Some toughts about Proxy/Firewalls

Luis H. Camargo (
Tue, 9 Dec 1997 11:40:50 -0800


I'm sorry if some of this has been discussed before, but its not in the l=
archives. As you all know cu doesn't like proxys or firewalls that do
address translation. What I *think* is happening is this: when cu launche=
it gets its IP address using winsock calls, but the address it gets is th=
internal address. This shouldn't be a problem because the proxy/firewall
translates this address in the header of each IP packet to an external
routeable one. The problem (again I *think*) is that cu is also sending t=
IP address in the data portion of the packets, which of course cannot be
manipulated by the proxy/firewall. This address is the being used somewhe=
else (i.e. the reflector), but because it isn't routeable, the packets wi=
never make their way back.

If I'm right and this is monitored by cornell or wp I would like to make =
petition: let us override the IP address that cu gets when launched. This
way we can give our external address to cu in advance. I realize that
getting the external IP is not always easy (i.e. if you have a pool of
dynamic IP addresses) but at least is something we can control. There are
not security issues involved because you cannot use an arbitrary address =
the packets will end up somewhere else :), and you already have the cu po=
open anyway.

Meanwhile I have another idea (Tip: this would make a great holidays proj=
:): force winsock to return the external address. Here's how: rename
winsock.dll and build a new winsock.dll with all the entry points require=
by winsock. Forward all calls to the old winsock.dll so it actually does =
the work. When cu tries to get its IP address, return the external addres=
instead of doing the normal winsock call.
Of course there isn't a winsock call to get your own IP, so it will be a
sequence of calls and winsock doesn't know how's making the call but ther=
is a simple solution for both:
Log the calls to see how is cu finding its address (usually
gethostname(),gethostbyname() and then inet_ntoa). Once you find out the
sequence you'll know where to do the trick :).
To know if this is cu ? The easiest is to make sure that cu is always the
first winsock app to launch :). A more elegant solution would be to find =
if cu is present everytime a new WSAStartup() call is made.

I'll be on vacations until January but I'll make a freeware version when =
come back if nobody has done it (I=92m lazy, so please do it and send it =
me, hehe).