From owner-freebsd-questions@FreeBSD.ORG Tue Jan 6 19:40:19 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72A9B106564A for ; Tue, 6 Jan 2009 19:40:19 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from mail.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 417E48FC14 for ; Tue, 6 Jan 2009 19:40:19 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (mail.rachie.is-a-geek.net [192.168.2.101]) by mail.rachie.is-a-geek.net (Postfix) with ESMTP id ACF8AAFC1FF; Tue, 6 Jan 2009 10:40:18 -0900 (AKST) From: Mel To: freebsd-questions@freebsd.org Date: Tue, 6 Jan 2009 10:40:18 -0900 User-Agent: KMail/1.9.10 References: <200901061649.25762.naylor.b.david@gmail.com> <200901060801.54425.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200901061040.18483.fbsd.questions@rachie.is-a-geek.net> Cc: David Naylor Subject: Re: Transparent SOCKS proxy (server side)? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jan 2009 19:40:20 -0000 On Tuesday 06 January 2009 10:07:17 David Naylor wrote: > 2009/1/6 Mel : > > On Tuesday 06 January 2009 05:49:22 David Naylor wrote: > >> Hi, > >> > >> My ISP's NAT, unfortunately, does not work more than it does. This is a > >> problem as I need to provide 'direct' internet access for the computers > >> inside my network. > >> > >> I would like to set up a transparent SOCKS proxy (similar to transparent > >> HTTP proxy, aka squid) on the server. Does anyone know how to do this > >> (and which ports to use)? This needs to be a server side solution since > >> I am unable to implement this on the clients... > > > > http://www.freshports.org/net/dante/ > > As far as I know dante can only be made "transparent" with the use of > client side software (such as the libsocks.so libraries under *nix) and not > from the server side (i.e. tunneling the traffic through a SOCKS proxy). > The way I think of > it is similar to NAT (in the capturing of traffic)? > > Or am I missing something? In pf terms: rdr traffic, or use something like this: http://bayxao.wordpress.com/2007/03/18/transparent-socks-proxy-client/ -- Mel Problem with today's modular software: they start with the modules and never get to the software part.