From owner-freebsd-net  Tue Jul 20  1:57:10 1999
Delivered-To: freebsd-net@freebsd.org
Received: from arc.netlab.sk (arc.netlab.sk [195.168.1.2])
	by hub.freebsd.org (Postfix) with ESMTP id A5B1F152A5
	for <freebsd-net@FreeBSD.ORG>; Tue, 20 Jul 1999 01:56:54 -0700 (PDT)
	(envelope-from palo.adamec@tecton.sk)
Received: from wsadmin ([195.168.13.18])
	by arc.netlab.sk (8.9.3/8.9.3) with SMTP id KAA09069
	for <freebsd-net@FreeBSD.ORG>; Tue, 20 Jul 1999 10:55:26 +0200 (CEST)
Received: by localhost with Microsoft MAPI; Tue, 20 Jul 1999 10:56:22 +0200
Message-ID: <01BED29E.810C5F50.palo.adamec@tecton.sk>
From: Pavol Adamec <palo.adamec@tecton.sk>
To: "freebsd-net@FreeBSD.ORG" <freebsd-net@FreeBSD.ORG>
Subject: RE: Tcp shadowing for use in HTTP proxy
Date: Tue, 20 Jul 1999 10:56:21 +0200
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I'm sorry but I think that the use of such a shadow interface would be very very limited.
The main restriction is that a client PC sits on an isolated LAN connected to the world
through exactly one router. The router is also doing the job of a proxy. I think that
in such a case the router in many cases also applies NAT to the trafic, so the client's 
IP is changed anyway.
Another point is that any misguided application or misguided configuration of an
application could bind to any IP without an error message. As for me - I've already done 
such a mistake, especially when configuring a just installed application (wrong bind IP 
for squid, for example).

It would be interesting to know the real purpose that led to the idea. Why is it so
important for the server to see client's real IP or why is it so important for the
proxy to have the server see client's real IP.

Pavol Adamec

> On Tue, 20 Jul 1999, Alex Rousskov wrote:
> 
>> How do you solve a problem of server response packets being routed to the
>> real client instead of the proxy? Are you assuming that there is only one
>> way to get from the server to the real client, and that path always goes
>> through your proxy? Just curious...
>
>Yes, proxy must get all of the response packets. It is a limitation, but
>unavoidable, I'm afraid.
>
>  Milan Kopacka



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message