> > I've already successfully configured such a proxy for remote hosts, > > however I had a problem with setting it up for a local host, as the proxy's > > attempt to connect out are redirected back to the proxy. > > One trivial (but rather silly) workaround is to use a second proxy; If you > capture port 80, and the proxy sends its requests to another proxy's port > 8080 (say), you won't have this problem... > But that's probably not what you had in mind...
Yes, but then I'll need an external machine, which I'm trying to avoid... > > Is there any way to do this in either application(a la socksify) or > > system(a la iptables) level? > > I'm assuming you already have a DNAT target on the OUTPUT chain (iptables). > You might want to check the "owner" module to iptables (see iptables(8))), > and redirect all packets except those generated by the proxy process (for > example). Thanks. This would probably solve my problem. Didn't know about the "owner" module... Alon -- This message was sent by Alon Altman ([EMAIL PROTECTED]) ICQ:1366540 The RIGHT way to contact me is by e-mail. I am otherwise nonexistent :) -------------------------------------------------------------------------- -=[ Random Fortune ]=- Do, or do not; there is no try. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
