First off, theres clearly programming work to be done. You need to
write code to handle this protocol. My first question would be can
you move some of that complexity off the firewall by modifying the
proprietary protocol? I'd still suggest using a real proxy to ensure
that all the packets look right.
As far as what code to base it on, you could consider using
plug (modulo licensing requirements). There are also a couple of tcp
redirectors in the hacker world which are small & modular. Also,
Freestone has bsrelay.
Adam
Steve Uurtamo wrote:
| In particular, I need to proxy a service that after
| making its first connection through the firewall will
| need to establish connections through exactly 2 future
| ports for the remainder of the service. These ports
| are in the "free zone" (>1024).
| Given that I can parse the packets well enough to figure out
| what those future ports are going to be (yes this is a proprietary
| service), what is a good place to start as far as writing my own
| proxy using the proxy source code on the CyberGuard. Should I
| be looking at the way FTP handles future connections for data?
--
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."
Vote Harry Browne for President. http://www.harrybrowne96.org
References:
|
|
