[ previous ] [ next ] [ threads ]
 
 From:  Rolf Sommerhalder <rolf dot sommerhalder at alumni dot ethz dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Transparent HTTP proxy
 Date:  Sat, 16 Apr 2005 13:25:25 +0200
While migrating several douzens of users' PCs and servers from an old 
firewall that is HTTP-transparent (port 80) to a new firewall that 
requires the use of a HTTP proxy (port 8080), I come across simiar 
requirements:
1. inform users about the required change in their client/browser 
configuration, e.g. to load a proxy.pac file that sets the proxy with 
port 8080;
2. during a grace/transition period, transparently "transform" HTTP 
requests to port 80 of the old firewall to port 8080 of the new 
firewall/proxy;
3. the solution for 1. and 2. should integrate into the setup by 
inserting this "interceptor/redirector" in front of the old firewall.

The Captive Portal of m0n0wall nicely resolves 1.  A Transproxy daemon 
(tproxyd) can provide 2 (inspired by previous poster). m0n0wall's 
filtering bridge would ideally be solve requirement 3.

Unfortunately, the Captive Portal and bridging are mutually exclusive 
yet. Thus I try now to integrate tproxyd into m0n0wall and run it in 
routed mode instead of bridged mode.
Up to now I have successfully tested tproxyd as proof of concept on a 
Linux-based system. Right now I assemble a FreeBSD developper 
environment in order to get tproxyd into m0n0wall.

Rolf