I haven't played with this much, but one of the things on the list of stuff
to "play with one of these days" is using redirect to provide for an
'internal server' machine, similar to the way the low-end firewall boxes do.
I *think* this would work properly for everything from game servers to VPN
access, although security in such a situation isn't the greatest (although
it's not too bad if combined with port-forwarded DMZ rules).
Charles
> Heyaz. Saw this on security-basics this AM. Never
> saw it mentioned on LRP/LEAF before; anyone ever try it?
> Alternatively, is "IP Transparent Proxy" enabled in any
> LEAF kernels? Seems terribly powerful to me.
> TIA!
>
> -Scott
>
> ---------- Forwarded message ----------
>
> Date: Wed, 19 Sep 2001 20:19:19 +0200 (CEST)
> From: Bosko Radivojevic <[EMAIL PROTECTED]>
> To: Daniel Chojecki <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: ipchains, ipmasqadm
>
> On Tue, 18 Sep 2001, Daniel Chojecki wrote:
>
> > Is it posible to redirect all traffic comming for 0.0/0 80 to local
> > squid proxy using ipchains and ipmasqadm.
>
> Using ipchains - yes. I'm not sure for ipmasqadm (I've never used it)
>
> I'm using those lines for that. Of course, you have to enable 'IP
> Transparent Proxy' in your kernel.
>
> ipchains -A input -p TCP -d YOUR_IP/32 www -j ACCEPT (in case you have
> your own web server)
> ipchains -A input -p TCP -d 0/0 www -j REDIRECT 8080
>
> > Conf:
> > 2.2.19
> > ipchains
>
> It works for me: 2.2.18 & ipchains 1.3.9, 17-Mar-1999
>
> Greetings
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
