From owner-freebsd-current Wed Jun 10 00:30:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA16855 for freebsd-current-outgoing; Wed, 10 Jun 1998 00:30:45 -0700 (PDT) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from sasami.jurai.net (winter@sasami.jurai.net [207.153.65.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA16818 for ; Wed, 10 Jun 1998 00:30:32 -0700 (PDT) (envelope-from winter@jurai.net) Received: from localhost (winter@localhost) by sasami.jurai.net (8.8.8/8.8.7) with SMTP id DAA06321; Wed, 10 Jun 1998 03:30:21 -0400 (EDT) Date: Wed, 10 Jun 1998 03:30:21 -0400 (EDT) From: "Matthew N. Dodd" To: Julian Elischer cc: current@FreeBSD.ORG Subject: Re: Annnonce: Transparent proxy patches In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "Sweet." On Tue, 9 Jun 1998, Julian Elischer wrote: > > Chrisy Luke posted a mixed set of patches > recently that added the ability to do transparent proxying > to FreeBSD, however there were several shortcomings. > 1/ In particular you really needed 2 machines or to match 2 different > rules to be able to do some redirections. > > 2/ They were part of his 'multipath' patches. > > I have separated them out and updted them for -current. > I have also put in some code to allow local redirection of outgoing > packets. > > they allow you to do: > > ipfw add 2 fwd localhost,4000 tcp from any to any 80 out xmit tun0 recv > ed0 > > which would redirect any out going internet http requests from your > local network to your local web cache (squid?) at port 4000 > > or even > > ipfw add 2 fwd localhost tcp from any to any in recv ed0 > > Which will 'capture' all packets coming through that machine from ed0 and > redirect them to the same port on the local machine. This would allow you > to feed connections to a whole pile of proxies and filters with a single > firewall rule. > > for fun: > > ipfw add 2 fwd localhost,25 tcp from any to any 23 in recv ed0 > > which will redirect all the telnet sessions to smtp :-) > > alternatively you could redirect all outgoing http requests to a special > cache machine ("squid").. > > #squid can get anywhere.. > ipfw add 1 allow tcp from squid to any 80 > #everyone else goes via squid > ipfw add 2 fwd squid,80 tcp from any to any 80 out xmit tun0 recv ed0 > > > of course machine squid needs a local redirect to capture the requests.. > > #gobble > ipfw add 2 fwd localhost tcp from any to any 80 in > > I believe Linux has had this for a short while.. > > The patches for this are at: > http://www.freebsd.org/~julian > > looking for feedback.. > > > julian > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message > /* Matthew N. Dodd | A memory retaining a love you had for life winter@jurai.net | As cruel as it seems nothing ever seems to http://www.jurai.net/~winter | go right - FLA M 3.1:53 */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message