From owner-freebsd-hackers  Tue Jun 30 20:39:00 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA12441
          for freebsd-hackers-outgoing; Tue, 30 Jun 1998 20:39:00 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from zeus.theinternet.com.au (akm@zeus.theinternet.com.au [203.34.176.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA12421
          for <hackers@freebsd.org>; Tue, 30 Jun 1998 20:38:53 -0700 (PDT)
          (envelope-from akm@zeus.theinternet.com.au)
Received: (from akm@localhost)
	by zeus.theinternet.com.au (8.8.7/8.8.7) id NAA06445
	for hackers@freebsd.org; Wed, 1 Jul 1998 13:34:08 GMT
	(envelope-from akm)
From: Andrew Kenneth Milton <akm@zeus.theinternet.com.au>
Message-Id: <199807011334.NAA06445@zeus.theinternet.com.au>
Subject: Re: hello (proxy redirect)
In-Reply-To: <Pine.BSF.3.95.980630184328.2001R-100000@current1.whistle.com> from Julian Elischer at "Jun 30, 98 07:14:08 pm"
To: hackers@FreeBSD.ORG
Date: Wed, 1 Jul 1998 13:34:08 +0000 (GMT)
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

+----[ Julian Elischer ]---------------------------------------------
| you need to use natd..
| 

Nah, you need the -current ipfw that does forwarding (or ipfilter I
believe although I haven't used this). You can get ipfw
patches from the mpd distribution if the patches aren't in -current yet.

I've never been able to get natd to do transparent proxying. If it
is possible using natd then someone who's done it should add it to
the handbook, so those places not running 2.2.6+ can use that instead
of the new ipfw (or send an email so it's in the archives).

Be aware though that transparent proxies will no longer be able
to give you stats broken down by hostnames or domains.

Because the browser will resolve hostname first, the proxy will
only ever receive IP addresses to fetch from. This might also
have an impact on IPless virtual hosting, although, it would
probably only affect those browsers that IPless virtual
hosting doesn't work for anyway.

On the surface this isn't that bad, however, if you receive
a price break on bandwidth for fetching from an upstream
proxy, their proxy will have things stored by domain name
not IP, so you will blow away any cost benefits of peered 
proxies.

If you don't want any benefits like domain based cache reporting
or don't get a price break on bandwidth for upstream 
proxies then this is probably for you.

You also cannot automatically proxy FTP requests in this way, since
browsers usually turn the ftp requests into HTTP requests when
using a proxy.

There is no such thing as a free lunch.

-- 
Totally Holistic Enterprises Internet|  P:+61 7 3870 0066   |  Andrew
The Internet (Aust) Pty Ltd          |  F:+61 7 3870 4477   |  Milton
ACN: 082 081 472                     |  M:+61 416 022 411   |72 Col .Sig
PO Box 403 Booval QLD Australia 4304 |akm@theinternet.com.au|Specialist

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message