[tech] flame, moray's kernel and transparent proxying
Duncan Sargeant
dunc at rcpt.to
Thu Sep 16 14:37:40 WST 1999
Ian McKellar wrote on Thu September 16, at 14:27 +0800:
> On Thu, Sep 16, 1999 at 02:02:48PM +0800, Duncan Sargeant wrote:
> > Warrick Mitchell wrote on Thu September 16, at 13:47 +0800:
> > > On Thu, Sep 16, 1999 at 01:45:52PM +0800, Ian McKellar wrote:
> > > > Hi,
> > > >
> > > > I've worked out a way to give flame its own IP number without
> > > > needing to give it its own machine. We can use the
> > > > transparent proxying code in linux to redirect all requests to
> > > > port 23 with a destination of flame's IP# (I grabbed
> > > > 130.95.13.10 - it doesn't seem to be used) to port 4242. We
> > > > can do this with all the other services that flame runs. I've
> > > > set up ip aliasing on moray (its now using 130.95.13.(9|10)),
> > > > but moray's kernel doesn't seem to have the nececary firewall
> > > > options enabled to do the port redirection.
> >
> > Can you do this without ditzy kernel options, with rlinetd dichro?
>
> No. We could set up a tunnel, but that would mean that flame
> wouldn't know the real IP that the person came from.
Redirection is a hack for cracks; you use redirection to get around
firewalls.
It would be much cleaner if you just bound the services to their
correct ports on /flame/'s address. rlinetd lets you do this with the
interfaces command.
,dunc
More information about the tech
mailing list