Date: Thu, 7 Jan 1999 16:09:26 +0100 From: "Jeroen C. van Gelderen" <gelderen@mediaport.org> To: <freebsd-hackers@FreeBSD.ORG> Cc: "Konference o transparentni proxy" <tpc-l@freebsd.cz> Subject: Re: Specifying local IP in connect() Message-ID: <013a01be3a4f$b77b6fa0$1400000a@deskfix.local>
next in thread | raw e-mail | index | archive | help
From: Milan Kopacka <mkop5230@ss1000.ms.mff.cuni.cz> >The second thing I need to do is to allow incoming packets for these >connections to be received and add some "goto ours" to ip_input() kernel >routine. "Local" IP's which have not yet anything to do with our machine >must not be forgotten. :) > >So the application has now a way to act like IP a.b.c.d while still >being able to communicate with machine a.b.c.d. > >Now I see I have to explain our project goal. The project consists of >implementing a fully transparent www proxy cache. Such a thing needs to >catch connections going to www servers like proxy server. It also needs >to initiate connections to www servers under the client IP adress. >This can't be done without help of a router. > >Think about a situation like that. > > (client machines) > | > | > ( router)----(transparent proxy) > | > | > (WWW servers) > >Situation: client initiates the connection, router redirects it to proxy, >proxy (acting like client) opens connection to WWW server and makes the >rest of caching work. Proxy needs to communicate with both the servers >under client's IP and with client under server's IP. > >However, this is impossible without the change (or improvement :) of >TCP/IP on proxy machine, like that above. Is the set of WWW-servers you need to proxy for know in advance? If not, you have a problem: if someone requests a page @ 130.89.1.2, your proxy needs to bind to that address, but your proxy doesn't know that yet... I think it's better to run a modified router. You can easily implement your requested functionality trough a modified version of the natd daemon (i'll call it proxyd) so that you won't need any kernel changes. For the proxy you can use anything, an unmodified Squid or any other well-behaved proxy. If proxyd receives a HTTP request from a client, it forwards the request to the cache. The request forwarded is slightly modified to include the IP-address from the client in the HTTP-headers. If the cache has the object cahced it simply returns the object. Otherwise it sends out a request to the appropriate webserver. The request will contain the header-with-IP you added in the previous step. The proxyd will extract the IP-address from the request and impersonate appropriately. HTH, Cheers, Jeroen -- Jeroen C. van Gelderen -- gelderen@mediaport.org -- &[8-D}~<= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?013a01be3a4f$b77b6fa0$1400000a>