On Fri, 2003-04-25 at 16:47, Lennert Buytenhek wrote:
> - It is possible to automatically determine tcp_outgoing_address by
> doing an rtnetlink routing table lookup for the target IP address,
> and then using the 'src' RT attribute from the returned route.
Sounds like a possiblility. You would still need to inform the user that
they would need an IP on the server facing interface. (I use bridging in
my setup with nothing but an external facing management IP). You could
probably just take the IP of the first interface that has one, I think
the interface doesn't even matter provided it isn't loopback...
> - I wrote a patch against the linux kernel in november last year that
> lets one selectively accept/reject TCP connections. I've put a copy
> at the following address. The API seems fairly clean. The patch
> itself needs some bug hunting still, but the basic idea is sound, I
> think.
>
> http://www.math.leidenuniv.nl/~buytenh/marc_boucher_take_2
can you describe briefly how it works from userspace perspective? I
don't think there is enough context in the patch to make it obvious for
a kernel llama like me ;)
> - I would be interested in making it possible for squid to use something
> like an X-Forwarded-For: header to determine the source IP address to
> fake for a certain connection. I.e., to preserve a user's source IP
> address over multiple 'proxy hops' (of course using some kind of ACL
> mechanism for determining which proxy/proxies to 'trust' this
> X-Forwarded-For: header from)
hehe, cool idea :)
Sounds like you could have some "interesting" times troubleshooting a
setup like that but I can see how it would be useful in some scenarios
:)
-- // Gianni Tedesco (gianni at scaramanga dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:42 MST