Date: Sat, 12 Mar 2005 12:22:09 +0000 From: Antony T Curtis <antony.t.curtis@ntlworld.com> To: Antal Rutz <arutz@mimoza.pantel.net> Cc: current@freebsd.org Subject: Re: Transparent proxy feature? Message-ID: <1110630129.77713.3.camel@pcgem.rdg.cyberkinetica.com> In-Reply-To: <42321F57.9060708@elischer.org> References: <20050311223413.GA5126@mimoza.pantel.net> <42321E4F.9020904@elischer.org> <42321F57.9060708@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2005-03-11 at 14:44 -0800, Julian Elischer wrote: > responding to myself to add more.. > > Julian Elischer wrote: > > Antal Rutz wrote: > > > >> Hi, > >> > >> Nowadays I have to use a special firewall software ('zorp') but > >> unfortunately it only runs on linux. the reason is that only linux > >> has the feature (transparent proxying) to listen on/send packets > >> (sourcing) > >> from other IP addresses than the machine has. (maybe with an extra kmod) <snip> > The proxy software need only do a getsockname() to get the sockaddr to use > for the forward connection. > > The ipfw rules need to be set so that the outgoing forward connection by > the > proxy is not also captured :-) Isn't the following option also required? option IPFIREWALL_FORWARD -- Antony T Curtis, BSc. UNIX, Linux, *BSD, Networking antony.t.curtis@ntlworld.com C++, J2EE, Perl, MySQL, Apache IT Consultancy.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1110630129.77713.3.camel>