Re: iptables port forwarding

To: Rob Weir <rweir@softhome.net>, debian-firewall@lists.debian.org
Subject: Re: iptables port forwarding
From: Siraj 'Sid' Rakhada <sid@mindless.co.uk>
Date: Tue, 12 Nov 2002 14:48:40 +0000
Message-id: <617664524.1037112520@[10.132.113.52]>
In-reply-to: <20021112095935.GG5098@thebox.home.local>
References: <Pine.OSF.4.44.0211111602280.7395-100000@kosh.hut.fi> <533278433.1037028134@[10.132.113.52]> <20021112095935.GG5098@thebox.home.local>



--On 12 November 2002 20:59 +1100 Rob Weir <rweir@softhome.net> wrote:

On Mon, Nov 11, 2002 at 03:22:14PM +0000, Siraj 'Sid' Rakhada wrote:

I live behind such a fascist firewall, but as I don't use port 443 on my
home lan, I have redirected that host to elsewhere. It's probably better
anyway, as some sites trap port 80 traffic and make it go via a web
proxy  (though the 443 solution is not immune either).


Isn't 'most' https traffic an encrypted, binary stream.  Aside from
initial negotiation, I guess.  How can this be transparently proxied?
How would it even be useful, since the data is encrypted and cannot be
cached?

Yes - you're quite right. I wasn't thinking straight. https uses the"CONNECT" mechanism...?

I only thought it might be useful for firewall controllers to force maybeonly certain urls to be allowed via a super-fascist proxy, etc. etc. Butnow we're into realms of pointlessness so I'll shut up ;)

-rob


Regards,

Sid

Reply to:

References:
- iptables port forwarding
  - From: Vesa Salento <vsalento@cc.hut.fi>
- Re: iptables port forwarding
  - From: Siraj 'Sid' Rakhada <sid@mindless.co.uk>
- Re: iptables port forwarding
  - From: Rob Weir <rweir@softhome.net>

Prev by Date: Firewall/Router for Sharing a Cable Modem Connection
Next by Date: unsubscribe
Previous by thread: Re: iptables port forwarding
Next by thread: Re: iptables port forwarding
Index(es):
- Date
- Thread