Re: Transparent proxying?

Jacek Zapala (
Sun, 4 May 1997 18:58:29 +0200 (MET DST)

On Thu, 1 May 1997, Nigel Metheringham wrote:

> I can give you the patch set against 2.0.30 *but* I can guarantee this
> will have no effect on transparent proxying - I wrote both of those
> patches and they are extremely minor mods to code that is only used by the
> masquerade stuff. However it may be that some of the masq and proxy code
> has got slightly intertwined, so try compiling a kernel with masq on
> (assuming you normally do not include it).

I have tested transparent proxy on 2.0.30 with and without your masquerading
patches and you were right, they don't interfere with transparent proxy.

But I've got an idea, why someone can say that transparent proxy works with
2.0.30. If you redirect some port, let's say smtp, to the SAME port on the
local machine, it will work. But unfortunately you can't redirect a port to
some OTHER port - look at the following example. I tried to redirect smtp
port to telnet one, but it has been redirected to smtp port on the gateway.

So, kernel 2.0.30 breaks transparent proxy, but there is a chance, that
someone could not notice this and be sure, that it still works.


Jacek Zapala

*** 2.0.30 with or without masquerading patches, with masquerading
compiled in or not compiled in

# ipfwadm -I -a acc -P tcp -S -D smtp -r telnet

# ipfwadm -I -l

IP firewall input rules, default policy: accept
type prot source destination ports
acc/r tcp localnet/24 anywhere any -> smtp => telnet

p0:jacka:~$ telnet 25
Connected to
Escape character is '^]'.
220 ESMTP Sendmail 8.8.4/8.8.4; Sun, 4 May 1997 18:03:20 +0200

*** 2.0.29 (proper behavior)

p0:jacka:~$ telnet 25
Connected to
Escape character is '^]'.

i586-unknown-linux [SSL] (kx) (ttyp0)

kx login:

p0:jacka:~$ telnet kx 25
Connected to kx.
Escape character is '^]'..

i586-unknown-linux [SSL] (kx) (ttyp0)

kx login: