locked
WFP Local Proxy RRS feed

  • Question

  • Hello  I would like to know how to configure WFP to allow for proxying a TCP connection back to the stack.  I am assuming that I need to play with the interfaces, but I am not exactly sure how to do this?

    Here is what I want to do:

    Request sent from user space.  I want to conditionally (have IOCTL for setting rules) proxy the connection back to user space to a listening process.  I am using a TRANSPORT IN/OUT filter to allow me visiblity after IPSEC.

    I have working code to proxy to any external address, but when I try 127.0.0.1 or local IP of the machine It crashes.  What do I need to do to pull this off?

    Doug

     

     

    Monday, November 15, 2010 9:33 PM

Answers

  • For Vista, you need to clone, drop, and reinject in order to achieve the proxying behavior.  For the 127.0.0.1 address, you will need to translate this to an actual IP address of one of the local interfaces.

    As stated previously, for WIn7+ it is advised to use the FWPM_LAYER_ALE_CONNECT_REDIRECT_V{4 / 6}.

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Saturday, November 27, 2010 9:26 PM
    Moderator

All replies

  • Hello  I would like to know how to configure WFP to allow for proxying a TCP connection back to the stack.  I am assuming that I need to play with the interfaces, but I am not exactly sure how to do this?

    Here is what I want to do:

    Request sent from user space.  I want to conditionally (have IOCTL for setting rules) proxy the connection back to user space to a listening process.  I am using a TRANSPORT IN/OUT filter to allow me visiblity after IPSEC.

    I have working code to proxy to any external address, but when I try 127.0.0.1 or local IP of the machine It crashes.  What do I need to do to pull this off?

    Doug

     

     

    Monday, November 15, 2010 9:32 PM
  • On Windows 7, I am hooking the new layer FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 to redirect the connections to my local proxy.

    Refer to WDK help and look for "whats new in Win 7" section. read through till the end and you will find exact steps on how to use layer FWPM_LAYER_ALE_CONNECT_REDIRECT_V4.

     

    Still trying to figure out the right way for Vista.

     

    Saturday, November 27, 2010 8:58 AM
  • For Vista, you need to clone, drop, and reinject in order to achieve the proxying behavior.  For the 127.0.0.1 address, you will need to translate this to an actual IP address of one of the local interfaces.

    As stated previously, for WIn7+ it is advised to use the FWPM_LAYER_ALE_CONNECT_REDIRECT_V{4 / 6}.

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Saturday, November 27, 2010 9:26 PM
    Moderator