From owner-freebsd-current  Wed Jun 10 11:13:41 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA04367
          for freebsd-current-outgoing; Wed, 10 Jun 1998 11:13:41 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from smtp02.primenet.com (daemon@smtp02.primenet.com [206.165.6.132])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA04322
          for <current@FreeBSD.ORG>; Wed, 10 Jun 1998 11:13:28 -0700 (PDT)
          (envelope-from tlambert@usr01.primenet.com)
Received: (from daemon@localhost)
	by smtp02.primenet.com (8.8.8/8.8.8) id LAA08027;
	Wed, 10 Jun 1998 11:13:08 -0700 (MST)
Received: from usr01.primenet.com(206.165.6.201)
 via SMTP by smtp02.primenet.com, id smtpd007984; Wed Jun 10 11:13:01 1998
Received: (from tlambert@localhost)
	by usr01.primenet.com (8.8.5/8.8.5) id LAA01532;
	Wed, 10 Jun 1998 11:12:49 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <199806101812.LAA01532@usr01.primenet.com>
Subject: Re: Annnonce: Transparent proxy patches
To: brandon@engulf.net (Brandon Lockhart)
Date: Wed, 10 Jun 1998 18:12:48 +0000 (GMT)
Cc: current@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.96.980610075944.27256B-100000@engulf.net> from "Brandon Lockhart" at Jun 10, 98 08:03:52 am
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> :> #gobble
> :> ipfw add 2 fwd localhost tcp from any to any 80 in
> :> 
> :> I believe Linux has had this for a short while..
> 
> Julian, you completely lost me here.  Is this to forward any incoming tcp
> connection to port 80 (http)?  If not, please explain what it would do.
> Also, can you give me a scenario where that would be useful?


1)	A client attempots connection through FreeBSD router to
	www.unitedmedia.com on port 80.

2)	The FreeBSD router redirects all queries to any host's port
	80 to connect to not the requested host, but to a transparent
	proxy program that has bound a different port on the router.

3)	The transparent proxy program writes the proxy information
	(basically, the real destination host and prefix) into the
	HTTP request, and then sends it to the original target.

4)	The original target is redirected to a different machine,
	running SQUID, or some ofther HTTP compliant proxy server.

The client gets a response from SQUID via the router, and thinks
it actually came from the machine it asked for the response from,
and not the cache.

The client doesn't have to configure a browser proxy.

If you have 50,000 clients, you don't have to configure 50,000
browser proxies.

The Mac "Surfwatch" program, which is a transparent cache with
prefetch, doesn't malfunction when you mandate the use of a proxy
in your corporate net.

You only download one copy of "Dilbert" a day, instead of one per
engineer.

Your T1 is happy again.  8-).


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message