* Two Userspace Transparrent Proxies -- Please Help
@ 2003-07-21 16:04 Eugene & Yuna Portnoy
0 siblings, 0 replies; only message in thread
From: Eugene & Yuna Portnoy @ 2003-07-21 16:04 UTC (permalink / raw)
To: netfilter-devel
Hello,
I'm trying to combine two userspace applications on a single host running
2.4 kernel Linux.
One of the applications is actually well known squid, another one is
not-so-well-known TCP proxy. I need the wan output of squid to be picked up
by this second proxy which transparency is implemented using TUN/TAP driver.
By itself, both proxies work just fine. Squid by usual "REDIRECT -- to-ports
3128" clause and the other using FMARKs, corresponding ip rules and virtual
interfaces.
So, it looks like this
TCP
(LAN) eth0 <--> tun0 <--> TCP proxy <--> tun1 <-->eth1 (WAN)
or
HTTP
(LAN) eth0 <--> Squid <-->eth1 (WAN)
I'd imagine something like this
HTTP eth0 <--> Squid
/\
|
V
TCP eth0 <--> tun0 <--> TCP proxy <--> tun1 <-->eth1
My goal is to do this without modifying the code of any of the applications,
but rather using iptables/iproute2. Does it make sense?
Or maybe this is the right question? Will a locally originated packet
traverse the iptables chains from the very beginning starting from the
PREROUTING queue if routed to tun0? And if yes, how to avoid an infinite
loop then?
Thanks in advance,
Eugene.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-07-21 16:04 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-21 16:04 Two Userspace Transparrent Proxies -- Please Help Eugene & Yuna Portnoy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.