From owner-freebsd-questions@FreeBSD.ORG Tue Jan 6 20:53:09 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE0F11065675 for ; Tue, 6 Jan 2009 20:53:09 +0000 (UTC) (envelope-from naylor.b.david@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.170]) by mx1.freebsd.org (Postfix) with ESMTP id 8D9148FC0C for ; Tue, 6 Jan 2009 20:53:09 +0000 (UTC) (envelope-from naylor.b.david@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so10631140wfg.7 for ; Tue, 06 Jan 2009 12:53:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=BXV3EDsdXoWkkYspzFJBtcEimiqT7gcLnrD5ZHEr0UE=; b=CH5qW75WVGfOk8H/+qJff3SRuBHjOQ21MQ4GgMiuYY/FiQ+wjjNMQFuZUTE/cGCxcc iJYY1kDdmmYbFZ9oIrapVzuR81q7N4tTBsOYg0Y5eETvZEvhDcnfD9mh33lVUOjs5xEk Qu6jIjsVjCWigOAWaP3cwDCDhYKi/KrqE4Of8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=hb5rROlV1XszakKlpkM69beGqMH9/AmySSydEkFcFnN5Njd8GM3yCphwC0jrNr9ZX8 NhfurwHXGNlyE2szPwGCPNe73LwEZRGilq0Ql8t5R4yn84g5FHvL5lpb5DtbaMQrF2Py /r7jQvCnBp0hCMcHktE3QayTwLvskP72LTNzk= Received: by 10.143.37.20 with SMTP id p20mr9316169wfj.109.1231275189115; Tue, 06 Jan 2009 12:53:09 -0800 (PST) Received: by 10.143.161.6 with HTTP; Tue, 6 Jan 2009 12:53:09 -0800 (PST) Message-ID: Date: Tue, 6 Jan 2009 22:53:09 +0200 From: "David Naylor" To: Mel In-Reply-To: <200901061040.18483.fbsd.questions@rachie.is-a-geek.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200901061649.25762.naylor.b.david@gmail.com> <200901060801.54425.fbsd.questions@rachie.is-a-geek.net> <200901061040.18483.fbsd.questions@rachie.is-a-geek.net> Cc: freebsd-questions@freebsd.org Subject: Re: Transparent SOCKS proxy (server side)? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jan 2009 20:53:10 -0000 2009/1/6 Mel : > On Tuesday 06 January 2009 10:07:17 David Naylor wrote: >> 2009/1/6 Mel : >> > On Tuesday 06 January 2009 05:49:22 David Naylor wrote: >> >> Hi, >> >> >> >> My ISP's NAT, unfortunately, does not work more than it does. This is a >> >> problem as I need to provide 'direct' internet access for the computers >> >> inside my network. >> >> >> >> I would like to set up a transparent SOCKS proxy (similar to transparent >> >> HTTP proxy, aka squid) on the server. Does anyone know how to do this >> >> (and which ports to use)? This needs to be a server side solution since >> >> I am unable to implement this on the clients... >> > >> > http://www.freshports.org/net/dante/ >> >> As far as I know dante can only be made "transparent" with the use of >> client side software (such as the libsocks.so libraries under *nix) and not >> from the server side (i.e. tunneling the traffic through a SOCKS proxy). >> The way I think of >> it is similar to NAT (in the capturing of traffic)? >> >> Or am I missing something? > > In pf terms: rdr traffic, or use something like this: > http://bayxao.wordpress.com/2007/03/18/transparent-socks-proxy-client/ The above link only talks about client side solutions. I could see how rdr (which I understand to be the same as NAT?) could work, except it needs to be redirected to a program that then routes the traffic through the socks server? I have not been able to find such a program (and the above socks clients only act as a wrapper for other programs?). Perhaps a simple program that gets the redirected incoming traffic [like squid does] but then just connects to the destination server (with a socks wrapper doing the routing through the socks server)??? Or just a socks based solution? David