fooler wrote:
> the simple logic and attack of nmap is that, it send a *tcp syn* to the
> target host... if the the target host reply a *tcp syn/ack*... then nmap
> will display that port is *open* otherwise nmap will assumed that port is
> *filtered*... therefore, filtering thru packet filter, binding to
> localhost, whatever trick you gonna do... it will give you the same
> results from nmap...
>
OK, that's good to know. But with a "-j REJECT --reject-with tcp-reset" nmap
will show "closed", not "filtered".
> to give you an idea.. your network card is a *physical* device while your
> loopback interface (eg. localhost) is a *logical* device.. both physical
> and logical devices have an ip address if you assigned it... the principle
> of transparent proxy is that... it will hijack the tcp port 80 and
> *redirected* to a given or target ip address... if that target ip address
> is your localhost ip address (127.0.0.1) where squid bind to it
> (127.0.0.1:3128) then squid will happily recieved those hijack http
> packets...
>
Right, I think I understand. Something like this:
iptables -A PREROUTING -t nat -p TCP --dport 80 -j REDIRECT --to-port 3128
--destination 127.0.0.1
I'll try this tonight, when nobody is using the connection.
> 127.0.0.1 is not routable therefore both your internal and external
> clients dont see 127.0.0.1:3128 in your squid box...
Right.
Thank you for explaining these things, it's much appeciated!
//Niels
Received on Fri May 13 2005 - 07:43:10 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT