From owner-freebsd-stable@FreeBSD.ORG Thu Apr 19 01:42:21 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 14F0D16A403 for ; Thu, 19 Apr 2007 01:42:21 +0000 (UTC) (envelope-from zen@tk-pttuntex.com) Received: from matrix.tk-pttuntex.com (matrix.tk-pttuntex.com [203.77.209.162]) by mx1.freebsd.org (Postfix) with ESMTP id 1976213C455 for ; Thu, 19 Apr 2007 01:42:19 +0000 (UTC) (envelope-from zen@tk-pttuntex.com) Received: from [172.64.14.3] (core.bps.co.id [202.57.0.93]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: zen) by matrix.tk-pttuntex.com (Postfix) with ESMTP id 7D07540B950; Thu, 19 Apr 2007 08:42:16 +0700 (WIT) Message-ID: <4626C9C4.8080109@tk-pttuntex.com> Date: Thu, 19 Apr 2007 08:45:40 +0700 From: zen User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Volker References: <46247471.9030503@tk-pttuntex.com> <200704172129.22275.sanya-spb@list.ru> <20070418095903.12432@caamora.com.au> <462575D4.2010801@tk-pttuntex.com> <4626094C.20207@vwsoft.com> <46260E3C.4090408@vwsoft.com> In-Reply-To: <46260E3C.4090408@vwsoft.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Adrian Chadd , freebsd-stable@freebsd.org Subject: Re: tproxy on freebsd X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Apr 2007 01:42:21 -0000 Volker wrote: >On 04/18/07 14:14, Adrian Chadd wrote: > > >>On 18/04/07, Volker wrote: >> >> >> >>>>but with that configuration, still the proxy ip address that visible >>>>when my client using the proxy. >>>> >>>> >>>Don't understand that sentence. What address is visible to whom? And >>>which address do you want to 'hide'? If you don't want to leak your >>>internal addresses to any outside webserver, this is a squid issue >>>and there should (?) be configuration options for squid. >>> >>> >>> >>He means fully transparent - ie, client thinks its talking to the >>server; server thinks its talking to the client; proxy server IP isn't >>visible to either. >> >> >> >>Adrian >> >> >> > >Adrian, > >thanks, I got it. > >Talking about real transparent proxy not just a transparent one... ;) > >Unfortunately I don't have a solution for that as I'm using mostly >NATed environments and it doesn't make sense to hand out private >address space to a web server. > > > well actualy is not private address, i work for small ISP and the proxy supose to be caching all our clients requests. and it supose to be that our clients ip is visible to the server, not our proxy. i wish FreeBSD have solutions for this, just hate to discovered the "weakness" of FreeBSD. and most of all i hate to switch to other OS. >Volker >_______________________________________________ >freebsd-stable@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-stable >To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > > TIA Zen