[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: HTTP tunnel

Hi Abhas,

Well indeed, it would be great to have the new kernel and go for IP Masq. but
the thing is I need to scan the data coming back from the proxy.  The HTTP tunnel
has to see the traffic coming back and check it for the keywords allow/deny
and only then pass it back to browser.  

My point still remains that I want to do filtering based on keywords in HTML
pages, not only on end to end port or URL address.  If I allow squid directly
to send data back to browser then I will completly missout all the data coming
in to my Intranet.

Yeah, I agree it would be a bottle neck, so I am planning for POSIX threads
of fork() ...



>Hi Ajay...
>> I am trying to code a HTTP tunnel...something that runs at port 9000
>> (here), listens to browser requests (setting proxy at 9000 in browser)
>> and then passes on this HTTP request fom the browser to a squid proxy
>> running on port 3128 on
>I have a couple of suggestions that should work....
>first of all you can enable IP Masquerading and port forwarding in the
>kernel... after you have done that put some rules in the IP Masquerading
>tables so that data from port 3128 (Squid) is transparently written to
>the client port... this way the squid messages will definitely reach the
>client browser without even going thru' your tunnel... that is
>speedier... so if the URL the client is requesting is okay, the data
>coming from the web site does not have the additional overhead of going
>thru' your tunnel...
>you get the point? data *from* the client is scanned by your tunnerl and
>passed on to squid... however, data coming back need not be scanned...
>you can simply pass it on to the client... so your tunnel need not come
>into picture... just try something like this out... i used it for port
>forwarding onto other machine, but never on the same machine... although
>i think it should work as well...
>do tell me what happened...
>The mailing list archives are available at