From: Kevin White <kwhite@secureinteriors.com>
To: netfilter-devel@lists.netfilter.org
Subject: "Proper" way to transparent proxy?
Date: Wed, 09 Oct 2002 16:11:05 -0400 [thread overview]
Message-ID: <3DA48D59.7060109@secureinteriors.com> (raw)
Short story: I need to write a transparent, application level proxy.
I've searched through the mailing lists for information on how to do it,
and find conflicting information about things like "stateless
redirection" patches by Bazsi, and comments that they would no longer be
maintained because something better was coming. But I can't tell if
that something better happened, or what it is.
If there's something I should be looking at, I'd be greatful for pointers.
Long story: we have an OpenBSD based firewall that uses this particular
application level proxy, using IPFilter's transparent proxy support. We
are investigating rehosting the whole thing on Linux (for the record, MY
first choice anyways :) and this is the hardest problem so far:
I need to find the address and port the outgoing connecion was
originally heading to. I'm assuming this is what's meant by the
stateless redirection patches and such, but those (admittedly) didn't
even come with documentation.
I'm starting from scratch here: I've never programmed to Netfilter
before. What I need is fairly simple, I think, but I don't know how to
get started.
What we had on IPFilter was a "redirect" rule that redirected all
connections to external hosts on this specific port to a specific port
on the firewall machine, where a proxy program was waiting for it. We
then used IPFilter system calls to retreive where the connection was
heading.
I expect that I'll be able to reuse most of my code: just the lookup
part needs to change.
Thanks in advance for any help/pointers. I'll attempt to collect what
I've learned and post it, so that it ends up in the archives and more
people like me don't have to ask. :)
Kevin
next reply other threads:[~2002-10-09 20:11 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-09 20:11 Kevin White [this message]
2002-10-09 20:28 ` "Proper" way to transparent proxy? Peter Surda
2002-10-09 20:40 ` Patrick Schaaf
2002-10-09 21:55 ` how to flush ip conntrack entries ? marian stagarescu
2002-10-14 0:59 ` Philip Craig
2002-10-14 19:20 ` marian stagarescu
2002-10-14 19:24 ` marian stagarescu
2002-10-10 1:15 ` "Proper" way to transparent proxy? Kevin White
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3DA48D59.7060109@secureinteriors.com \
--to=kwhite@secureinteriors.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.