On Wednesday 06 November 2002 5:34 pm, Udo Rader wrote: > On Mon, 04 Nov 2002 21:36:10 +0000, Antony Stone wrote: > > On Monday 04 November 2002 3:40 pm, Udo Rader wrote: > >> > >> I would like to do the following thing: > >> > >> The firewall then ideally takes all connects from clients to port 1234, > >> looks for a "magic string" (using -m string) in the packages and based > >> upon the (non)existance of the string finally decides, which daemon to > >> forward the connect to. > > > > I think the answer is no, it cannot work (assuming you are talking about > > TCP ports and not UDP ports). > > > > Before a client can send the magic string you are looking for, it needs > > to have completed the TCP handshake of SYN - SYN/ACK - ACK, because it's > > only after that's done that any data gets transferred between the > > systems. > > I see your point. > > So am I right that the only way to achive this is by having some kind of > proxy dealing with this "magic-string"?? Yes, a proxy is the correct solution for this problem (and is nearly always the correct solution whenever someone thinks of using the --string match). Antony. -- Behind the counter a boy with a shaven head stared vacantly into space, a dozen spikes of microsoft protruding from the socket behind his ear. - William Gibson, Neuromancer (1984)
