On Thursday 26 July 2001 22:15, Nerijus Baliunas wrote: > On 25 Jul 2001 21:09:13 +0200 Julio Sanchez Fernandez <j_sanchez _at_ stl.es> > wrote: > > JSF> > JSF> I have been using transparent proxies on Linux for a long time, very > JSF> possibly longer than anyone else, since I wrote a extremely crude hack > JSF> that served me well back 1995. > > JSF> This mechanism has worked since I originally wrote my kludge up to > JSF> 2.2.x but, from what I can gather, it does not work anymore in 2.4.x. > > Hello, > > I don't know if it is useful for you, but http://www.mcknight.de/jftpgw > supports transparent proxy for Linux 2.4.x kernel. > > BTW, do you know of any port forwarder which works with 2.4 kernel in > transparent mode? I tried mmtcpfwd and portfwd, but both do not work. Well, for simple forwarding within the box I'm using: iptables -t nat -A PREROUTING -p tcp -i eth1 -d 10.0.0.0/8 -j REDIRECT --to-port 3141 That's to forward an all ports for a given address range (anything in the 10.x.x.x subnet in this case) to a daemon on the box itself. I don't remember if it winds up on eth1 or on loopback (where said daemon should bind), probably eth1. The magic snippet of C code that can recover the original destination address and port for a forwarded connection is: getsockopt(connection_fd,SOL_IP,SO_ORIGINAL_DST, &addr, &i); (Finding out the above involved thumbscrews, a bullwhip, google, a lot of luck, and emailing various developers. But I sent it off to the man page maintainer so hopefully it should be better documented now.) To forward a port outside the box entirely, the mystic iincantation is: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport "$fromport" --j DNAT --to "$addr":"$toport" fromport being the port on the firwall (I.E. 80), addr and toport being the remote machine's IP address and the port number on that remote machine (hopefully one behind your firewall, although that's probably not a requirement). Is that what you needed? > Regards, > Nerijus Rob - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo _at_ vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
References:
- Transparent proxies and binding to foreign addressesJulio Sanchez Fernandez <j_sanchez _at_ stl.es>
- Re: Transparent proxies and binding to foreign addressesNerijus Baliunas <nerijus _at_ users.sourceforge.net>
- Prev by Date: Hard disk problem:
- Next by Date: Re: 2.4.7-ac1: ohci1394.c parse error
- Prev by thread: Re: Transparent proxies and binding to foreign addresses
- Next by thread: Re: Transparent proxies and binding to foreign addresses
- Indexes:[Main][Thread]