[ previous ] [ next ] [ threads ]
 
 From:  "Andrew Lewis" <andrew at coastal dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Generic proxy
 Date:  Fri, 28 Oct 2005 07:26:29 -0400
I'm running in to a need for a firewall that needs to do a bit more than 
the simple NAT in m0n0wall.  It could easily be solved with a simple TCP 
proxy.

I am *not* referring to any sort of HTTP proxy.  People seem to confuse 
them.

I am *not* referring to any sort of dynamic/transparent/whatever 
NAT-driven service.

Just a simple TCP proxy.  Listen on TCP port X on interface Y and 
forward connections to IP Z port B.

Balance, pen and ha-proxy all come to mind.  Load balancing would be 
nice but solid integration in the m0n0wall interface would be paramount.

Here's my problem:  I can put in a firewall to segment off a part of my 
network but routing all of my VPN and WAN connections to that network is 
completely impractical.  Sometimes I just need a listener on the LAN 
interface that forwards requests to my protected network.

I realize I can manipulate the image file and stick a proxy on m0n0wall 
on my own- that defeats the purpose of using m0n0wall though.  I want a 
unified management interface.

It's apparent to me that NAT on the LAN side could solve some of the 
problem.  I prefer proxies since they tend to be a bit more predictable. 
  MTU issues are easier to handle with a proxy setup as well.