Hello Danilo,
You're going to have a couple of problems with what you're trying to do;
- proxy authentication will not work when browsers are
tricked into transparent proxying (the browser doesn't
like proxy errors when it knows of no proxies).
- I'm going to assume that PC1 is NATd or restrictively filtered
behind the gateway(s)/Linux box; there are special network
helpers in the netfilter project (http://www.netfilter.org/) that
are required for some of these interactive protocols. I believe
you will need;
- H323 NAT+Helper Module to enable Netmeeting (it exists
and is used by many people).
- MSN NAT+Helper Module to enable the MSN client (it does
not exist, that I am aware of).
Your current distribution should already have IPTABLES support which
includes an H323 module. You should have appropriate man pages in
that OS.
See also the NetFilter Extensions HowTo;
http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-5.html#ss5.3
See also the NetFilter FAQ;
http://www.netfilter.org/documentation/FAQ/netfilter-faq.html
See also the NetFilter User Mailling List;
http://www.netfilter.org/contact.html#list
Regards,
----- Original Message -----
>From: "danilo lujambio" <danilo@tau.org.ar>
>To: <linux-net@vger.kernel.org>
>Subject: proxy help
>Date: Mon, 07 Jul 2003 10:50:04 -0300
>
>
> Hi:
>
> I am working in a scope plenty of MS windows, we have the oportunity to
> start to replace some of them by linux.
>
> We need to solve this problem :
>
>
>
>
> PC 1 default
> MS win --------- gw ----------- gateway
> PC1 |
> |
> |
> Linux
> BOX
> |
> | ip public
> ---------------
> INTERNET
>
> in the linux box we have a proxy squid , it authenticate against PDC (
> MS win NT) , everything works OK (with samba , winbindd ) . An user from
> PC1 can acced to internet using Linux as a proxy and authenticating
> itsel against PDC.
>
> But the user in PC1 wants to use MSN and netmeeting :-)
>
> I tryed to configure netmeeting to use HTTP proxy pointing to Linux Box
> and in the linux box put
>
> /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 1863 -j
> REDIRECT --to-port 3128
>
> when the user run MSN , it ask userid and password (this does not happen
> when it uses a browser because it is authenticated directly against the
> PDC) , when the user introduce de userid and password , the squid give
> tcp denied , and the user can not connect.
>
> Surely I am doing some mistake , can anybody help me , or can anybody point to me
references
> sites or docs that can help me ?
>
>
> thanks
>
> dl
> Argentina
>
> -
> : send the line "unsubscribe linux-net" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
Ian Latter
Internet and Networking Security Officer
Macquarie University
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
