From owner-freebsd-hackers Thu Jan 30 13:56:02 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA04328 for hackers-outgoing; Thu, 30 Jan 1997 13:56:02 -0800 (PST) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA04296 for ; Thu, 30 Jan 1997 13:55:57 -0800 (PST) Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id IAA05419; Fri, 31 Jan 1997 08:55:36 +1100 (EST) Date: Fri, 31 Jan 1997 08:55:35 +1100 (EST) From: "Daniel O'Callaghan" To: Eivind Eklund cc: Warner Losh , hackers@FreeBSD.ORG Subject: Transparent proxies (was Re: ipdivert & masqd) In-Reply-To: <3.0.32.19970130190212.00b22780@dimaga.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Thu, 30 Jan 1997, Eivind Eklund wrote: > At 08:04 AM 1/30/97 -0700, you wrote: > I'm thinking about doing transparent proxying for the protocols, but I want > to see how well the packet-patching version run first. As it is, it is > (hopefully) right in 99% of the cases, and it scales well. If I get > reports of real-life problems I'll make it a priority to make proxies, but > not before. Here's a problem which requires transparent proxies for a data stream, not packet-patching: Transparent capture of all HTTP requests on port 80 and diversion to a www-proxy server. e.g. Client Sends "NAT" WWW-Proxy receives 10.2.3.4 10.2.3.1 10.2.3.55 10.2.3.4-> 5.6.7.8:80 ================> 10.2.3.1->10.2.3.55 GET / HTTP/1.0 GET http://5.6.7.8:80/ HTTP/1.0 Darren Reed's ipfilter does this with the 'redirect' keyword and some trickery in the receiving process. The example given is for the ftwk's ftp-gw program (from ftp.tis.com). The userland process finds its true destination by calling an IOCTL for the kernel NAT code. regards, Danny