Re: [Fwbuilder-discussion] strange nat rules use with p3scan
Brought to you by:
mikehorn
From: Vadim K. <va...@vk...> - 2004-08-30 03:55:09
|
On Aug 29, 2004, at 1:51 PM, Cedric Foll wrote: > > It's not exactly the same thing. > The main difference is with HTTP you have the info about which server > you connect on the 7th network layer. > For example: > GET http://www.google.com HTTP/1.1 > You can use any poxy server on the internet, it should be able to find > the www server you try to connect to. > So iptables just have to make the redirection to the good proxy > host/port. > > With POP protocol you don't have this information. The proxy can't > know wich pop3 server you try to connect to. > So iptables has to redirect the user request to the proxy and after > join the right server. > this is true, but I do not see how iptables rules that you quoted can do that. Those rules redirect pop3 sessions established through the firewall to the proxy (rule 1), as well as sessions established _from_ the firewall itself (rule 2). Rule 3 says that pop3 connections initiated by user "mail" should not be redirected, these are sessions initiated by proxy. Just like in the case of http proxy, the firewall can't help proxy to figure out where should it connect to. > By the way I've tried the same rules as the squid one and it works > fine ... > Thank you for your help. > > Regards. |