Combining Transparent Proxying with SSH Port Forwarding
Damien Miller
djm at mindrot.org
Thu Sep 11 13:38:10 EST 2003
Dan Kaminsky wrote:
>
>> There are patches around to use OpenSSH dynamic portforwarding as a
>> transparent gateway under OpenBSD pf's NAT. I don't know whether we
>> want to support and maintain variants for every OS's favourite packet
>> filter in the tree though...
>
> We should encourage good, implementation-independent SOCKSifiers for the
> various OS's, but that's the extent I see it being appropriate to dive
> into kernelspace.
That may be a better idea - instead of N different transparent NAT ->
Dynamic portforward implementations living in OpenSSH, do N standalone
transparent NAT -> SOCKS gateway daemons. We could keep complexity out
of OpenSSH and the daemons would have independant utility.
> I wouldn't mind a patch to automatically reconnect a SSH session that's
> failing keepalives, though.
How to retain session state?
-d
More information about the openssh-unix-dev
mailing list