From owner-freebsd-stable  Tue Apr  7 18:18:29 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA08194
          for freebsd-stable-outgoing; Tue, 7 Apr 1998 18:18:29 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from pop.uniserve.com (pop.uniserve.com [204.244.156.3])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id SAA08145
          for <freebsd-stable@freebsd.org>; Tue, 7 Apr 1998 18:18:17 -0700 (PDT)
          (envelope-from tom@uniserve.com)
Received: from shell.uniserve.com [204.244.186.218] 
	by pop.uniserve.com with smtp (Exim 1.82 #4)
	id 0yMjUf-0001br-00; Tue, 7 Apr 1998 18:17:37 -0700
Date: Tue, 7 Apr 1998 18:17:34 -0700 (PDT)
From: Tom <tom@uniserve.com>
To: "Daniel O'Connor" <doconnor@gsoft.com.au>
cc: Ruslan Ermilov <ru@ucb.crimea.ua>, freebsd-stable@FreeBSD.ORG
Subject: Re: Simple IPFW question 
In-Reply-To: <199804080112.KAA22278@cain.gsoft.com.au>
Message-ID: <Pine.BSF.3.96.980407181334.29136D-100000@shell.uniserve.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk


On Wed, 8 Apr 1998, Daniel O'Connor wrote:

> 
> > > No, firewall won't do this. See natd(8).
> >   Is this actually possible with natd?  I don't think so.  natd seems to
> > be only capable a straightforward many-to-1 translation, not the fairly
> > specialized translation required to intercept HTTP, and translate it into
> > a proxy request.
> Hmm.. what happens if you set up squid in httpd acceleration mode? Then it 
> will accept ordinary httpd requests.. I don't know if it'll work tho :)

  In httpd acceleration mode, squid is designed to accelerate access to a
particular http server which you must define:

#       If you want to run squid as an httpd accelerator, define the
#       host name and port number where the real HTTP server is.


  natd needs a special mode for transparent http proxy.  Perhaps someone
has an enhanced one that does this already?

  I noticed that ipfilter has an transproxy add-on (see ports).  Now we
just need something for ipfw + natd.

> ---------------------------------------------------------------------
> |Daniel O'Connor software and network engineer for Genesis Software |
> |http://www.gsoft.com.au                                            |
> |The nice thing about standards is that there are so many of them to|
> |choose from. -- Andrew Tanenbaum                                   |
> ---------------------------------------------------------------------

Tom


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message