Re: [Leaf-devel] ipchains redirect

Mon, 24 Sep 2001 16:27:39 -0700 

David:
        Yeah, a transparent web-proxy or web-cache gets handled
pretty nicely by this. If the proxy could http forward you could
even redirect the packets to an external, remote proxy.
        That'd be useful for apps which used a LEAF router to
gateway a wireless-LAN into wide-area access, where you want to
restrict user access, requiring them to "login" on a remote https
server before access is granted. So when a new DHCP lease is
granted, you tie-in a hook to insert a REDIRECT rule for that
IP-address. The proxy gets it, and passes it along.

        Time to read-up on LEAF proxies...

-Scott


On Mon, 24 Sep 2001, David Douthitt wrote:

> "Scott C. Best" wrote:
>
> >         Heyaz. Saw this on security-basics this AM. Never
> > saw it mentioned on LRP/LEAF before; anyone ever try it?
> > Alternatively, is "IP Transparent Proxy" enabled in any
> > LEAF kernels? Seems terribly powerful to me.
>
> I've done this before, I think; it can be nice, especially for things
> such as web cache.  However, for a router with no hard disk it isn't all
> that useful.
>
> The basic idea is that ALL web traffic going out is passed through the
> proxy itself; helps if you want to add a web cache but don't want any
> client reconfiguration to be needed.  Its also good for proxies such as
> JunkBuster or filtering proxies.
>
> > ---------- Forwarded message ----------
> >
> > Date: Wed, 19 Sep 2001 20:19:19 +0200 (CEST)
> > From: Bosko Radivojevic <[EMAIL PROTECTED]>
> > To: Daniel Chojecki <[EMAIL PROTECTED]>
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: ipchains, ipmasqadm
> >
> > On Tue, 18 Sep 2001, Daniel Chojecki wrote:
> >
> > > Is it posible to redirect all traffic comming for 0.0/0 80 to local
> > > squid proxy using ipchains and ipmasqadm.
> >
> > Using ipchains - yes. I'm not sure for ipmasqadm (I've never used it)
> >
> > I'm using those lines for that. Of course, you have to enable 'IP
> > Transparent Proxy' in your kernel.
> >
> > ipchains -A input -p TCP -d YOUR_IP/32 www -j ACCEPT (in case you have
> >                                                         your own web server)
> > ipchains -A input -p TCP -d 0/0 www -j REDIRECT 8080
>
> _______________________________________________
> Leaf-devel mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-devel
>





_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to