binding to foreign addresses To: Julio Sanchez Fernandez cc: linux-kernel@vger.kernel.org MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-Disposition: INLINE In-Reply-To: <200107270215.EAA1376016@mail.takas.lt> In-Reply-To: X-Mailer: Mahogany, 0.63 'Saugus', compiled for Linux 2.4.7 i686 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Original-Recipient: rfc822;linux-kernel-outgoing On 27 Jul 2001 09:16:58 +0200 Julio Sanchez Fernandez wrote: JSF> > I don't know if it is useful for you, but http://www.mcknight.de/jftpgw JSF> > supports transparent proxy for Linux 2.4.x kernel. JSF> JSF> Only impersonating the server. What does not work is impersonating JSF> the client and that cannot be fixed from user space. JSF> JSF> > BTW, do you know of any port forwarder which works with 2.4 kernel in JSF> > transparent mode? I tried mmtcpfwd and portfwd, but both do not work. JSF> JSF> Anyone that used TCP and worked before should be easy to adapt by just JSF> finding where it got the destination address with getsockname and JSF> using the getsockopt with SOL_ORIGINAL_DST thing. Apparently, UDP is JSF> out as well, though I don't care about that currently. JSF> JSF> Add to your list more forwarders like transproxy and those (plug-gw in JSF> particular) in the TIS (NAI) FWTK with the transparency patches JSF> described at http://www.fwtk.org JSF> JSF> While none of them has been adapted to 2.4, they should be easy as I JSF> said above. JSF> JSF> And as long as you don't care what origin address the server sees, JSF> that's alright. But all connections now seem to come from the proxy. JSF> And that does not let you do things like differentiated services, JSF> access control or audit. Even user support becomes a mess. Do you mean that even if I adapt them as you say, the receiving end will see connection orriginating from the proxy instead of the real address? I'm asking as these 2 port forwarders I tried work with 2.4 kernel in non-transparent mode, i.e. connections seem to come from the proxy, what I need is connection to be seen to come from real originating IP. Regards, Nerijus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/