|
Hi Julian,
> This is handled from the protocol, TCP in this case:
>
> grep redirport net/ipv4/*.c
:) as always
> The higher layer (telnet in this case) can obtain the two dest
> addr/ports by using getsockname(). In 2.4 this is handled additionally
> by using getsockopt(...SO_ORIGINAL_DST...)
Neat option!
> The netfilter mailing list contains examples on this issue.
> You can search for "getsockname":
>
> http://marc.theaimsgroup.com/?l=netfilter&r=1&w=2
Thanks for the pointer. Problem: Under 2.2.x and ipchains you cannot
redirect to a local listener unless it listens to INADDR_ANY. This is
a pain in the ass! Under 2.4.x this is possible. How would I need to
modify the source (I reckon it's ip_local_deliver() again) in the 2.2.x
kernel to be able to a redirection to a local listener (e.g. 127.0.0.1)?
I need this for the SuSE ftp-proxy which needs a -j REDIRECT rule but
has to listen on INADDR_ANY. This is a nasty security issue because then
you have to protect the daemon.
Best regards,
Roberto Nibali, ratz
--
mailto: `echo NrOatSz@xxxxxxxxx | sed 's/[NOSPAM]//g'`
|
