Date: Fri, 7 Jan 2000 08:45:29 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: freebsd-ipfw@freebsd.org Subject: Two-way transparency Message-ID: <Pine.BSF.3.96.1000107084136.38336E-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
Last night at the fug-washdc meeting, we discussed expansions to ipfw that might be useful--not doubt someone will post a summary soon. One of the issues I raised and am interested in is the ability to have userland proxies filter traffic in a completely transparent way -- i.e., two way transparency. Right now with NAT and divert sockets, fwds, etc, it's easy to do transparency from the perspective of a client application *making* a connection, but I'm not sure how to go about allowing the proxy to go about making an outgoing connection that appears to come from the client. There are a number of applications where this would be useful, including transparent local firewalls on multi-user machines, filtering incoming connections, firewalls for protocols that bind address information into their connections, etc. It would allow a userland proxy-based firewall (such as fwtk, etc) to look more like a traditional packet filter not running with NAT. Anyone have any thoughts on this? :-) Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1000107084136.38336E-100000>