[ previous ] [ next ] [ threads ]
 From:  Jesse Guardiani <jesse at wingnet dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Re: Transparent HTTP proxy
 Date:  Mon, 14 Feb 2005 13:40:29 -0500
Jeb Campbell wrote:

>> I did the same thing. It can be configured via the webGUI for OPT
>> interfaces (LAN requires a manual editing and upload of your config.xml).
>> However, the disadvantage is that since it's NAT, it doesn't work on
>> bridges. Another disadvantage is that since it's merely a port
>> redirection, you can't log HTTP traffic. I think the correct way to solve
>> this problem is to bloat m0n0wall a bit and install an HTTP proxy server
>> of some sort.
> I'm looking at transproxy -- very small (21K) and in freebsd ports, but
> I have not used it all (yet).
> Just need to figure out the best firewall rules.

I'm obviously approaching this functionality with the desire to find
some way to make transparent proxying work on a filtered bridge interface.
So I'm actually wondering if transparent proxy over a bridged connection
is even possible with a userland proxy daemon. Wouldn't we still need
to redirect port 80 from the bridge to the daemon's port? Since we
can't use NAT for this, is there another package out there capable of
doing it?

> It also supports pass through if the proxy server dies.

That's a very nice feature, indeed. That alone would be a welcome
improvement over an ipnat redirect rule, but I'd still like to
see if we can find a solution that works on a filtering bridge.

Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)