From owner-freebsd-current  Mon Dec 28 13:58:25 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA28401
          for freebsd-current-outgoing; Mon, 28 Dec 1998 13:58:25 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from ywing.creative.net.au (flannan.keble.ox.ac.uk [163.1.137.52])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA28385
          for <freebsd-current@freebsd.org>; Mon, 28 Dec 1998 13:58:18 -0800 (PST)
          (envelope-from adrian@ywing.creative.net.au)
Received: from ywing.creative.net.au (localhost.speedport.net [127.0.0.1] (may be forged))
          by ywing.creative.net.au (8.8.8/8.8.8) with ESMTP
	  id WAA01206 for <freebsd-current@freebsd.org>; Mon, 28 Dec 1998 22:57:37 +0100 (CET)
Message-Id: <199812282157.WAA01206@ywing.creative.net.au>
To: freebsd-current@FreeBSD.ORG
Subject: Re: IPFILTER/IPFW (was Re: wanton Atticizing is bad)
In-reply-to: Your message of "Mon, 28 Dec 1998 09:52:26 EST."
             <19981228095226.B1333@ns1.adsu.bellsouth.com> 
Date: Mon, 28 Dec 1998 22:57:33 +0100
From: Adrian Chadd <adrian@FreeBSD.ORG>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Christian Kuhtz writes:
>On Mon, Dec 28, 1998 at 08:54:56AM -0500, Matt Behrens wrote:
>> : > "transproxy - transparently proxy HTTP and other requests.
>> : > This program is used with Darren Reed's IPFILTER package and used
>> : > to intercept things like http requests and divert them to a www proxy server 
>> : > (eg: squid), without requiring user intervention or configuration."
>> 
>> : You can do that with natd.
>> 
>> You can create the same effect, but lose all of squid's extra
>> benefits like caching.  I have also noticed that ppp -alias (which
>> uses the same code as natd, AFAIR) fails to submit some forms
>> properly using Netscape on a Windows box (probably Netscape's
>> fault).  This bug might be long-gone though :)
>
>So, the feature you're really looking for is 'transparent redirection', 
>correct?  Very much like all the other (supposedly) 'layer 4 switching' widgets
>out there (e.g., Alteon, etc).
>
>'Transparent redirection' is disjoint from 'transparent proxy'.  You can have
>a 'transparent proxy' which does not do 'transparent redirection'.


You can do transparent redirection in -current . Take a look at the ipfw 
command 'fw', which lets you map a connection to another IP/port.

its the same as the linux transparent redirection, which squid supports
right. And yes, you can cache too with it. And yes, its a damn sight neater
than using natd :)

Just look at the squid FAQ on how to configure transparent redirection, there
might even be a section in there for FreeBSD w/ ipfw 'fw' if memory serves
right.


--
Adrian Chadd
<adrian@freebsd.org>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message