Re: [m0n0wall] transparent proxy from WLAN to LAN

From:	"Neil A. Hillard" <m0n0 at dana dot org dot uk>
To:	'Serge Huber' <serge at think dash simple dot ch>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] transparent proxy from WLAN to LAN
Date:	Mon, 10 Jan 2005 23:19:22 +0000

Hi,

>> -----Original Message-----
>> From: Serge Huber [mailto:serge at think dash simple dot ch]
>> Sent: January 10, 2005 2:47 PM
>> To: m0n0wall at lists dot m0n0 dot ch
>> Subject: [m0n0wall] transparent proxy from WLAN to LAN
>>
>> anyone tried to forward all http traffic from WLAN to the LAN's proxy ?
>> each has its own subnet.
>> I'm portforwarding all traffic on port 80 from the WLAN interface to the
>> proxy in the LAN segment
>> but i alwys get an error from the proxy that the url:  /_  is invalid.
>> does anyone have a solution for that ?
>[Mitch says:] Not 100% sure, but doesn't that happen because the client is
>making an HTTP/1.0 request which does not contain a hostname? A 1.1 style
>request needs to be used for a proxy server to know what to proxy to...
>
>If you can simulate it, try grabbing the connection with a sniffer or packet
>logger and look at the actual connection.
That usually happens when the proxy receives a request that has been
transparently intercepted whilst it isn't set up for transparency.

The proxy will need to know the intended destination address so I guess
you'd need something like WCCP or GRE between the firewall and proxy
server in order to pass the necessary info through.  I've not tried
either of those as I prefer telling the browser that it is using a
browser, although I do understand why you are trying to use transparency
in this case.

Hope this Helps,


                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk