[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: HTTP tunnel

To: linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: HTTP tunnel
From: "Ajay Dudani" <ajay@xxxxxxxxxxxxxx>
Date: Thu, 24 Aug 100 15:49:09 -0400
Reply-to: ajay@xxxxxxxxxxxxxx

Hi Abhas,

Well indeed, it would be great to have the new kernel and go for IP Masq. but
the thing is I need to scan the data coming back from the proxy.  The HTTP tunnel
has to see the traffic coming back and check it for the keywords allow/deny
and only then pass it back to browser.  

My point still remains that I want to do filtering based on keywords in HTML
pages, not only on end to end port or URL address.  If I allow squid directly
to send data back to browser then I will completly missout all the data coming
in to my Intranet.

Yeah, I agree it would be a bottle neck, so I am planning for POSIX threads
of fork() ...

Thanks,

Ajay



>Hi Ajay...
> 
>> I am trying to code a HTTP tunnel...something that runs at port 9000
>> (here), listens to browser requests (setting proxy at 9000 in browser)
>> and then passes on this HTTP request fom the browser to a squid proxy
>> running on port 3128 on 127.0.0.1
>
>I have a couple of suggestions that should work....
>
>first of all you can enable IP Masquerading and port forwarding in the
>kernel... after you have done that put some rules in the IP Masquerading
>tables so that data from port 3128 (Squid) is transparently written to
>the client port... this way the squid messages will definitely reach the
>client browser without even going thru' your tunnel... that is
>speedier... so if the URL the client is requesting is okay, the data
>coming from the web site does not have the additional overhead of going
>thru' your tunnel...
>
>you get the point? data *from* the client is scanned by your tunnerl and
>passed on to squid... however, data coming back need not be scanned...
>you can simply pass it on to the client... so your tunnel need not come
>into picture... just try something like this out... i used it for port
>forwarding onto other machine, but never on the same machine... although
>i think it should work as well...
> 
>do tell me what happened...
>
>Abhas.
>
>---------------------------------------------
>The mailing list archives are available at
>http://lists.linux-india.org/cgi-bin/wilma/LIP
>
>

Follow-Ups:
- Re: HTTP tunnel
  - From: Abhas Abhinav

Prev by Subject: Re: HTTP tunnel
Next by Subject: Re: HTTP tunnel
Previous by thread: Re: HTTP tunnel
Next by thread: Re: HTTP tunnel
Index(es):
- Subject
- Thread