Combining Transparent Proxying with SSH Port Forwarding

Greg Houlette tamaster at
Fri Sep 12 15:04:33 EST 2003

Thanks for the feedback.  I still have a few questions of course...

The Dynamic Forwarding that is currently in OpenSSH (-D option)
which uses the SOCKS protocol, still requires an application-level
'socksifier' to provide transparency on the client side, but lacks
other features of a traditional transparent proxy (such as NAT)?

I haven't seen or used any of the patches that Damien mentioned, and
I can understand why, for the sake of utility, it would be preferable
to keep this kind of feature as a seperate connector module.

I just don't have a feel for how much bloat a transparent NAT -> SSH
proxy capability would add, but I suspect that once in place it might
get to be pretty sizable as more advanced features were added.

The idea of a standalone transparent NAT -> SOCKS gateway daemon
is something that I haven't seen, let alone with the other features
that I mentioned in my post.  That does seem like a good starting
point though.  And I like the independent utility aspect of it.

I wish Markus would elaborate about what he's using?


    ||||||||        ||||||||        ||||||||       ||||||||
    vvvvvvvv        vvvvvvvv        vvvvvvvv       vvvvvvvv
All direct responses should use the following e-mail address rather
than the one in the from: header (which will get you NOWHERE).

Greg Houlette <tamaster at pobox dot com>    *  Give me the graphical UI
Do you know who owns your network today?     *  that will "condense fact
GPG 1.2.2 Public Keys available upon request *  from the vapor of nuance"

More information about the openssh-unix-dev mailing list