[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rewriting source and destination of local packets

On Sat, 26 Mar 2005 16:29:43 +0100, martin wrote in message 
<[🔎] 20050326152943.GA5497@localhost.localdomain>:

> also sprach Arnt Karlsen <arnt@c2i.net> [2005.03.24.2014 +0100]:
> > ..having re-read this thread all the way from your Message-ID:
> > <[🔎] 20050323100605.GA24210@cirrus.madduck.net>, I _lost_ you.
> > 
> > ..is this some kinda paid "research" you're doing for Microsoft???
> 
> Yeah, sure. I am a secret M$ agent trying to improve MS Proxy Server
> 1.0 for the scheduled release in 2006^W9.

.. ;o)
 
> I am not sure what problems you are having understanding the
> challenge at hand.

..a weird set of details from which I couldn't make out any kinda sense
of your overall purpose, as in "ok, you told me _how_ you wanna do it, 
but _what_ are you trying to do, and _why_?".

> also sprach David Mandelberg <mandelbergd@eth0.is-a-geek.org>
> [2005.03.25.1730 +0100]:
> > > This works. Problem is that the packets arriving at 3128 have the
> > > dynamic external IP as source, when they should have 127.0.0.1.
> > Is there a problem with that?
> 
> Yes. As stated multiple times: it breaks squid access control.

..like here.

> > When a program under linux tries to contact an address that's used
> > by one of the machine's interfaces, the traffic is sent localy and
> > never goes to that interface.
> 
> ... fwiw, any TCP/IP stack does this.
> 
> > Using SNAT would probably break the http client because it would
> > send using the world ip and therefore wouldn't be listening on
> > 127.0.0.1 for the reply from squid.
> 
> What?
> 
> Maybe we should just forget the details and someone can give me
> a clear answer to: is it possible to rewrite both, source and
> destination socket in locally generated, outgoing packets, *before*
> a routing decision is made?

..now we're talking. ;o)  Communication stategy:  
Try explain _what_ you're trying to do, and _why_, 
like you would to some new date's sceptical grandma.  

..in german too, these 2 languages are different enough structurally
that I'm guessing you may have a clear idea of what you wanna do, 
but stumble into some subtle trap neither of us sees before you try the
grandma stunt.


..and preliminarily, yeah, you can do a lot of wild ass stunts with
squid and netfilter code, but I still don't know whether that actually
answers your questions.  

..on challenges, remember the facts in the Coffee-Howto are products
of some geeks who mistook the previous set of facts for a challenge,
there _are_ easier ways to get coffee.  ;o)

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;o)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
Reply to: