Combining Transparent Proxying with SSH Port Forwarding
Greg Houlette
tamaster at spamblocked.earthlink.net
Fri Sep 12 15:04:33 EST 2003
Thanks for the feedback. I still have a few questions of course...
The Dynamic Forwarding that is currently in OpenSSH (-D option)
which uses the SOCKS protocol, still requires an application-level
'socksifier' to provide transparency on the client side, but lacks
other features of a traditional transparent proxy (such as NAT)?
I haven't seen or used any of the patches that Damien mentioned, and
I can understand why, for the sake of utility, it would be preferable
to keep this kind of feature as a seperate connector module.
I just don't have a feel for how much bloat a transparent NAT -> SSH
proxy capability would add, but I suspect that once in place it might
get to be pretty sizable as more advanced features were added.
The idea of a standalone transparent NAT -> SOCKS gateway daemon
is something that I haven't seen, let alone with the other features
that I mentioned in my post. That does seem like a good starting
point though. And I like the independent utility aspect of it.
I wish Markus would elaborate about what he's using?
GregH
|||||||| |||||||| |||||||| ||||||||
vvvvvvvv vvvvvvvv vvvvvvvv vvvvvvvv
All direct responses should use the following e-mail address rather
than the one in the from: header (which will get you NOWHERE).
-------------------------------------------------------------------------
Greg Houlette <tamaster at pobox dot com> * Give me the graphical UI
Do you know who owns your network today? * that will "condense fact
GPG 1.2.2 Public Keys available upon request * from the vapor of nuance"
More information about the openssh-unix-dev
mailing list