From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 21:44:12 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B97C106567A for ; Wed, 30 Jul 2008 21:44:12 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outE.internet-mail-service.net (oute.internet-mail-service.net [216.240.47.228]) by mx1.freebsd.org (Postfix) with ESMTP id 8ABF58FC1F for ; Wed, 30 Jul 2008 21:44:12 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 27295249F; Wed, 30 Jul 2008 14:44:13 -0700 (PDT) Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id 3147C2D60F1; Wed, 30 Jul 2008 14:44:12 -0700 (PDT) Message-ID: <4890E0C0.1070208@elischer.org> Date: Wed, 30 Jul 2008 14:44:32 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.16 (Macintosh/20080707) MIME-Version: 1.0 To: Attila Nagy References: <48909009.1070805@fsn.hu> In-Reply-To: <48909009.1070805@fsn.hu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: SO_BINDANY and pf divert X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2008 21:44:12 -0000 Attila Nagy wrote: > Hello, > > OpenBSD's relayd has grown a very useful transparent relay support, > which means you can run a HTTP(S) reverse proxy transparently > (maintaining the source IP, while you have a different TCP stream open > from the proxy to the backend, even by terminating the SSL part and > speaking clear text HTTP to the backends). > > For this (as far as I could figure out, while trying to make this newer > relayd working on FreeBSD) two pieces are needed, which FreeBSD > currently lacks: > - the SO_BINDANY support (see > http://marc.info/?l=openbsd-cvs&m=121030159009823&w=2 and > http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt) > - the pf part, which diverts the non-local packets to the given socket > (see http://marc.info/?l=openbsd-cvs&m=121030115209292&w=2 and > http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf) well, ipfw can do that. > > After having those said, the question is obvious. :) > Does anybody feel the need for these two in FreeBSD and have the > competence and time to port them? > > Thanks, > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"