Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) serverside
From: Carson Gaspar (carson_at_taltos.org)
Date: 08/28/03
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- In reply to: Rick Murphy: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) serverside"
- Next in thread: Rick Murphy: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) serverside"
- Reply: Rick Murphy: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) serverside"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Wed, 27 Aug 2003 20:49:08 -0400
--On Wednesday, August 27, 2003 8:44 AM -0400 Rick Murphy
<rmurphy@mitretek.org> wrote:
> Again, why? The proxy should be slurping up bits from the client and
> passing them up to the server (and vice-versa). The underlying IP stack
> handles PMTUd. There's no reason for the proxy to need to know that the
> PMTUd is taking place. (Or for the client to need to know, for that
> matter.)
Bzzzzt. Not if you enable transparent (or other) proxying which maintains
the original source address (as was specified in the original example).
This is usually given as a requirement for web servers, or other services
that "need" to know who their clients are, and get unhappy when every
request is from their own firewall.
Of course, the definition of "proxy" becomes fuzzy. The same code that
rewrites the outbound connection to fake it's source address needs to
handle all relevant response packets, including (but not limited to) ICMP
Would Fragment. Call it part of the proxy or not, it still needs to work
correctly.
-- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- In reply to: Rick Murphy: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) serverside"
- Next in thread: Rick Murphy: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) serverside"
- Reply: Rick Murphy: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) serverside"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
