Firewall Wizards mailing list archives
IP transparent proxies (source).
From: Steve Kann <stevek () SteveK COM>
Date: Tue, 4 Nov 1997 12:56:57 -0500
Linux Firewallers, I've been building a firewall based on Linux, and I'd like to share a couple of neat little things that I've done. They're not commercial-quality or anything, but they're pretty slick, and do their job well. I've been really interested in IP_TRANSPARENT_PROXY stuff, and have made two tools that are really useful for taking advantage of it. The first is tplug-gw, which is based on the fwtk plug-gw, and can transparently proxy tcp connections. You can then choose via linux' filtering rules which connections you'd like proxied. Doing this, instead of simple packet filtering lets you have better logging, stops TCP OOB attacks, fragmentation attacks, etc. I'm not including the source here yet, because I'm not sure if I'm allowed to redistribute it, according to the fwtk license. I might just re-write it from scratch, as it isn't too complicated, and then it could be released without problems. The second tool, which I'm attaching to the message, is an apache module called mod_tproxy, which sits in front of the regular apache proxy module. When it gets a request, it looks to see if the local address is the current machine or if the connection has been redirected by IP_TRANSPARENT_PROXY. If it's a redirect, it re-writes the request URI to be in fully-qualified http://host[:port]/file form, and then passes it up to the proxy module. In this way, one can transparently insert a proxy into a network, without requiring explicit proxy support from the clients, or having to perform any special configuration. It seems to work surprisingly well for me. It's pretty raw right now, but useful nonetheless. Anyways, please let me know if anyone has any comments. -SteveK -- Steve Kann i/o 360 digital design 841 Broadway, Suite 502 Personal:stevek () SteveK COM (finger for PGP) Business:stevek () io360 com I don't want your product or service, and I don't want to make money fast, so please don't send me your junk mail telling me about any of it.
Attachment:
mod_tproxy.c
Description:
Current thread:
- IP transparent proxies (source). Steve Kann (Nov 04)
- Re: IP transparent proxies (source). -= ArkanoiD =- (Nov 07)
- Re: IP transparent proxies (source). Magossa'nyi A'rpa'd (Nov 07)
- Re: IP transparent proxies (source). -= ArkanoiD =- (Nov 08)
- Re: IP transparent proxies (source). Mike Shaver (Nov 08)
- Re: IP transparent proxies (source). Joseph S. D. Yao (Nov 10)