Henrik,
just to recap the goal:
I have:
- non-proxy aware clients (not controlable)
- non-transparent aware proxy (not controlable,
and even not on Linux, it is not in-housed)
an in the middle:
- one (or more) default gateway, the netfilter box.
= goal:
1) HTTP: rewrite the HTTP requests
On Tue, Mar 19, 2002 at 09:57:06PM -0800, James Couzens wrote:
Running Suse 7.3 on a Sun Netra T1 105.
The default Suse configuration provides you with kernel 2.4.14, and I ran into
problems with the packet counter functionality of iptables, which by default I
believe was 1.2.2 or
On Wed, Mar 20, 2002 at 07:19:57AM +0100, [EMAIL PROTECTED] wrote:
hello,
i saw several information about netfilter provided by you.
i would like to get a netfilter module that implements the trigger
ports that many routers like zyxel implement. that means
packets going out a nat'ed
Right. For this with iptables the standard solution is to run a small proxy
on the iptables box, and have iptables extended to allow this proxy to
control the source address of outgoing connections.
Unfortunately this functionality isn't easily achievable in iptables at the
moment. iptables
On Wednesday 20 March 2002 17:29, Jean-Michel Hemstedt wrote:
I have:
- non-proxy aware clients (not controlable)
- non-transparent aware proxy (not controlable,
and even not on Linux, it is not in-housed)
an in the middle:
- one (or more) default gateway, the netfilter box.
= goal:
On Wednesdayen den 20 March 2002 12.13, Leon Brooks wrote:
How about transproxying to Squid on the netfilter box, and getting Squid to
passthrough to the `real' proxy?
Won't solve the issue of not hiding the clients real IP addresses.
Regards
Henrik Nordström
Squid Developer Netfilter
On Wednesdayen den 20 March 2002 12.13, Leon Brooks wrote:
How about transproxying to Squid on the netfilter box, and getting Squid to
passthrough to the `real' proxy?
And also, Squid does not know how to intercept HTTPS traffic. But adding such
functionality to Squid is trivial if needed.
Jean-Michel Hemstedt [EMAIL PROTECTED] wrote:
= goal:
3) for both: keep the source ip addresses of the clients
in the modified forwarded packets, so that the proxy
can do simple source based authentication (possibly
with the collaboration of exteral elements such as
radius, but
Hi,
IPv4 AH and ESP matches countain bad save() functions.
This is one variant for fixing the problems.
Testrules:
-A INPUT -p esp -m esp --espspi 234
-A INPUT -p esp -m esp --espspi 234:345
-A INPUT -p esp -m esp --espspi 0:345
-A INPUT -p esp -m esp --espspi ! 234
-A INPUT -p esp -m esp
Hi...I've started to develop xdmcp module, or ip_nat_xdmcp and ip_conntrack_xdmcp..
But It's my first time to develop this, I have so many questions...
I'd searched all the documents in the online world...
I've get many things from that, but I still have many questions..
I wish this
On Thu, Mar 21, 2002 at 11:35:19AM +0900, Takuya Satoh wrote:
Perfectly clear, thanks. So the FTOS target (but not the new DSCP) can
be
also used to selectively remove the ECN-enabled bit from syn packets
going
to some bad hosts throwing away any ECN-enabled connection (until the
new
11 matches
Mail list logo
