I thought transparent proxying would allow some means
for the recipient of the proxied connections to find
out what their original destination port and socket
address were. This does not seem to be the case. The
socket structure only has one address and one socket,
and those have the source address, not the destination
address.
How do forward connections to a given address range to
a user space program that then has the opportunity to
bidirectionally munge the data in them and forward
them on? Transparent proxying works just fine
assuming I only ever want to forward a single port to
just one other machine...
IPCHAINS isn't up to it. Before I go and upgrade to
the 2.4 kernel on production systems that ship Real
Soon Now, could somebody give me at least an opinion
on whether or not iptables and the 2.4 nat stuff can
do this kind of thing without me having to modify the
kernel to fill out a larger socket-oid structure? (Is
2.4 iptables documented anywhere yet?)
I've got everything else. If I could just get a
destination address and port out of transparently
proxied connections I'd be home free. I'm amazed this
data isn't there already, I must have missed something
stupid. How do sockets bound to multiple interfaces
figure out which interface the connection came from?
Rob
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/?.refer=text
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/