TCP Server sitting behind a proxy
Jeethu Rao
jeethur at sancharnet.in
Wed Feb 12 16:20:35 EST 2003
John,
That was a pretty hilarious and educative reply,
It is meant to run on the internet, so security
does matter. No, I don't plan to leave a C
compiler on the proxy machines. And yes, I'll be
writing the proxy app in C++ (Because it's quite
a lot simpler than the server, which is being
written in Python).
The main design goal is flexibility. It's got to work with
Or without a proxy
Client1
\
\
Client2--o--Proxy/Firewall---Internet---Server
/ /|
/ /
Client3 /
/
Client4------------------/
(Shamelessly copied your ASCII art)
I'm pretty certain that even batman will have a hard time
breaking 256 bit Rijndael encrypted data (wrapped with
a checksum and a packet header(to prevent data corruption)
I could just wrap the whole thing in SOCKS5 or something like that,
But I believe the proxy should be aware of the protocol. That
adds to the security in a lot of ways.
The protocol is TCP, so my solution is to have the initiator of the
connection send a packet at the beginning of every connection, with
the intended IP and the port of the machine being connected into.
Thnx,
Jeethu Rao
More information about the Python-list
mailing list