[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] outgoing proxys
 Date:  Sat, 5 Jun 2004 14:21:52 -0700 (PDT)
On Fri, 4 Jun 2004, David Rodgers wrote:

> Transparent proxy redirection on a generic tcp basis would be
> tremendously useful as you could also use it would allow you to do
> things like in stream antivirus for pop3/smtp or http with the right
> external proxy servers. Much more useful than just having a proxy built
> into m0n0.
> It should not be that difficult as it could (at least in theory) be
> accomplished with outbound nat rules.

No, *transparent* proxying is hard, because the "transparent" part means
that the proxy needs to essentially "spoof" as the server.  This requires
special kernel support as well as filter support.  I believe OpenBSD has
the necessary features; I don't know about FreeBSD.

					Fred Wright