Date: Sat, 26 Jul 1997 12:32:31 -0700 (PDT) From: FreeBSD Technical Reader <kernel@acromail.ml.org> To: "Daniel O'Callaghan" <danny@panda.hilink.com.au> Cc: Dan Janowski <danj@3skel.com>, hackers <freebsd-hackers@FreeBSD.ORG> Subject: Re: ipfw divert, transparent proxy Message-ID: <Pine.BSF.3.96.970726123020.9794C-100000@acromail.ml.org> In-Reply-To: <Pine.BSF.3.91.970724154016.869m-100000@panda.hilink.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
I know I could be banned for life for saying this --- but you could also use a linux machine and the ipmasquerading built into the kernel for doing this, there are no equivalent features in FreeBSD and it works much better than natd (Ipmasquerading is one of the things i miss from linux). Please forgive me for this sin. On Thu, 24 Jul 1997, Daniel O'Callaghan wrote: > On Thu, 24 Jul 1997, Dan Janowski wrote: > > > I am replacing an old TIS firewall that has one very > > interesting feature that I am looking to provide with my > > FreeBSD 2.2.2 box. It is this: > > > > They use ipfs which has the capability of "transparently" doing > > packet re-rerouting and, thereby, proxy transparently. > > It is a nice feature, and divert sockets is the way to do it in FreeBSD, > but it has not been done yet. <peter@clari.net.au> got half-way through > a transparent http proxy using divert sockets, but did a tcpdump analysis > of his customers' traffic and found that < 1% were not using the proxy, > so he did not bother finishing the code (too busy on paying work). > > Danny >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970726123020.9794C-100000>