Re: [m0n0wall-dev] transparent proxy support

From:	Manuel Kasper <mk at neon1 dot net>
To:	Michael Mee <mm2001 at pobox dot com>
Cc:	m0n0wall dash dev at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall-dev] transparent proxy support - any interest?
Date:	Tue, 05 Oct 2004 19:36:38 +0200

On 05.10.2004 10:08 -0700, Michael Mee wrote:

> Manuel, if this is something you'd consider putting in the image, I
> think between a friend and I, we can create the necessary code (he
> understands firewall rules inside out and I can fake the PHP
> coding).
> 
> I'm thinking we'd implement this as a simple 'specify web proxy
> server' page (similar to the 'enable DNS forwarding' page) where
> you enable/disable the feature and specify the address of the proxy
> server, rather than explicitly adding Destination NAT rules etc.
> 
> BUT, I don't want to make the effort if you (others?) think this is
> inappropriate for m0n0wall!

No, I think this is very appropriate, but the reason why it hasn't
happened yet is that nobody has figured out how to do it yet. ;) The
problem always seems to be how to tell the proxy which IP
address/port the user initially tried to connect to. But that may not
even be necessary (HTTP Host header). If a clean solution with
ipfilter/ipnat is possible, that would be cool.

Good luck,

Manuel