Date: Sat, 12 Mar 2005 12:22:09 +0000 From: Antony T Curtis <antony.t.curtis@ntlworld.com> To: Antal Rutz <arutz@mimoza.pantel.net> Cc: current@freebsd.org Subject: Re: Transparent proxy feature? Message-ID: <1110630129.77713.3.camel@pcgem.rdg.cyberkinetica.com> In-Reply-To: <42321F57.9060708@elischer.org> References: <20050311223413.GA5126@mimoza.pantel.net> <42321E4F.9020904@elischer.org> <42321F57.9060708@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2005-03-11 at 14:44 -0800, Julian Elischer wrote:
> responding to myself to add more..
>
> Julian Elischer wrote:
> > Antal Rutz wrote:
> >
> >> Hi,
> >>
> >> Nowadays I have to use a special firewall software ('zorp') but
> >> unfortunately it only runs on linux. the reason is that only linux
> >> has the feature (transparent proxying) to listen on/send packets
> >> (sourcing)
> >> from other IP addresses than the machine has. (maybe with an extra kmod)
<snip>
> The proxy software need only do a getsockname() to get the sockaddr to use
> for the forward connection.
>
> The ipfw rules need to be set so that the outgoing forward connection by
> the
> proxy is not also captured :-)
Isn't the following option also required?
option IPFIREWALL_FORWARD
--
Antony T Curtis, BSc. UNIX, Linux, *BSD, Networking
antony.t.curtis@ntlworld.com C++, J2EE, Perl, MySQL, Apache
IT Consultancy.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1110630129.77713.3.camel>