File: tag_proxy.html

package info (click to toggle)
lg-issue32 4-1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 2,328 kB
  • ctags: 142
  • sloc: makefile: 34; sh: 34; ansic: 25
file content (279 lines) | stat: -rw-r--r-- 10,429 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
 
<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html><head>
<META NAME="generator" CONTENT="lgazmail v1.1preB">
<TITLE>The Answer Guy 32: 
IP Masquerading/Proxy? 
</TITLE> 
<!-- ORIGINAL SUBJECT:
IP Masquerading/Proxy? 
JTD SUBTITLE:

-->
</head>

<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#A000A0"
ALINK="#FF0000">
<H4>"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H1 align="center"><A NAME="answer">
	<img src="../gx/dennis/qbubble.gif" alt="" border="0" align="middle">
	<a href="./index.html">The Answer Guy</a>
	<img src="../gx/dennis/bbubble.gif" alt="" border="0" align="middle">
</A></H1> 
<BR>
<H4 align="center">By James T. Dennis,
	<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a>
	<BR>Starshine Technical Services, <A HREF="http://www.starshine.org/">http://www.starshine.org/</A> 
</H4>
<p><hr><p>
<!--endcut ========================================================= -->
<H3><img src="../gx/dennis/qbub.gif" alt="(?)"width="50" height="28"
	align="left" border="0">IP Masquerading/Proxy? </H3>
<p><strong>From Peter Mastren on 20 Aug 1998 </strong></p>
<!-- begin body -->

<p><strong>James,
</strong></p>
<p><strong>I appreciate your in depth coverage of the IP Masquerading topic last
month.
</strong></p>
<p><strong>My own private network now is able to talk through my Linux box using
the techniques you described.
</strong></p>

<blockquote><img src="../gx/dennis/bbub.gif" height="28" width="50" 
	alt="(!)" border="0">Glad to help.</blockquote>

<strong><p>I, however, can't seem to find an answer to my next problem anywhere
in the literature.  My Linux proxy is connected via ISDN to my
employers intranet which itself is behind a firewall and served by a
proxy server.  From Linux, I can browse, telnet, ftp etc... using
SOCKSified clients, i.e. rtelnet, rftp.  From any other machine in my
private network, I am only able to get as far as the companies
intranet, but not all the way to the internet.
</p></strong>


<blockquote><img src="../gx/dennis/bbub.gif" height="28" width="50" 
	alt="(!)" border="0"
>If your other machines were using SOCKSified clients they
would probably work as well.  So the first suggestion would
be to find SOCKSified clients for your other systems.
</blockquote>
<blockquote>It is also possible to configure SOCKS (v5 at least) for
multi-hop traversal (so that one zone or subnet in an
organization, such as yours can use a SOCKS server to 
relay traffic to another SOCKS server.  
</blockquote>



<strong><p><img src="../gx/dennis/qbub.gif" height="28" width="50" 
	alt="(?)" border="0">How do I get modules, 
<tt>ip_masq_ftp.o</tt>, <tt>ip_masq_raudio.o</tt> etc... to use
SOCKSified protocols?  Basically, another level of indirection is
required to actually reach the internet.  Can this be done?
</p></strong>

<blockquote><img src="../gx/dennis/bbub.gif" height="28" width="50" 
	alt="(!)" border="0"
>I supposed someone could "SOCKSify" the IP Masquerading 
modules or use 'ipfwadm' to redirect all the appropriate
traffic to custom, SOCKSified, programs through the 
transparent proxying features.
</blockquote>
<blockquote>One of the features of the Linux IPFW (kernel packet 
filters) is a provision to redirect incoming TCP connections
into Unix domain sockets on the localhost, where a user
space program can be attached to them.  This user space
program can either handle the request directly or 
relay/proxy the connection through whatever interfaces and
protocols you'd want to build into it.
</blockquote>
<blockquote>I think the squid cache and the DeleGate proxy can each be
configured to support this.
</blockquote>
<blockquote>To find out a little bit more about this redirection feature
look for the "<tt>-r</tt>" switch on the '<tt>ipfwadm</tt>' man pages.
</blockquote>
<blockquote>Just off hand I don't see that the newer IP-chains code
(apparently intended to replace <tt>ipfwadm</tt> in future kernels)
offers any particular help for your situation.  It does add
significant new features to Linux packet filtering and it 
well worth the work that's going into it.  However, I don't
see anything on it's web site:
</blockquote>

<blockquote><blockquote><code
	><A HREF="http://www.adelaide.net.au/~rustcorp/ipfwchains/"
	>http://www.adelaide.net.au/~rustcorp/ipfwchains/</A>
</code></blockquote></blockquote>

<blockquote>... that applies directly to your situation.
</blockquote>
<blockquote>Some other work in this field is at:
</blockquote>
<blockquote>
<dl><dt>The HOWTO for IPChains
	<dd><A HREF="http://www.adelaide.net.au/~rustcorp/ipfwchains/HOWTO.html"
	>http://www.adelaide.net.au/~rustcorp/ipfwchains/HOWTO.html</A>
</dl>
</blockquote>

<blockquote>As I said It looks like IPChains is going to be the default 
kernel packet filtering code for the 2.2 kernels.
</blockquote>

<blockquote><dl><dt>The Home of Linux IP NAT
<dd><A HREF="http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html"
	>http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html</A>
</dl>
</blockquote>

<blockquote>(NAT -- network address translation -- is more
generalized then IP masquerading.  While IP masquerading
implements a specific many-to-one NAT, IP NAT allows
complex many-to-many translations.  It might be able to
co-exist with IP masquerading and/or IP Chains).
</blockquote>

<blockquote><dl><dt>Darren Reed's IP Filter
<dd><A HREF="http://cheops.anu.edu.au/~avalon/"
	>http://cheops.anu.edu.au/~avalon/</A>
</dl>
</blockquote>

<blockquote>This is the free filtering package used by 
<A HREF="http://www.freebsd.org/">FreeBSD</A> and
its brethren and it is the most popular packet filtering
package for Solaris and a few other forms of Unix
(which don't include packet filtering in their standard
kernels).
</blockquote>
<blockquote>Reportedly this has been successfully run under Linux
as well.
</blockquote>
<blockquote>As we move beyond packet filtering we look into proxying
systems.  We can look in at the home site of NEC SOCKS
at:
</blockquote>

<blockquote><blockquote><code
	><A HREF="http://www.socks.nec.com">http://www.socks.nec.com</A>
</code></blockquote></blockquote>

<blockquote>(Just hit the "Download" link if you want the 
package itself).
</blockquote>
<blockquote>On a whim I used their "Search" link and found 844 results
for "Linux" and 578 results for "Solaris" The numbers are 
interesting though meaningless and I don't have time to 
do an analysis to say whether the disparity is good or bad
for the Linux community.
</blockquote>
<blockquote>We can also look at Thede Lod's "Simple SOCKS Daemon" page 
at:
</blockquote>

<blockquote><blockquote><code
	><A HREF="http://www.leverage.com/users/tlod/ssockd/ssockd.html"
	>http://www.leverage.com/users/tlod/ssockd/ssockd.html</A>
</code></blockquote></blockquote>

<blockquote>
This seems to be a simplified replacement/alternative
to the stock SOCKS v4.x server.
</blockquote>
<blockquote>It seem that this as only been tested under FreeBSD
--- so it might require some coding to port it to 
Linux.  
</blockquote>


<strong><p><img src="../gx/dennis/bbub.gif" height="28" width="50" 
	alt="(!)" border="0"
<blockquote>Thanks for time and keep up the good work.  Your efforts are
appreciated.
</p></strong>
<strong><p>Peter F. Mastren             
</p></strong>
<!-- end body -->

<!--startcut =======================================================  -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
	>Copyright &copy;</a> 1998, James T. Dennis <BR>
Published in <I>Linux Gazette</I> Issue 32 September 1998</H5>
<P> <hr> <P>

<!--::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<table width="98%"><tr valign="center" align="center">
<td rowspan="3"><A HREF="./lg_answer32.html"><IMG
        SRC="../gx/dennis/answernew.gif"
        ALT="[ Answer Guy Index ]"></A></td>
  <td><A HREF="tag_phreak.html">phreak</A>
  <td><A HREF="tag_abandon.html">abandon</A>
  <td><A HREF="tag_javaterm.html">javaterm</A>
  <td><A HREF="tag_BBS.html">BBS</A>
  <td><A HREF="tag_flaws.html">flaws</A>
  <td><A HREF="tag_doslinux.html">doslinux</A>
  <td><A HREF="tag_resume.html">resume</A>

</tr><tr valign="center" align="center">
  <td><A HREF="tag_softwindows.html">softwindows</A>
  <td><A HREF="tag_convert.html">convert</A>
  <td><A HREF="tag_apache.html">apache</A>
  <td><A HREF="tag_emulate.html">emulate</A>
  <td><A HREF="tag_database.html">database</A>
  <td><A HREF="tag_distrib.html">distrib</A>
  <td><A HREF="tag_proxy.html">proxy</A>

</tr><tr valign="center" align="center">
  <td><A HREF="tag_disable.html">disable</A>
  <td><A HREF="tag_DVI.html">DVI</A>
  <td><A HREF="tag_superblock.html">superblock</A>
  <td><A HREF="tag_serial.html">serial</A>
  <td><A HREF="tag_permission.html">permission</A>
  <td><A HREF="tag_detach.html">detach</A>
  <td><A HREF="tag_cdr.html">cdr</A>

</tr><tr valign="center" align="center">
  <td><A HREF="tag_rs422.html">rs422</A>
  <td><A HREF="tag_modem.html">modem</A>
  <td><A HREF="tag_notfound.html">notfound</A>
  <td><A HREF="tag_tuning.html">tuning</A>
  <td><A HREF="tag_libc5.html">libc5</A>
  <td><A HREF="tag_startup.html">startup</A>
  <td><A HREF="tag_clock.html">clock</A>
  <td><A HREF="tag_ping.html">ping</A>

</tr><tr valign="center" align="center">
  <td><A HREF="tag_accounts.html">accounts</A>
  <td><A HREF="tag_lilo.html">lilo</A>
  <td><A HREF="tag_NDS.html">NDS</A>
  <td><A HREF="tag_95slow.html">95slow</A>
  <td><A HREF="tag_nonlinux.html">nonlinux</A>
  <td><A HREF="tag_progenv.html">progenv</A>
  <td><A HREF="tag_cluster.html">cluster</A>
  <td><A HREF="tag_ftpd.html">ftpd</A>

</tr></table>
<P> <hr> <P>
<!--::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<A HREF="./index.html"><IMG SRC="../gx/indexnew.gif"
        ALT="[ Table Of Contents ]"></A>
<A HREF="../index.html"><IMG SRC="../gx/homenew.gif"
        ALT="[ Front Page ]"></A>
<A HREF="lg_bytes32.html"><IMG SRC="../gx/back2.gif"
        ALT="[ Previous Section ]"></A>
<A HREF="./stemen.html"><IMG SRC="../gx/fwd.gif"
        ALT="[ Next Section ]"></A>
<!--::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::-->
</body>
</html>
<!--endcut ========================================================= -->