From owner-freebsd-stable@FreeBSD.ORG Wed Apr 18 12:25:59 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EF9D816A403 for ; Wed, 18 Apr 2007 12:25:59 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id AF68613C45A for ; Wed, 18 Apr 2007 12:25:59 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (Q7dc1.q.ppp-pool.de [89.53.125.193]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id C66C1128829; Wed, 18 Apr 2007 14:25:52 +0200 (CEST) Received: from [192.168.16.3] (cesar.sz.vwsoft.com [192.168.16.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id A00963F9E1; Wed, 18 Apr 2007 14:25:25 +0200 (CEST) Message-ID: <46260E3C.4090408@vwsoft.com> Date: Wed, 18 Apr 2007 14:25:32 +0200 From: Volker User-Agent: Thunderbird 1.5.0.10 (X11/20070306) MIME-Version: 1.0 To: Adrian Chadd References: <46247471.9030503@tk-pttuntex.com> <200704172129.22275.sanya-spb@list.ru> <20070418095903.12432@caamora.com.au> <462575D4.2010801@tk-pttuntex.com> <4626094C.20207@vwsoft.com> In-Reply-To: X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: freebsd-stable@freebsd.org Subject: Re: tproxy on freebsd X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Apr 2007 12:26:00 -0000 On 04/18/07 14:14, Adrian Chadd wrote: > On 18/04/07, Volker wrote: > >> > but with that configuration, still the proxy ip address that visible >> > when my client using the proxy. >> >> Don't understand that sentence. What address is visible to whom? And >> which address do you want to 'hide'? If you don't want to leak your >> internal addresses to any outside webserver, this is a squid issue >> and there should (?) be configuration options for squid. >> > > He means fully transparent - ie, client thinks its talking to the > server; server thinks its talking to the client; proxy server IP isn't > visible to either. > > > > Adrian > Adrian, thanks, I got it. Talking about real transparent proxy not just a transparent one... ;) Unfortunately I don't have a solution for that as I'm using mostly NATed environments and it doesn't make sense to hand out private address space to a web server. Volker