|
||||||||||
> > Transparent proxy redirection on a generic tcp basis would be > > tremendously useful as you could also use it would allow you to do > > things like in stream antivirus for pop3/smtp or http with the right > > external proxy servers. Much more useful than just having a proxy built > > into m0n0. > > > > It should not be that difficult as it could (at least in theory) be > > accomplished with outbound nat rules. > > No, *transparent* proxying is hard, because the "transparent" part means > that the proxy needs to essentially "spoof" as the server. This requires > special kernel support as well as filter support. I believe OpenBSD has > the necessary features; I don't know about FreeBSD. If you want to be a stickler because you just got done reading the definition of transparent proxy from webglossary.com you are correct but just about everyone else that has EVER used a proxy server would have easily understood that I meant transparent to the user. And yes just outbound nat rules can accomplish this. It works in exactly the same manner as incoming port forwarding only in reverse. I assume (and you know what happens when you assume) this is happening right now for the captive portal to function ...... you goto www.google.com and are forwarded to the captive portal page on localhost until you click through and once you click though you are sent where you were trying to go to begin with right? it's really simple ..... the firewall sees an attempted connection to an outside server on port 110 from the client and it forwards the request to a proxy for that port on the dmz David |