From owner-freebsd-stable@FreeBSD.ORG  Wed Apr 18 12:25:59 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id EF9D816A403
	for <freebsd-stable@freebsd.org>; Wed, 18 Apr 2007 12:25:59 +0000 (UTC)
	(envelope-from volker@vwsoft.com)
Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103])
	by mx1.freebsd.org (Postfix) with ESMTP id AF68613C45A
	for <freebsd-stable@freebsd.org>; Wed, 18 Apr 2007 12:25:59 +0000 (UTC)
	(envelope-from volker@vwsoft.com)
Received: from mail.vtec.ipme.de (Q7dc1.q.ppp-pool.de [89.53.125.193])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by frontmail.ipactive.de (Postfix) with ESMTP id C66C1128829;
	Wed, 18 Apr 2007 14:25:52 +0200 (CEST)
Received: from [192.168.16.3] (cesar.sz.vwsoft.com [192.168.16.3])
	by mail.vtec.ipme.de (Postfix) with ESMTP id A00963F9E1;
	Wed, 18 Apr 2007 14:25:25 +0200 (CEST)
Message-ID: <46260E3C.4090408@vwsoft.com>
Date: Wed, 18 Apr 2007 14:25:32 +0200
From: Volker <volker@vwsoft.com>
User-Agent: Thunderbird 1.5.0.10 (X11/20070306)
MIME-Version: 1.0
To: Adrian Chadd <adrian@freebsd.org>
References: <46247471.9030503@tk-pttuntex.com>	
	<200704172129.22275.sanya-spb@list.ru>	
	<20070418095903.12432@caamora.com.au>	
	<462575D4.2010801@tk-pttuntex.com> <4626094C.20207@vwsoft.com>
	<d763ac660704180514w3fc0ed98nff7f4d57a8dca9b1@mail.gmail.com>
In-Reply-To: <d763ac660704180514w3fc0ed98nff7f4d57a8dca9b1@mail.gmail.com>
X-Enigmail-Version: 0.94.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-VWSoft-MailScanner: Found to be clean
X-MailScanner-From: volker@vwsoft.com
X-ipactive-MailScanner-Information: Please contact the ISP for more information
X-ipactive-MailScanner: Found to be clean
X-ipactive-MailScanner-From: volker@vwsoft.com
Cc: freebsd-stable@freebsd.org
Subject: Re: tproxy on freebsd
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2007 12:26:00 -0000

On 04/18/07 14:14, Adrian Chadd wrote:
> On 18/04/07, Volker <volker@vwsoft.com> wrote:
> 
>> > but with that configuration, still the proxy ip address that visible
>> > when my client using the proxy.
>>
>> Don't understand that sentence. What address is visible to whom? And
>> which address do you want to 'hide'? If you don't want to leak your
>> internal addresses to any outside webserver, this is a squid issue
>> and there should (?) be configuration options for squid.
>>
> 
> He means fully transparent - ie, client thinks its talking to the
> server; server thinks its talking to the client; proxy server IP isn't
> visible to either.
> 
> 
> 
> Adrian
> 

Adrian,

thanks, I got it.

Talking about real transparent proxy not just a transparent one... ;)

Unfortunately I don't have a solution for that as I'm using mostly
NATed environments and it doesn't make sense to hand out private
address space to a web server.

Volker