From owner-freebsd-current  Tue Dec 29 07:06:00 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA08174
          for freebsd-current-outgoing; Tue, 29 Dec 1998 07:06:00 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from ywing.creative.net.au (flannan.keble.ox.ac.uk [163.1.137.52])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA08153
          for <freebsd-current@freebsd.org>; Tue, 29 Dec 1998 07:05:58 -0800 (PST)
          (envelope-from adrian@ywing.creative.net.au)
Received: from ywing.creative.net.au (localhost.speedport.net [127.0.0.1] (may be forged))
          by ywing.creative.net.au (8.8.8/8.8.8) with ESMTP
	  id QAA03260 for <freebsd-current@freebsd.org>; Tue, 29 Dec 1998 16:05:09 +0100 (CET)
Message-Id: <199812291505.QAA03260@ywing.creative.net.au>
To: freebsd-current@FreeBSD.ORG
Subject: Re: Transproxy: IPFilter or IPFW (was RE:wanton atticizing ...) 
In-reply-to: Your message of "Tue, 29 Dec 1998 13:32:27 +0200."
             <Pine.BSF.4.02.9812291320310.24995-100000@NetSurfer.lp.lviv.ua> 
Date: Tue, 29 Dec 1998 16:05:05 +0100
From: Adrian Chadd <adrian@FreeBSD.ORG>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

pam@polynet.lviv.ua writes:
>Hi everybody,
>
>In the discussion about transparent proxy support everybody should
>remember about transparent support of other protocols besides HTTP. It is
>only use of Host headers, that gives Squid ability to do transparency
>without patching the source.
>
>Taking into consideration other protocols - Telnet, FTP, POP3, etc proxy
>needs to get information about connection destination and THAT is specific
>for redirection scheme. E.g IPFilter has a ioctl to get destination.
>
>I haven't seen any sample code for doing that under IPFW, should I use
>getsockname or what? 
>
>For me, it is extremely inconvinient to have two filtering solutions on
>FreeBSD each having some unique features - Luigi's Dummynet for IPFW and
>platform independence and supported by other applications like FWTK,
>transparent proxy support of IPFilter :-(

Erm, have you used the 'fw' hook yet?
It behaves the same as Linux's transparent redirection facility.

If you call getsockname() it will tell you where it was trying to connect
to. From there you can do all sorts of useful things.

IPFilter would be nice by default in a kernel *if* it was default with
linux and all the other *bsd derivatives out there. To my knowledge (putting
on flame proof bits here of course..) under those platforms you still
have to grab IPFilter and compile it, why should it be any different
in FreeBSD?

(Although again, I'm not sure whether all the other *BSDs use ipfilter
by default these days...)


Adrian

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message