LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue32/tag_proxy.html

280 lines
10 KiB
HTML
Raw Permalink Blame History

<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html><head>
<META NAME="generator" CONTENT="lgazmail v1.1preB">
<TITLE>The Answer Guy 32:
IP Masquerading/Proxy?
</TITLE>
<!-- ORIGINAL SUBJECT:
IP Masquerading/Proxy?
JTD SUBTITLE:
-->
</head>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#A000A0"
ALINK="#FF0000">
<H4>"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H1 align="center"><A NAME="answer">
<img src="../gx/dennis/qbubble.gif" alt="" border="0" align="middle">
<a href="./index.html">The Answer Guy</a>
<img src="../gx/dennis/bbubble.gif" alt="" border="0" align="middle">
</A></H1>
<BR>
<H4 align="center">By James T. Dennis,
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a>
<BR>Starshine Technical Services, <A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
</H4>
<p><hr><p>
<!--endcut ========================================================= -->
<H3><img src="../gx/dennis/qbub.gif" alt="(?)"width="50" height="28"
align="left" border="0">IP Masquerading/Proxy? </H3>
<p><strong>From Peter Mastren on 20 Aug 1998 </strong></p>
<!-- begin body -->
<p><strong>James,
</strong></p>
<p><strong>I appreciate your in depth coverage of the IP Masquerading topic last
month.
</strong></p>
<p><strong>My own private network now is able to talk through my Linux box using
the techniques you described.
</strong></p>
<blockquote><img src="../gx/dennis/bbub.gif" height="28" width="50"
alt="(!)" border="0">Glad to help.</blockquote>
<strong><p>I, however, can't seem to find an answer to my next problem anywhere
in the literature. My Linux proxy is connected via ISDN to my
employers intranet which itself is behind a firewall and served by a
proxy server. From Linux, I can browse, telnet, ftp etc... using
SOCKSified clients, i.e. rtelnet, rftp. From any other machine in my
private network, I am only able to get as far as the companies
intranet, but not all the way to the internet.
</p></strong>
<blockquote><img src="../gx/dennis/bbub.gif" height="28" width="50"
alt="(!)" border="0"
>If your other machines were using SOCKSified clients they
would probably work as well. So the first suggestion would
be to find SOCKSified clients for your other systems.
</blockquote>
<blockquote>It is also possible to configure SOCKS (v5 at least) for
multi-hop traversal (so that one zone or subnet in an
organization, such as yours can use a SOCKS server to
relay traffic to another SOCKS server.
</blockquote>
<strong><p><img src="../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0">How do I get modules,
<tt>ip_masq_ftp.o</tt>, <tt>ip_masq_raudio.o</tt> etc... to use
SOCKSified protocols? Basically, another level of indirection is
required to actually reach the internet. Can this be done?
</p></strong>
<blockquote><img src="../gx/dennis/bbub.gif" height="28" width="50"
alt="(!)" border="0"
>I supposed someone could "SOCKSify" the IP Masquerading
modules or use 'ipfwadm' to redirect all the appropriate
traffic to custom, SOCKSified, programs through the
transparent proxying features.
</blockquote>
<blockquote>One of the features of the Linux IPFW (kernel packet
filters) is a provision to redirect incoming TCP connections
into Unix domain sockets on the localhost, where a user
space program can be attached to them. This user space
program can either handle the request directly or
relay/proxy the connection through whatever interfaces and
protocols you'd want to build into it.
</blockquote>
<blockquote>I think the squid cache and the DeleGate proxy can each be
configured to support this.
</blockquote>
<blockquote>To find out a little bit more about this redirection feature
look for the "<tt>-r</tt>" switch on the '<tt>ipfwadm</tt>' man pages.
</blockquote>
<blockquote>Just off hand I don't see that the newer IP-chains code
(apparently intended to replace <tt>ipfwadm</tt> in future kernels)
offers any particular help for your situation. It does add
significant new features to Linux packet filtering and it
well worth the work that's going into it. However, I don't
see anything on it's web site:
</blockquote>
<blockquote><blockquote><code
><A HREF="http://www.adelaide.net.au/~rustcorp/ipfwchains/"
>http://www.adelaide.net.au/~rustcorp/ipfwchains/</A>
</code></blockquote></blockquote>
<blockquote>... that applies directly to your situation.
</blockquote>
<blockquote>Some other work in this field is at:
</blockquote>
<blockquote>
<dl><dt>The HOWTO for IPChains
<dd><A HREF="http://www.adelaide.net.au/~rustcorp/ipfwchains/HOWTO.html"
>http://www.adelaide.net.au/~rustcorp/ipfwchains/HOWTO.html</A>
</dl>
</blockquote>
<blockquote>As I said It looks like IPChains is going to be the default
kernel packet filtering code for the 2.2 kernels.
</blockquote>
<blockquote><dl><dt>The Home of Linux IP NAT
<dd><A HREF="http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html"
>http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html</A>
</dl>
</blockquote>
<blockquote>(NAT -- network address translation -- is more
generalized then IP masquerading. While IP masquerading
implements a specific many-to-one NAT, IP NAT allows
complex many-to-many translations. It might be able to
co-exist with IP masquerading and/or IP Chains).
</blockquote>
<blockquote><dl><dt>Darren Reed's IP Filter
<dd><A HREF="http://cheops.anu.edu.au/~avalon/"
>http://cheops.anu.edu.au/~avalon/</A>
</dl>
</blockquote>
<blockquote>This is the free filtering package used by
<A HREF="http://www.freebsd.org/">FreeBSD</A> and
its brethren and it is the most popular packet filtering
package for Solaris and a few other forms of Unix
(which don't include packet filtering in their standard
kernels).
</blockquote>
<blockquote>Reportedly this has been successfully run under Linux
as well.
</blockquote>
<blockquote>As we move beyond packet filtering we look into proxying
systems. We can look in at the home site of NEC SOCKS
at:
</blockquote>
<blockquote><blockquote><code
><A HREF="http://www.socks.nec.com">http://www.socks.nec.com</A>
</code></blockquote></blockquote>
<blockquote>(Just hit the "Download" link if you want the
package itself).
</blockquote>
<blockquote>On a whim I used their "Search" link and found 844 results
for "Linux" and 578 results for "Solaris" The numbers are
interesting though meaningless and I don't have time to
do an analysis to say whether the disparity is good or bad
for the Linux community.
</blockquote>
<blockquote>We can also look at Thede Lod's "Simple SOCKS Daemon" page
at:
</blockquote>
<blockquote><blockquote><code
><A HREF="http://www.leverage.com/users/tlod/ssockd/ssockd.html"
>http://www.leverage.com/users/tlod/ssockd/ssockd.html</A>
</code></blockquote></blockquote>
<blockquote>
This seems to be a simplified replacement/alternative
to the stock SOCKS v4.x server.
</blockquote>
<blockquote>It seem that this as only been tested under FreeBSD
--- so it might require some coding to port it to
Linux.
</blockquote>
<strong><p><img src="../gx/dennis/bbub.gif" height="28" width="50"
alt="(!)" border="0"
<blockquote>Thanks for time and keep up the good work. Your efforts are
appreciated.
</p></strong>
<strong><p>Peter F. Mastren
</p></strong>
<!-- end body -->
<!--startcut ======================================================= -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
>Copyright &copy;</a> 1998, James T. Dennis <BR>
Published in <I>Linux Gazette</I> Issue 32 September 1998</H5>
<P> <hr> <P>
<!--::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<table width="98%"><tr valign="center" align="center">
<td rowspan="3"><A HREF="./lg_answer32.html"><IMG
SRC="../gx/dennis/answernew.gif"
ALT="[ Answer Guy Index ]"></A></td>
<td><A HREF="tag_phreak.html">phreak</A>
<td><A HREF="tag_abandon.html">abandon</A>
<td><A HREF="tag_javaterm.html">javaterm</A>
<td><A HREF="tag_BBS.html">BBS</A>
<td><A HREF="tag_flaws.html">flaws</A>
<td><A HREF="tag_doslinux.html">doslinux</A>
<td><A HREF="tag_resume.html">resume</A>
</tr><tr valign="center" align="center">
<td><A HREF="tag_softwindows.html">softwindows</A>
<td><A HREF="tag_convert.html">convert</A>
<td><A HREF="tag_apache.html">apache</A>
<td><A HREF="tag_emulate.html">emulate</A>
<td><A HREF="tag_database.html">database</A>
<td><A HREF="tag_distrib.html">distrib</A>
<td><A HREF="tag_proxy.html">proxy</A>
</tr><tr valign="center" align="center">
<td><A HREF="tag_disable.html">disable</A>
<td><A HREF="tag_DVI.html">DVI</A>
<td><A HREF="tag_superblock.html">superblock</A>
<td><A HREF="tag_serial.html">serial</A>
<td><A HREF="tag_permission.html">permission</A>
<td><A HREF="tag_detach.html">detach</A>
<td><A HREF="tag_cdr.html">cdr</A>
</tr><tr valign="center" align="center">
<td><A HREF="tag_rs422.html">rs422</A>
<td><A HREF="tag_modem.html">modem</A>
<td><A HREF="tag_notfound.html">notfound</A>
<td><A HREF="tag_tuning.html">tuning</A>
<td><A HREF="tag_libc5.html">libc5</A>
<td><A HREF="tag_startup.html">startup</A>
<td><A HREF="tag_clock.html">clock</A>
<td><A HREF="tag_ping.html">ping</A>
</tr><tr valign="center" align="center">
<td><A HREF="tag_accounts.html">accounts</A>
<td><A HREF="tag_lilo.html">lilo</A>
<td><A HREF="tag_NDS.html">NDS</A>
<td><A HREF="tag_95slow.html">95slow</A>
<td><A HREF="tag_nonlinux.html">nonlinux</A>
<td><A HREF="tag_progenv.html">progenv</A>
<td><A HREF="tag_cluster.html">cluster</A>
<td><A HREF="tag_ftpd.html">ftpd</A>
</tr></table>
<P> <hr> <P>
<!--::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<A HREF="./index.html"><IMG SRC="../gx/indexnew.gif"
ALT="[ Table Of Contents ]"></A>
<A HREF="../index.html"><IMG SRC="../gx/homenew.gif"
ALT="[ Front Page ]"></A>
<A HREF="lg_bytes32.html"><IMG SRC="../gx/back2.gif"
ALT="[ Previous Section ]"></A>
<A HREF="./stemen.html"><IMG SRC="../gx/fwd.gif"
ALT="[ Next Section ]"></A>
<!--::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::-->
</body>
</html>
<!--endcut ========================================================= -->
Reference in New Issue View Git Blame Copy Permalink