On Thu, 2002-04-04 at 12:13, Craig Hughes wrote:
> On Thu, 2002-04-04 at 01:50, Nigel Metheringham wrote:
> > I've not played with this since a 2.0 linux kernel, however on that if
> > you have the transparent proxy code in place - which *terminates* the
> > connection (so X thinks its talking to Z but is actually talking to Y -
> > if you want Z involved you have to set up a new connection from Y to Z
> > and futzing that to make it look like it comes from X would be *very*
> > hard without deep router magic).
>
> That's what I was afraid of. I don't think the magic is *that* deep, at
> least in linux 2.4, you should be able to just read the NAT table to
> figure out what X was trying to talk to in the first place. But I was
> just wondering if there was some more elegant way of doing it.
The deep magic part comes in making sure that the replies from Z come
back to you as well - everything else is easy. The real problem comes
in because our network engineers get upset at the idea of putting (non
router) kit in the way of a network path - attached to the side of the
network with some stuff redirected to it is OK, in the way of means you
are the single point of failure :-) [NB the policy routing could cope
with a dead redirection server too].
The place to look for this stuff is actually the service clustering
projects - things like Wen Song's port redirection stuf (can't remember
the project name).
Nigel.
--
[ Nigel Metheringham [EMAIL PROTECTED] ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
