Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Masquerading

0 views
Skip to first unread message

Simon Dean

unread,
Nov 16, 2002, 6:08:25 PM11/16/02
to
I got an idea... I want to send back messages within the HTML page
transparently at my own will to the user's web browser. Is it possible
to modify IP Masquerading in such a way?

Thanks
Simon

Bill Marcum

unread,
Nov 16, 2002, 6:50:34 PM11/16/02
to
I'm not sure what you want to do or what it has to do with IP masquerading.


Simon Dean

unread,
Nov 16, 2002, 8:09:23 PM11/16/02
to

OK. I have a linux box, it acts as a gateway, using IP Masquerading. I
dont like the idea of proxies.

But I thought, what if I want to send a message to users in a diferent
way. Can I modify the IP MAsquerading element or some other part, so
when a webpage is returned to the user inside the network from outsode,
the modification could rewrite the webpage and add some extra HTML to
the top of the page showing my message?

Cya
Simon

Erik Max Francis

unread,
Nov 16, 2002, 10:11:06 PM11/16/02
to
Simon Dean wrote:

> But I thought, what if I want to send a message to users in a diferent
> way. Can I modify the IP MAsquerading element or some other part, so
> when a webpage is returned to the user inside the network from
> outsode,
> the modification could rewrite the webpage and add some extra HTML to
> the top of the page showing my message?

That would be a horribly awkward way to do it. The logical way to do
that is to actually use a proxy. Why do you want to avoid a proxy,
anyway?

--
Erik Max Francis / m...@alcyone.com / http://www.alcyone.com/max/
__ San Jose, CA, USA / 37 20 N 121 53 W / &tSftDotIotE
/ \ I want to know God's thought; the rest are details.
\__/ Albert Einstein
Blackgirl International / http://www.blackgirl.org/
The Internet resource for black women.

Richard Pitt

unread,
Nov 17, 2002, 12:42:37 AM11/17/02
to

What you are talking about is about 4 levels above masquerading in the IP
stack - it is application oriented and would have to look at the packet
stream as HTML instead of as IP packets.

You can't just add packets or data to a packet without also fixing the
length and/or packet counter and a bunch of other things. Doing so would
cause the receiving system to reject the packet as bad. You have to
completely regenerate the TCP packet stream - intercept it, munge it,
retransmit it.

Have fun

richard

--
Richard C. Pitt C.E.O. Belcarra Technologies
ric...@belcarra.com direct: 604-644-9265 www.belcarra.com
Software Systems - design and implementation: Internet, Linux, Communications
USB, RNDIS, ATM, E-mail, SQL, Encryption, Security, Web, Embedded Systems

Simon Dean

unread,
Nov 17, 2002, 7:40:11 AM11/17/02
to
Erik Max Francis wrote:
> Simon Dean wrote:
>
>
>>But I thought, what if I want to send a message to users in a diferent
>>way. Can I modify the IP MAsquerading element or some other part, so
>>when a webpage is returned to the user inside the network from
>>outsode,
>>the modification could rewrite the webpage and add some extra HTML to
>>the top of the page showing my message?
>
>
> That would be a horribly awkward way to do it. The logical way to do
> that is to actually use a proxy. Why do you want to avoid a proxy,
> anyway?
>


It's just a phobia from windows days... can web proxies on linux be
setup absolutely 100% transparently?

Cya
Simon

Simon Dean

unread,
Nov 17, 2002, 7:41:06 AM11/17/02
to

So I really do need some kind of transparent proxy then?

Cya
Simon

Erik Max Francis

unread,
Nov 17, 2002, 3:36:01 PM11/17/02
to
Simon Dean wrote:

> It's just a phobia from windows days... can web proxies on linux be
> setup absolutely 100% transparently?

You have the proxy set up, you configure your browser to go through it.
If the proxy works, it works. What do you think is not absolutely 100%
transparent about proxies on Windows?

--
Erik Max Francis / m...@alcyone.com / http://www.alcyone.com/max/
__ San Jose, CA, USA / 37 20 N 121 53 W / &tSftDotIotE

/ \ I know him so well
\__/ Florence/Svetlana, _Chess_
Bosskey.net / http://www.bosskey.net/
A personal guide to online multiplayer first person shooters.

John-Paul Stewart

unread,
Nov 17, 2002, 4:24:28 PM11/17/02
to
Erik Max Francis wrote:
>
> Simon Dean wrote:
>
> > It's just a phobia from windows days... can web proxies on linux be
> > setup absolutely 100% transparently?
>
> You have the proxy set up, you configure your browser to go through it.
> If the proxy works, it works. What do you think is not absolutely 100%
> transparent about proxies on Windows?

With a Linux box running iptables as your gateway, you don't
even need to tell your browser about it. The gateway
running iptables silently redirects out-bound http requests
to the proxy. Only out-bound requests from the proxy server
actually go out.

IIRC there used to be a section in the Firewall-HOWTO about
this. It doesn't seem to be there any more, but there is a
transparent proxy mini-HOWTO that might be worth reading, if
your really feel you need a totally transparent proxy
server:

http://www.linuxdownloads.org/minihowto/TransparentProxy.html

Simon Dean

unread,
Nov 17, 2002, 5:12:40 PM11/17/02
to
Erik Max Francis wrote:
> Simon Dean wrote:
>
>
>>It's just a phobia from windows days... can web proxies on linux be
>>setup absolutely 100% transparently?
>
>
> You have the proxy set up, you configure your browser to go through it.
> If the proxy works, it works. What do you think is not absolutely 100%
> transparent about proxies on Windows?
>

Having to configure the 'proxy' in your web browser, or setting up a
proxy client. I dont like that. That to me is also not transparent.

Cya
Simon

ne...@roaima.freeserve.co.uk

unread,
Dec 2, 2002, 5:43:03 AM12/2/02
to
Simon Dean <sjd...@simtext.plus.com> wrote:
> So I really do need some kind of transparent proxy then?

Ideally you should *avoid* using a *transparent* proxy.

There all all sorts of well-founded warning against this, but basically
it boils down to the fact that unless the browser knows it's dealing
with a proxy it doesn't send cache instructions. In turn, this means
that sometimes the cache will end up storing stale data.

If you can block outbound port 80 and force people to use your web proxy,
browsers and your proxy will work together very happily. You can then
(in principle, at least) usurp this proxy to generate your own pages.

Chris
--
@s=split(//,"Je,\nhn ersloak rcet thuarP");$k=$l=@s;for(;$k;$k--){$i=($i+1)%$l
until$s[$i];$c=$s[$i];print$c;undef$s[$i];$i=($i+(ord$c))%$l}

0 new messages