[CLUG-tech] Using sqid and ntlmaps together

Izak Burger isburger at gmail.com
Mon Dec 10 11:29:43 SAST 2007


On Dec 9, 2007 1:42 PM, Rainer M Krug <rainer.linux at krugs.de> wrote:
> This would redirect all outgoing requests to port 8888. But as I have
> apache running, wouldn't that result in a loop when I try to connect to
> my local apache server? The request is redirected to 8888 - which then
> redirects to localhost 80 which is then redirected ...

Halfway correct. It does mean that a connection to localhost:80 will
be redirected to tinydns, but it won't be redirected "back to apache".
Instead a new connection is made by tinyproxy to localhost port 80
which is indeed then redirected back onto itself. All outgoing
connections to port 80 (even to localhost) ends up at tinyproxy, even
those that tinyproxy tries to make.

Google for "transparent proxy" setup using iptables. There is a way
you can match packets on the OUTPUT chain based on the gid of the
process generating them. By adding another rule before the redirection
rule to match these packets, you can allow tinyproxy to make
connections anywhere, while everyone else ends up being redirected to
tinyproxy.

regards,
Izak


More information about the clug-tech mailing list