Re: redirect unauthorized users to a login page (natd as atransparent proxy)

2003-06-13 Thread Ruslan Ermilov 
On Tue, Jun 10, 2003 at 11:53:48AM +0200, Vaclav Petricek wrote:
[...]
 The patch works. Thank you very much. I attach my attempt on a patch that
 should make it possible to ommit the alias_address and interface options
 in case proxy_only is specified. IMHO in that situation these options are
 not used and should not be required by natd..
 
Certainly.  I've committed a variation of your patch to natd.c,
and the corresponding documentation changes to natd.8.  MFC is
planned in two weeks (see attached).


Cheers,
-- 
Ruslan Ermilov  Sysadmin and DBA,
[EMAIL PROTECTED]   Sunbay Software Ltd,
[EMAIL PROTECTED]   FreeBSD committer
---BeginMessage---
ru  2003/06/13 15:15:42 PDT

  FreeBSD src repository

  Modified files:
sbin/natdnatd.8 natd.c 
  Log:
  If the -proxy_only option is used, the -alias_address/-interface
  options are not required.
  
  Suggested by:   Vaclav Petricek
  MFC after:  2 weeks
  
  Revision  ChangesPath
  1.58  +5 -2  src/sbin/natd/natd.8
  1.42  +4 -2  src/sbin/natd/natd.c
---End Message---


pgp0.pgp
Description: PGP signature

Re: redirect unauthorized users to a login page (natd as atransparent proxy)

2003-06-08 Thread Ruslan Ermilov 
On Mon, Jun 09, 2003 at 01:05:07AM +0300, Ruslan Ermilov wrote:
 On Sun, Jun 08, 2003 at 10:35:47PM +0200, Vaclav Petricek wrote:
  
  Hello
  
  I am trying to redirect all http traffic of unauthorized wifi users on a
  wireless hotspot to a login page. The problem I have is that I can not
  disable the regular address translation (I want the source address to stay
  the same).
  
  10.0.0.7   is the wifi client
  195.250.155.29 is the web wifi user tries to access from his browser
  195.113.17.94  is my login page
  10.0.0.1   is the wifi interface on the server
  
  What happens is
  
  In  [TCP]  [TCP] 10.0.0.7:1036 - 195.250.155.29:80 aliased to
 [TCP] 10.0.0.1:1036 - 195.113.17.94:80
  
  The natd configuration file:
  -
  interface wi0
  port 1234
  #proxy_only yes
  reverse
  proxy_rule port 80 server 195.113.17.94:80
  -
  
  Natd was run as natd -f /etc/natd.conf -v with
  00010 divert 1234 tcp from any to any via wi0
  
  I was hoping proxy_only will do the trick but it does not seem to have
  any impact and the source address is changed anyway.
  
  A quick glance at the source did not help much to my understanding of the
  proxy_only option.
  
 Confirmed as a bug.  The attached patch worked for me,
 please test it.  You'll have to recompile and reinstall
 libalias(3), then recompile and reinstall natd(8) with
 new library.
 
I was too fast.  This patch doesn't work well.  It works
in a sense that it doesn't modify source IP address of
the proxied packets, but it doesn't work in a sense that
reply packets do not undergo de-aliasing.  The attached
patch is verified to work.  Please test it instead.


Cheers,
-- 
Ruslan Ermilov  Sysadmin and DBA,
[EMAIL PROTECTED]   Sunbay Software Ltd,
[EMAIL PROTECTED]   FreeBSD committer
Index: alias.c
===
RCS file: /home/ncvs/src/lib/libalias/alias.c,v
retrieving revision 1.36
diff -u -p -r1.36 alias.c
--- alias.c 23 Jul 2002 00:16:19 -  1.36
+++ alias.c 8 Jun 2003 22:38:36 -
@@ -1425,6 +1425,10 @@ PacketAliasOut(char *ptr,   /* v
 SetDefaultAliasAddress(pip-ip_src);
 }
 }
+else if (packetAliasMode  PKT_ALIAS_PROXY_ONLY)
+{
+SetDefaultAliasAddress(pip-ip_src);
+}
 
 iresult = PKT_ALIAS_IGNORED;
 if ((ntohs(pip-ip_off)  IP_OFFMASK) == 0)


pgp0.pgp
Description: PGP signature