Date: Tue, 20 Jul 1999 10:56:21 +0200 From: Pavol Adamec <palo.adamec@tecton.sk> To: "freebsd-net@FreeBSD.ORG" <freebsd-net@FreeBSD.ORG> Subject: RE: Tcp shadowing for use in HTTP proxy Message-ID: <01BED29E.810C5F50.palo.adamec@tecton.sk>
next in thread | raw e-mail | index | archive | help
I'm sorry but I think that the use of such a shadow interface would be very very limited. The main restriction is that a client PC sits on an isolated LAN connected to the world through exactly one router. The router is also doing the job of a proxy. I think that in such a case the router in many cases also applies NAT to the trafic, so the client's IP is changed anyway. Another point is that any misguided application or misguided configuration of an application could bind to any IP without an error message. As for me - I've already done such a mistake, especially when configuring a just installed application (wrong bind IP for squid, for example). It would be interesting to know the real purpose that led to the idea. Why is it so important for the server to see client's real IP or why is it so important for the proxy to have the server see client's real IP. Pavol Adamec > On Tue, 20 Jul 1999, Alex Rousskov wrote: > >> How do you solve a problem of server response packets being routed to the >> real client instead of the proxy? Are you assuming that there is only one >> way to get from the server to the real client, and that path always goes >> through your proxy? Just curious... > >Yes, proxy must get all of the response packets. It is a limitation, but >unavoidable, I'm afraid. > > Milan Kopacka To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01BED29E.810C5F50.palo.adamec>