From mboxrd@z Thu Jan  1 00:00:00 1970
From: bert hubert <ahu@ds9a.nl>
Date: Tue, 05 Mar 2002 11:32:35 +0000
Subject: Re: [LARTC] Detecting Request from a proxy server
Message-Id: <marc-lartc-101532802416280@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-101530883105272@msgid-missing>
In-Reply-To: <marc-lartc-101530883105272@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Tue, Mar 05, 2002 at 11:40:53AM +0530, Deepak Singhal wrote:
> Hi All,
> 
> Can i somehow detect traffic which is coming from a proxy/masquerading
> server in my lan to my linux gateway server.

Up to a point. Proxy servers typically include an 'X-Forwarded-For' header.
With the right iptables tricky (the 'string match') woul would be able to
block such traffic.

Masqueraded traffic can *sometimes* be recognized by the port number, but
not always, and such numbers van be changed.

In my experience it almost never helps to try to enforce your policy
electronically. You may be better of telling people not to use proxy
servers. 

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/