Some toughts about Proxy/Firewalls

Luis H. Camargo (lacho@firstclass.ca)
Tue, 9 Dec 1997 11:40:50 -0800


Hello,

I'm sorry if some of this has been discussed before, but its not in the l=
ist
archives. As you all know cu doesn't like proxys or firewalls that do
address translation. What I *think* is happening is this: when cu launche=
s
it gets its IP address using winsock calls, but the address it gets is th=
e
internal address. This shouldn't be a problem because the proxy/firewall
translates this address in the header of each IP packet to an external
routeable one. The problem (again I *think*) is that cu is also sending t=
he
IP address in the data portion of the packets, which of course cannot be
manipulated by the proxy/firewall. This address is the being used somewhe=
re
else (i.e. the reflector), but because it isn't routeable, the packets wi=
ll
never make their way back.

If I'm right and this is monitored by cornell or wp I would like to make =
a
petition: let us override the IP address that cu gets when launched. This
way we can give our external address to cu in advance. I realize that
getting the external IP is not always easy (i.e. if you have a pool of
dynamic IP addresses) but at least is something we can control. There are
not security issues involved because you cannot use an arbitrary address =
or
the packets will end up somewhere else :), and you already have the cu po=
rts
open anyway.

Meanwhile I have another idea (Tip: this would make a great holidays proj=
ect
:): force winsock to return the external address. Here's how: rename
winsock.dll and build a new winsock.dll with all the entry points require=
d
by winsock. Forward all calls to the old winsock.dll so it actually does =
all
the work. When cu tries to get its IP address, return the external addres=
s
instead of doing the normal winsock call.
Of course there isn't a winsock call to get your own IP, so it will be a
sequence of calls and winsock doesn't know how's making the call but ther=
e
is a simple solution for both:
Log the calls to see how is cu finding its address (usually
gethostname(),gethostbyname() and then inet_ntoa). Once you find out the
sequence you'll know where to do the trick :).
To know if this is cu ? The easiest is to make sure that cu is always the
first winsock app to launch :). A more elegant solution would be to find =
out
if cu is present everytime a new WSAStartup() call is made.

I'll be on vacations until January but I'll make a freeware version when =
I
come back if nobody has done it (I=92m lazy, so please do it and send it =
to
me, hehe).

--
TPlast