Re: Application level proxy for POP3/SMTP protocol



I am no iptables expert but I know that OpenBSD pf can do this kind of
filtering. Knowing the competition between the two groups, it is most
likely possible. You will just write a redirect with dns enabled on the
ruleset.

Nick

On Thu, 2006-06-01 at 15:36 +0800, zHihaO wrote:
Hi all,

I'm in a sticky situation now because of the filtering of internet
traffic out from China. Our users in china have got alot of problems
connecting to our servers here to pop their emails and as a result, we
have to get a server up in a datacentre in china and setup ssh port
forwarding on the server in china. Here is the flow :

chinese users --> china server (high port. eg: 10000 depending on which
local server they are connecting to) --> ssh tunnel --> local server
(POP3 port)

The users in china will connect to our china server like this :
china.mail.domain.com:50000. Port 50000 is actually an ssh tunnel to our
local servers on port 110 here.

Problem is we do have a hugh number of servers and it will be hard to
keep track of the big number of ssh tunnels/ports opened up from china
to our local servers. Any of you know of any good application level
proxy that will redirect users based on the result of their dns records?
For example, users connecting to the china server running this proxy
will be redirected based on the IP address returned when the proxy do a
dig on mail.domain.com or mail2.domain.com and redirect them promptly to
port 110 of either mail.domain.com or mail2.domain.com depending on the
dig result being returned.

Any help will be greatly appreciated..!!!

-zhihao



Relevant Pages

  • Re: Application level proxy for POP3/SMTP protocol
    ... Our users in china have got alot of problems ... have to get a server up in a datacentre in china and setup ssh port ... local servers on port 110 here. ... proxy that will redirect users based on the result of their dns records? ...
    (Focus-Linux)
  • Re: Site to Site VPN w/DHCP
    ... do this natively with some PIXs: ... I'm working on getting the VPN going but just having one problem. ... and download "Servers Alive." ... one site in USA one in China. ...
    (comp.dcom.vpn)
  • Re: smtp proxy that takes in smtp auth?
    ... smtp proxy that takes in smtp auth? ... we have got a lot of clients in china who have problems connecting to ... from china is being filtered by the government over there. ... proxy between the users there and the servers here since datacentre to ...
    (Focus-Linux)
  • Re: Application level proxy for POP3/SMTP protocol
    ... A way for this solution is iptables, you can do the PAT concept, (port ... You will just write a redirect with dns enabled on the ... Our users in china have got alot of problems ... local servers on port 110 here. ...
    (Focus-Linux)
  • Re: Application level proxy for POP3/SMTP protocol
    ... Our users in china have got alot of problems connecting to our servers here to pop their emails and as a result, we have to get a server up in a datacentre in china and setup ssh port forwarding on the server in china. ... Any of you know of any good application level proxy that will redirect users based on the result of their dns records? ...
    (Focus-Linux)