On Tue, Feb 11, 2003, Alon Altman wrote about "Transparent proxy for local PC": > I've already successfully configured such a proxy for remote hosts, > however I had a problem with setting it up for a local host, as the proxy's > attempt to connect out are redirected back to the proxy.
One trivial (but rather silly) workaround is to use a second proxy; If you capture port 80, and the proxy sends its requests to another proxy's port 8080 (say), you won't have this problem... But that's probably not what you had in mind... > Is there any way to do this in either application(a la socksify) or > system(a la iptables) level? I'm assuming you already have a DNAT target on the OUTPUT chain (iptables). You might want to check the "owner" module to iptables (see iptables(8))), and redirect all packets except those generated by the proxy process (for example). Caveat emptor: I did not try this. As they say: "Take my advice, I don't use it anyway" :) -- Nadav Har'El | Tuesday, Feb 11 2003, 10 Adar I 5763 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |I couldn't afford a cool signature, so I http://nadav.harel.org.il |just got this one. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
