Dave Nebinger wrote:
On Tuesday 11 October 2005 07:37 am, Steve [Gentoo] wrote:
I'm also vaguely hopeful that there may
be a more efficient lower-level solution which wouldn't require the
overhead of a process to 'pass-on' the tcp data... maybe integrated with
ipchains or pf or similar?
If you choose to roll your own solution, that would be difficult. Youve
already accepted the connection, so the firewall is now configured to allow
the packets back and forth only when related to your connection.
I realise that the idea would necessarily be substantially more
challenging than just writing a proxy... but I'm sure it is possible.
I'm guessing I'd need to interact at the IP packet level, recognise the
start of a TCP stream (buffering packets as necessary) then re-play them
to the right port and force the packet filter to re-direct that TCP
stream. It would not be worth my time to try and make this work if it
isn't already available for me to just compile and use.
Technically the proxy development is not difficult, but for newbies it can be
frustrating working out the nuances of processing asynchronous data arriving
on one pipe let alone two.
I'm confident that I could write a proxy that would do this... as you
suggest - it's not rocket science. Conversely, I'm lazy enough to just
use one that's already written if one exists... which, I'm guessing, is
likely as I doubt I'm the first person to tackle this.
Steve
--
gentoo-user@gentoo.org mailing list