From owner-freebsd-hackers Wed Oct 10 13: 0: 7 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from host4.rpi.wulimasters.net (host4.rpi.wulimasters.net [128.113.36.114]) by hub.freebsd.org (Postfix) with ESMTP id D176A37B406 for ; Wed, 10 Oct 2001 13:00:03 -0700 (PDT) Received: (qmail 94856 invoked by uid 89); 10 Oct 2001 20:00:07 -0000 Message-ID: <20011010200007.94855.qmail@host4.rpi.wulimasters.net> From: "Alex Newman" To: freebsd-hackers@freebsd.org Subject: NATD+SSL Date: Wed, 10 Oct 2001 20:00:07 GMT Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ok I know this sounds wacky, but I will try justify why i think it is usefull. If someone can think of a better way to achieve goals 1-3 or if they are silly goals please tell me. How easy would it be to implement ssl in the redirection part of natd. Some reasons why this is better than sslwrap/stunnel/sslproxy: 1) say you had a packet coming in on port 443 ->application->80->thttpd thttpd would see everything coming from localhost 2) It would allow you to more efficently have ssl proxy boxes infront of an array of webservers. This is useful if you had for instance a hardware crypto card in the ssl proxy. Currently the only decent way I know to do this today is with linux+stunnel since it has transparent proxy support. 3) Since these programs always are doing a redirect anyways it seems silly not to use natd for the redirction part of the process. Alex Newman www.wulimasters.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message