From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1EPNpK-0002qz-69 for garchives@archives.gentoo.org; Tue, 11 Oct 2005 17:22:10 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j9BHBQlw010534; Tue, 11 Oct 2005 17:11:26 GMT Received: from mail.shic.lan (adsl.195-248-105-109.dial.hot.broadband.adsl.broadbandonly.co.uk [195.248.105.109]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j9BH7HQ3000589 for ; Tue, 11 Oct 2005 17:07:17 GMT Received: from [127.0.0.1] (localhost [127.0.0.1]) by mail.shic.lan (Postfix) with ESMTP id B088B4474C for ; Tue, 11 Oct 2005 18:16:37 +0100 (BST) Message-ID: <434BF37E.9020402@shic.co.uk> Date: Tue, 11 Oct 2005 18:16:46 +0100 From: "Steve [Gentoo]" User-Agent: Thunderbird 1.4 (Windows/20050908) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] About a proxy-like idea... (was Shell through the web) References: <1129005118.18578.12.camel@localhost> <434BA40A.30808@shic.co.uk> <200510110819.50095.dnebinger@joat.com> In-Reply-To: <200510110819.50095.dnebinger@joat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 965f6147-c77d-45f1-915e-51271e270c72 X-Archives-Hash: 9f8a96fe4266f4b8a8345ecec0286714 Dave Nebinger wrote: > On Tuesday 11 October 2005 07:37 am, Steve [Gentoo] wrote: > >> I'm also vaguely hopeful that there may >> be a more efficient lower-level solution which wouldn't require the >> overhead of a process to 'pass-on' the tcp data... maybe integrated with >> ipchains or pf or similar? >> > If you choose to roll your own solution, that would be difficult. Youve > already accepted the connection, so the firewall is now configured to allow > the packets back and forth only when related to your connection. > I realise that the idea would necessarily be substantially more challenging than just writing a proxy... but I'm sure it is possible. I'm guessing I'd need to interact at the IP packet level, recognise the start of a TCP stream (buffering packets as necessary) then re-play them to the right port and force the packet filter to re-direct that TCP stream. It would not be worth my time to try and make this work if it isn't already available for me to just compile and use. > Technically the proxy development is not difficult, but for newbies it can be > frustrating working out the nuances of processing asynchronous data arriving > on one pipe let alone two. > I'm confident that I could write a proxy that would do this... as you suggest - it's not rocket science. Conversely, I'm lazy enough to just use one that's already written if one exists... which, I'm guessing, is likely as I doubt I'm the first person to tackle this. Steve -- gentoo-user@gentoo.org mailing list