genproxy

Sun, 17 Jan 1999 05:13:48 -0500 


(a) please let me know kindly if this is the wrong forum and, if so,
    which might be a better one.
(b) i am not on the list so please cc me on any responses

I have been playing with ipchains and creating a transparent proxy
firewall as part of a project.  I found that I could not find a
program that would be a generic proxy and forward any traffic to the
host that the client originally intended.

I modified transproxy to be such a program.  It seems almost too
simple to me -- I'm curious about its properties with regards to a
secure firewall.  Telnet, SSH and https have been tested and work
fine.  There does not appear to be any information leaked to the
outside world about the internal network, and thus it seems to be of
some use.  

It is available here:

http://www.cs.uchicago.edu/~spfarrel/genproxy-0.1.tar.gz

Here is the README:


Welcome to General Proxying
-------------------------------

This package is a modified (i.e., greatly stripped down) version of
Transparent Proxy by:

John Saunders <[EMAIL PROTECTED]> and I run a modest ISP in
Sydney Australia, http://www.nlc.net.au/ take a look.

This program is for use with transparent proxy facility in Linux.
The idea is to run a trivial proxy on a port (say, 9900 + well-known
port), and have ipchains redirect the request to this program, which will
then forward the request to the host the client thought he was talking to.
Essentially it does what tn-gw does from TIS fwtk, but transparently.
This magic is possible because of the way the redirect works in Linux,
which allows us to get the intended destination via getsockname().

Here is an example entry for ipchains (note that I restrict access on
the device level -- eth1 is the internal network):

        /sbin/ipchains -A input -l -i eth1 -p tcp -s 0/0  -d 0/0 23 -j \
                        REDIRECT 9923

Here is an example entry for inetd.conf:

tp-telnet       stream  tcp     nowait  root  /usr/sbin/in.gproxyd  in.gproxyd 

And from /etc/services:

tp-telnet       9923/tcp                        # transparent proxy telnet


Stephen Farrell
[EMAIL PROTECTED]


(Note that I am aware that running it with inetd is slow, and I
probably should put the stand-alone code back in it.  However, so far
I've just been playing around...)

--

Steve Farrell

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]

Reply via email to