Linux-Bulgaria.ORG
навигация

 

начало

пощенски списък

архив на групата

семинари ...

документи

как да ...

 

 

Предишно писмо Следващо писмо Предишно по тема Следващо по тема По Дата По тема (thread)

Re: Re: lug-bg: Local NAT to Proxy

  • Subject: Re: Re: lug-bg: Local NAT to Proxy
  • From: todorin@email.domain.hidden (Todor Belev)
  • Date: Sun, 15 Jun 2003 12:21:01 +0300 (EEST)

Chudesno PAvka,
Blagodaria i na Gerogi za ideiata.
Obache tova deto mi go davash ti ne stava iasno kak tochno da se polzva - da markiram paketa na osnovanie user-a li , ili procesa i sled tova da go prekaram prez redirektvane na iptables ??
Ami ako se smeni usera ?
Ami ako se smeni browsera ?

Vsyshnost tova koeto dava georgi kato REDIRECT e chasten sluchai na DNAT kogato stava vypros za lokalen port - da raboti no e pochti syshtoto...

Ili dokolkoto razbiram Pavel, trebe za da ne se poluchava vtorichnoto zavyrtane na squida prez OUTPUT ruleto koeto redirektva vsychnost pak kym sebe si, da polzvam niakakvo markirane na generiraneto ot SQuida paketi - obache kak v cialata kartinka da se poluchi tova ?
Krainiat efekt e mejdu drugoto Access deny kato otgovor ot Squida vypreki che politikata na http_access allow all.

Todorin

<p><em class="quotelev1"> >-------- Îðèãèíàëíî ïèñìî --------
<em class="quotelev1"> >Îò:  Pavel Minev Penev <kal_pav_at_sz.techno-link.com>
<em class="quotelev1"> >Îòíîñíî: Re: lug-bg: Local NAT to Proxy
<em class="quotelev1"> >Äî: lug-bg_at_linux-bulgaria.org
<em class="quotelev1"> >Èçïðàòåíî íà: Íåäåëÿ, 2003, Þíè 15 03:17:56 EEST
<em class="quotelev1"> >----------------------------------
<em class="quotelev1"> >
<em class="quotelev1"> >On Sun, Jun 15, 2003 at 12:46:19AM +0300, Georgi Chorbadzhiyski wrote:
<em class="quotelev2"> >> Todor Belev wrote:
<em class="quotelev3"> >> >Zdraveite,
<em class="quotelev3"> >> >Opitvam se da si pusna Squid transparenten na Lokalnata mashina.
<em class="quotelev3"> >> >Iskam s Iptables da redirektna kym lokalen port za da se keshira.
<em class="quotelev3"> >> >No imam problemi:
<em class="quotelev3"> >> >1. Squida e konfiguriran za tansparent s pravilnite opcii i acl-i.
<em class="quotelev3"> >> >2. Probvam niakolko varianta Iptables bez nikakyv uspeh :
<em class="quotelev3"> >> >iptables -t nat -A OUTPUT -d 0.0.0.0/0   -p tcp --dport 80 -j DNAT --to 
<em class="quotelev3"> >> >127.0.0.1:8080
<em class="quotelev3"> >> >Znachi ako opitam s PREROUTING ne se poluchava (logichno).
<em class="quotelev2"> >> 
<em class="quotelev2"> >> iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8080
<em class="quotelev2"> >> 
<em class="quotelev2"> >> Znachi testvah i go raboti, toest redirectva. OBACHE, shtom squida e
<em class="quotelev2"> >> na sashtata mashina toi shte se opitva da otvori nova konekcia, kam
<em class="quotelev2"> >> saita koito si mu kazal. Tyi kato tova shte stane na port 80 kernela
<em class="quotelev2"> >> pak shte redirectne paketa i t.n. Mislia si che na mashnata na koeto
<em class="quotelev2"> >> ti e proxy-to _za neia_ mai niama da mozhesh da nastroish prozrachno
<em class="quotelev2"> >> proxy. Ponezhe niamam proxy naokolo tazi teoria ne sam ia probval no
<em class="quotelev2"> >> zvuchi pravdopodno.
<em class="quotelev2"> >> 
<em class="quotelev2"> >> Podal hack mozhe da e da nakarash squida da izpolzva opredelen pool
<em class="quotelev2"> >> localni portove za zaivkite primerno 10000-20000 i da napravish
<em class="quotelev2"> >> rule-to neshto ot sorta:
<em class="quotelev2"> >> 
<em class="quotelev2"> >> iptables -t nat -A OUTPUT -p tcp --sport ! 10000:20000 \
<em class="quotelev2"> >>   --dport 80 -j REDIRECT --to-port 8080
<em class="quotelev2"> >> 
<em class="quotelev2"> >> No localnite potrebilite koito iskash da proxirash shte mogat da
<em class="quotelev2"> >> zaobikaliat proxyto.
<em class="quotelev1"> >
<em class="quotelev1"> >Networking options  --->
<em class="quotelev1"> >	IP: Netfilter Configuration  --->
<em class="quotelev1"> >		Owner match support (EXPERIMENTAL)
<em class="quotelev1"> >
<em class="quotelev1"> >    CONFIG_IP_NF_MATCH_OWNER:
<em class="quotelev1"> >    Packet owner matching allows you to match locally-generated packets
<em class="quotelev1"> >    based on who created them: the user, group, process or session.
<em class="quotelev1"> >    If you want to compile it as a module, say M here and read
<em class="quotelev1"> >    Documentation/modules.txt.  If unsure, say `N'.                              
<em class="quotelev1"> >-- 
<em class="quotelev1"> >Pav
<em class="quotelev1"> >                             ,.,
<em class="quotelev1"> >                           ,``:'',
<em class="quotelev1"> >Gain your human right of   {o ! o}  My GPG/PGP key is now available at
<em class="quotelev1"> >privacy: use cryptography! ] -+- [  x-hkp://search.keyserver.net:11371.
<em class="quotelev1"> >                            \ ! /
<em class="quotelev1"> >                             `-'
<em class="quotelev1"> >`shell$ gpg --keyserver x-hkp://search.keyserver.net:11371 --recv-key 164C028F`
<em class="quotelev1"> >
<em class="quotelev1"> >http://www.againsttcpa.com/index.shtml
<em class="quotelev1"> >

-----------------------------------------------------------------
http://www.MURA.bg - Ãìóðíè ñå â èãðàòà!
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

 
наши приятели

 

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

 

 

Linux-Bulgaria.ORG

Mailing list messages are © Copyright their authors.