Idea: reverse socks proxy
Dan Kaminsky
dan at doxpara.com
Fri Jan 8 03:44:17 EST 2010
On Jan 7, 2010, at 4:50 PM, Markus Friedl <markus.r.friedl at arcor.de>
wrote:
> On Thu, Jan 07, 2010 at 01:42:03PM +0100, Dan Kaminsky wrote:
>> This is super cool, but shouldn't require a server patch. A remote
>> port forward should just come back to the client's socks parser, and
>> the sockets should be provided locally instead of remotely. How are
>> you using remote now?
>
> this simple patch just reuses the client socks decoder on
> the server side.
>
> i also tried doing the parsing on the client side instead, but it
> requires much much more changes in the ssh channel code, so i'd
> rather avoid this.
A lot of why -D worked is because you didn't need to patch servers.
Couldn't we just do exactly what we did to -L, where the listener is
lazy in determining socket destination and uses the SOCKS parser for
determining target?
More information about the openssh-unix-dev
mailing list