All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Eugene & Yuna Portnoy" <yueupo@comcast.net>
To: <netfilter-devel@lists.netfilter.org>
Subject: Two Userspace Transparrent Proxies -- Please Help
Date: Mon, 21 Jul 2003 09:04:39 -0700	[thread overview]
Message-ID: <000501c34fa1$ca8fda60$0101a8c0@MONSTER> (raw)

Hello,

I'm trying to combine two userspace applications on a single host running
2.4 kernel Linux.
One of the applications is actually well known squid, another one is
not-so-well-known TCP proxy. I need the wan output of squid to be picked up
by this second proxy which transparency is implemented using TUN/TAP driver.

By itself, both proxies work just fine. Squid by usual "REDIRECT -- to-ports
3128" clause and the other using FMARKs, corresponding ip rules and virtual
interfaces.

So, it looks like this

TCP
(LAN) eth0 <--> tun0 <--> TCP proxy <--> tun1 <-->eth1 (WAN)

or

HTTP
(LAN) eth0 <--> Squid <-->eth1 (WAN)

I'd imagine something like this

HTTP eth0 <--> Squid
                           /\
                            |
                           V
TCP   eth0 <--> tun0 <--> TCP proxy <--> tun1 <-->eth1

My goal is to do this without modifying the code of any of the applications,
but rather using iptables/iproute2. Does it make sense?

Or maybe this is the right question? Will a locally originated packet
traverse the iptables chains from the very beginning starting from the
PREROUTING queue if routed to tun0? And if yes, how to avoid an infinite
loop then?

Thanks in advance,
Eugene.

                 reply	other threads:[~2003-07-21 16:04 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='000501c34fa1$ca8fda60$0101a8c0@MONSTER' \
    --to=yueupo@comcast.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.