Hi, Andreas.

Andreas Fink wrote:


On Donnerstag, Juni 5, 2003, at 09:50 Uhr, Vjacheslav Chekushin wrote:

    Hi, list.
    I have several WAP gateways on one host (bound to different
    interfaces).
    One of WAP gateways is allowed to go into private network, but
    others not.
    Therefore I must limit access to private network somewhere in WAP
    gateway
    internally.

    So we go to http connection limitation on WAP gateway side.
    We must have following data flow (as I see it):
    1. Resolving.
    2. Check filters (must be configurable in config file?).
    3. If OK, then connect.

Now both resolving and connecting going on socket.c

There are two ways to implement it.

    1. Dramatic changes: separate resolving and connecting, so http.c
    first resolve host, next analize, next (if needed) make connection.
    2. Minor changes: write filter.[ch] with init and shutdown.
    http.c inits and shutdowns filter part, but socket.c uses it to check
    resolved hosts. (Of course one extra parameter will be needed for
    tcpip_connect_nb_to_server function (check filters or not).

    What people think about it?
    I going to implement this functionality, and I want to choose right
    way.
    Is this functionality will be accepted?
    How it must be configured? Any comments|advices?


How about using a PROXY and do the filtering that way? Having this kind of filtering in Kannel can be pretty tricky.

Yes, it is possible. But in some cases it is not so easy. I don't want to maintain several proxies for simple tasks. And we loose pool of open connections functionality for example. I think that to implement simple access&deny filtering not so tricky.

P.S. Proxy resolves hostnames for requests? Yes.
     But WAP gateway has own resolving nethertheless. ;).



Andreas Fink Global Networks Switzerland AG



--
Vjacheslav Chekushin                                mailto:[EMAIL PROTECTED]
Latvian Mobile Phone Company                        http://www.lmt.lv




Reply via email to