From owner-freebsd-hackers  Wed Jul 23 22:42:57 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id WAA10279
          for hackers-outgoing; Wed, 23 Jul 1997 22:42:57 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA10270
          for <freebsd-hackers@FreeBSD.ORG>; Wed, 23 Jul 1997 22:42:51 -0700 (PDT)
Received: (from danny@localhost)
	by panda.hilink.com.au (8.8.5/8.8.5) id PAA01933;
	Thu, 24 Jul 1997 15:42:25 +1000 (EST)
Date: Thu, 24 Jul 1997 15:42:24 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Dan Janowski <danj@3skel.com>
cc: hackers <freebsd-hackers@FreeBSD.ORG>
Subject: Re: ipfw divert, transparent proxy
In-Reply-To: <33D6E265.46DEFC7@3skel.com>
Message-ID: <Pine.BSF.3.91.970724154016.869m-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Thu, 24 Jul 1997, Dan Janowski wrote:

> I am replacing an old TIS firewall that has one very
> interesting feature that I am looking to provide with my
> FreeBSD 2.2.2 box. It is this:
> 
> They use ipfs which has the capability of "transparently" doing
> packet re-rerouting and, thereby, proxy transparently.

It is a nice feature, and divert sockets is the way to do it in FreeBSD, 
but it has not been done yet.  <peter@clari.net.au> got half-way through 
a transparent http proxy using divert sockets, but did a tcpdump analysis 
of his customers' traffic and found that < 1% were not using the proxy, 
so he did not bother finishing the code (too busy on paying work).

Danny