[CLUG-tech] Using sqid and ntlmaps together

Rainer M Krug rainer.linux at krugs.de
Mon Dec 10 15:38:44 SAST 2007


Izak Burger wrote:
> On Dec 9, 2007 1:42 PM, Rainer M Krug <rainer.linux at krugs.de> wrote:
>> This would redirect all outgoing requests to port 8888. But as I have
>> apache running, wouldn't that result in a loop when I try to connect to
>> my local apache server? The request is redirected to 8888 - which then
>> redirects to localhost 80 which is then redirected ...
> 
> Halfway correct. It does mean that a connection to localhost:80 will
> be redirected to tinydns, but it won't be redirected "back to apache".
> Instead a new connection is made by tinyproxy to localhost port 80
> which is indeed then redirected back onto itself. All outgoing
> connections to port 80 (even to localhost) ends up at tinyproxy, even
> those that tinyproxy tries to make.

OK - that makes more sense. But the problem stays the same.

> 
> Google for "transparent proxy" setup using iptables. There is a way
> you can match packets on the OUTPUT chain based on the gid of the
> process generating them. By adding another rule before the redirection
> rule to match these packets, you can allow tinyproxy to make
> connections anywhere, while everyone else ends up being redirected to
> tinyproxy.

I'll do so - but in the meantime, I will; just setup my programs to use 
tinyproxy.

Thanks a lot,

Rainer

> 
> regards,
> Izak



More information about the clug-tech mailing list