[ previous ] [ next ] [ threads ]
 From:  Rolf Sommerhalder <rolf dot sommerhalder at alumni dot ethz dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Transparent HTTP proxy
 Date:  Sat, 16 Apr 2005 13:25:25 +0200
While migrating several douzens of users' PCs and servers from an old 
firewall that is HTTP-transparent (port 80) to a new firewall that 
requires the use of a HTTP proxy (port 8080), I come across simiar 
1. inform users about the required change in their client/browser 
configuration, e.g. to load a proxy.pac file that sets the proxy with 
port 8080;
2. during a grace/transition period, transparently "transform" HTTP 
requests to port 80 of the old firewall to port 8080 of the new 
3. the solution for 1. and 2. should integrate into the setup by 
inserting this "interceptor/redirector" in front of the old firewall.

The Captive Portal of m0n0wall nicely resolves 1.  A Transproxy daemon 
(tproxyd) can provide 2 (inspired by previous poster). m0n0wall's 
filtering bridge would ideally be solve requirement 3.

Unfortunately, the Captive Portal and bridging are mutually exclusive 
yet. Thus I try now to integrate tproxyd into m0n0wall and run it in 
routed mode instead of bridged mode.
Up to now I have successfully tested tproxyd as proof of concept on a 
Linux-based system. Right now I assemble a FreeBSD developper 
environment in order to get tproxyd into m0n0wall.