[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rewriting source and destination of local packets



also sprach Arnt Karlsen <arnt@c2i.net> [2005.03.24.2014 +0100]:
> ..having re-read this thread all the way from your Message-ID:
> <20050323100605.GA24210@cirrus.madduck.net>, I _lost_ you.
> 
> ..is this some kinda paid "research" you're doing for Microsoft???

Yeah, sure. I am a secret M$ agent trying to improve MS Proxy Server
1.0 for the scheduled release in 2006^W9.

I am not sure what problems you are having understanding the
challenge at hand.



also sprach David Mandelberg <mandelbergd@eth0.is-a-geek.org> [2005.03.25.1730 +0100]:
> > This works. Problem is that the packets arriving at 3128 have the
> > dynamic external IP as source, when they should have 127.0.0.1.
> Is there a problem with that?

Yes. As stated multiple times: it breaks squid access control.

> When a program under linux tries to contact an address that's used
> by one of the machine's interfaces, the traffic is sent localy and
> never goes to that interface.

... fwiw, any TCP/IP stack does this.

> Using SNAT would probably break the http client because it would
> send using the world ip and therefore wouldn't be listening on
> 127.0.0.1 for the reply from squid.

What?

Maybe we should just forget the details and someone can give me
a clear answer to: is it possible to rewrite both, source and
destination socket in locally generated, outgoing packets, *before*
a routing decision is made?

-- 
Please do not send copies of list mail to me; I read the list!
 
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
<!--#include file="~/.signature"-->

Attachment: signature.asc
Description: Digital signature


Reply to: