From owner-freebsd-hackers Sat Jul 26 12:32:31 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id MAA15457 for hackers-outgoing; Sat, 26 Jul 1997 12:32:31 -0700 (PDT) Received: from acromail.ml.org (acroal.vip.best.com [206.86.222.181]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA15452 for ; Sat, 26 Jul 1997 12:32:28 -0700 (PDT) Received: from localhost (kernel@localhost) by acromail.ml.org (8.8.6/8.8.5) with SMTP id MAA09871; Sat, 26 Jul 1997 12:32:31 -0700 (PDT) Date: Sat, 26 Jul 1997 12:32:31 -0700 (PDT) From: FreeBSD Technical Reader To: "Daniel O'Callaghan" cc: Dan Janowski , hackers Subject: Re: ipfw divert, transparent proxy In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I know I could be banned for life for saying this --- but you could also use a linux machine and the ipmasquerading built into the kernel for doing this, there are no equivalent features in FreeBSD and it works much better than natd (Ipmasquerading is one of the things i miss from linux). Please forgive me for this sin. On Thu, 24 Jul 1997, Daniel O'Callaghan wrote: > On Thu, 24 Jul 1997, Dan Janowski wrote: > > > I am replacing an old TIS firewall that has one very > > interesting feature that I am looking to provide with my > > FreeBSD 2.2.2 box. It is this: > > > > They use ipfs which has the capability of "transparently" doing > > packet re-rerouting and, thereby, proxy transparently. > > It is a nice feature, and divert sockets is the way to do it in FreeBSD, > but it has not been done yet. got half-way through > a transparent http proxy using divert sockets, but did a tcpdump analysis > of his customers' traffic and found that < 1% were not using the proxy, > so he did not bother finishing the code (too busy on paying work). > > Danny >