Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] Transparent proxy ...
  • From: Nix <suse@xxxxxxxxxxxxxxx>
  • Date: Fri, 09 Feb 2001 14:46:10 +1100
  • Message-id: <5.0.2.1.0.20010209144357.04ae11c8@xxxxxxxxxxxxxxxxxxxx>
At 01:40 PM 9/02/2001, you wrote:
Well, I run SuSE proxy suite 1.7 and if you take a look at the file
TRANSPARENT_PROXY.txt with the docs you'll see that it's possible, but it's
unstable code.
You can also take a look at mmtcpfw, a ftp proxy/tcp redirector

OK. I run whatever is with SuSE 7.0

> Transparent redirection is quite different to transparent proxying!!!
> What you are suggesting with "some PASV tricks" would definately
> NOT be a firewall rule but rather and application level proxy (like TIS)
> in conjunction with packet filter rules..

OK, I really misunderstood when you said transparent redirection. SuSE Proxy
Suite and TIS are application level + some ip level redirection.

Passive ftp use predictables ports so you can redirect it. But you must
intercept PORT/PASV, LPRT/LPSV and EPRT/EPSV and rewrite accordingly.
I know it's application level, but so is mod_masq_ftp.
This is the PASV trick I was talking about.
AFAIK, except for some terminology (proxy, redirection, ip, application),
it's possible to redirect passive ftp traffic this way.

Yeah, well, all these modules will change when the transproxy stuff is written.
It should pretty much do away with the need for the SuSE Proxy Suite..
There are probably still reasons where you would want to use it tho I spose..



---
Nix - nix@xxxxxxxxxxxxxxxx
http://www.susesecurity.com


< Previous Next >
Follow Ups
References