On Fri, 4 Jun 2004, David Rodgers wrote:

> Transparent proxy redirection on a generic tcp basis would be
> tremendously useful as you could also use it would allow you to do
> things like in stream antivirus for pop3/smtp or http with the right
> external proxy servers. Much more useful than just having a proxy built
> into m0n0.
> 
> It should not be that difficult as it could (at least in theory) be
> accomplished with outbound nat rules.

No, *transparent* proxying is hard, because the "transparent" part means
that the proxy needs to essentially "spoof" as the server.  This requires
special kernel support as well as filter support.  I believe OpenBSD has
the necessary features; I don't know about FreeBSD.

					Fred Wright