Article delegate-en/3938 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3903@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Transparent Proxy
26 Mar 2008 08:50:55 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

I'm reminded of this message from you :)

On 11/17/07(21:14) you "Kevin Richter" <ph4hqbdyi-ktwgyordbmlr.ml@ml.delegate.org> wrote
in <_A3903@delegate-en.ML_>
 |other proxies like Squid or frox can detect the destination address
 |from the IP header with
 |getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, ... )
 |
 |This is for a transparent proxy mode. Means: The users dont have to
 |change their local configurations in the ftp program, browser,
 |mail program, ...
 |
 |The POP or FTP protocol do not tell you the destination - normally.
 |The only chance would be to change the username to "username@server.."
 |But sometimes the username is "username@mydomain.." and the
 |POP server is pop.bigfirm.com. Delegate connects to mydomain.com.
 |There is no POP server listening. It does not work.

In such case, you should say "username@mydomain.com@server.com" to the
DeleGate for POP proxy.

 |The analyse of the IP header is the only chance to get the real
 |destination IP.
 |Would it be possible for you to implement such transparent proxy
 |mode feature for ftp, pop, imap?

It might be useful as the "virtual hosting" or "reverse proxy" at
server-side rather than as the "transparent proxy" at the client-side,
since there is no way to recognize or utilize the DeleGate as a proxy
from the client-side in the former case.

I supported SO_ORIGINAL_DST in DeleGate/9.8.2-pre19 in which you can
specify as follows:

  SERVER=ftp://odst.-:-

If the original address is xx.xx.xx.xx:10021, the DeleGate with the
above specification will act as:

  SERVER=ftp://xx.xx.xx.xx.xx:10021

You can make offset the port-number as following configurations:

  SERVER=ftp://odst.-         -->  any input to 21
  SERVER=ftp://odst.-:8021    -->  any input to 8021
  SERVER=ftp://odst.-:-10000  -->  100021 to 21
  SERVER=ftp://odst.-:+10000  -->  100021 to 20021


This will work for any application protocols over TCP supported by DeleGate.

  SERVER=pop://odst.-
  SERVER=imap://odst.-
  SERVER=http://odst.-
  ...

I think "Server Name Indication" of extended TLS might also useful for this
purpose.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V