redirect unauthorized users to a login page (natd as atransparent proxy)

[Vaclav Petricek]

> > > I was hoping proxy_only will do the trick but it does not seem to have
> > > any impact and the source address is changed anyway.
> > >
> > > A quick glance at the source did not help much to my understanding of the
> > > proxy_only option.
> > >
> > Confirmed as a bug.  The attached patch worked for me,
> > please test it.  You'll have to recompile and reinstall
> > libalias(3), then recompile and reinstall natd(8) with
> > new library.
> >
> I was too fast.  This patch doesn't work well.  It works
> in a sense that it doesn't modify source IP address of
> the proxied packets, but it doesn't work in a sense that
> reply packets do not undergo de-aliasing.  The attached
> patch is verified to work.  Please test it instead.

The patch works. Thank you very much. I attach my attempt on a patch that
should make it possible to ommit the alias_address and interface options
in case proxy_only is specified. IMHO in that situation these options are
not used and should not be required by natd..

Thank you for any comments on the diff (especially style).

Should I fire a PR?

Best regards,

Vaclav
-------------- next part --------------
--- natd.c.orig	Tue Jun 10 11:11:28 2003
+++ natd.c	Tue Jun 10 11:35:59 2003
@@ -131,6 +131,7 @@
 	struct sockaddr_in	addr;
 	fd_set			readMask;
 	int			fdMax;
+	int			proxy_only;
 /* 
  * Initialize packet aliasing software.
  * Done already here to be able to alter option bits
@@ -170,7 +171,9 @@
 /*
  * Check that valid aliasing address has been given.
  */
-	if (aliasAddr.s_addr == INADDR_NONE && ifName == NULL)
+
+	proxy_only = (PacketAliasSetMode(0,0) & PKT_ALIAS_PROXY_ONLY);
+	if (aliasAddr.s_addr == INADDR_NONE && ifName == NULL && !proxy_only)
 		errx (1, "aliasing address not given");
 
 	if (aliasAddr.s_addr != INADDR_NONE && ifName != NULL)