How to make transparent proxy's source ip NOT unique ?
- From: "Mickey Jerry" <MickeyJerry@xxxxxxxxx>
- Date: 20 Feb 2006 22:31:23 -0800
How to make transparent proxy's source ip NOT unique ?
Topology like this:
Client(s)<-->BOX<-->Gateway
where the BOX is inserted between Client(s) and its Gateway
On the box, we REDIRECT all client's incoming requests (related to some
protocol only)
to a local program which acts as a filter/proxy of the protocol.
The filter program will talk to the orginal server instead
and forward its responses back to the client.
Although it seems transparent for the client,
the gateway will see only the BOX's requests.
in some cases, this will be troublesome:
e.g. if there exsits rules based on per ip's traffic,
and all clients' requests will be invisible to gateway (because they
are proxyed).
Is it possible that the BOX still filters clients' packets,
yet keep its outgoing packtet's source ip as before redirected ?
(we also want the server's resposnse pass the BOX first)
Can a SNAT sufficient for this task ?
(The best effect is to use its original source ip.)
Furthur more, we want to differentiate clients' requests from BOX's,
that is, local(not proxyed) outgoing requests shoulded not be SNATed
(or at least, should not be fed into our filter program).
Can we achieve it just using iptables without modification of our
program ?
Or is there any API from netfilter extension that we can use
from user-level applicaiton (not kernel) to do SNAT ?
.
- Follow-Ups:
- Re: How to make transparent proxy's source ip NOT unique ?
- From: Eric Lalitte
- Re: How to make transparent proxy's source ip NOT unique ?
- Prev by Date: Re: Linux router
- Next by Date: Re: ADSL USB Modem
- Previous by thread: ADSL USB Modem
- Next by thread: Re: How to make transparent proxy's source ip NOT unique ?
- Index(es):
Relevant Pages
|
