[ previous ] [ next ] [ threads ]
 From:  David Rodgers <david dot rodgers at kdsi dot net>
 To:  Fred Wright <fw at well dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] outgoing proxys
 Date:  Sat, 05 Jun 2004 20:12:35 -0500
> > Transparent proxy redirection on a generic tcp basis would be
> > tremendously useful as you could also use it would allow you to do
> > things like in stream antivirus for pop3/smtp or http with the right
> > external proxy servers. Much more useful than just having a proxy built
> > into m0n0.
> > 
> > It should not be that difficult as it could (at least in theory) be
> > accomplished with outbound nat rules.
> No, *transparent* proxying is hard, because the "transparent" part means
> that the proxy needs to essentially "spoof" as the server.  This requires
> special kernel support as well as filter support.  I believe OpenBSD has
> the necessary features; I don't know about FreeBSD.

If you want to be a stickler because you just got done reading the
definition of transparent proxy from webglossary.com you are correct but
just about everyone else that has EVER used a proxy server would have
easily understood that I meant transparent to the user. And yes just
outbound nat rules can accomplish this. It works in exactly the same
manner as incoming port forwarding only in reverse.

I assume (and you know what happens when you assume) this is happening
right now for the captive portal to function ...... you goto
www.google.com and are forwarded to the captive portal page on localhost
until you click through and once you click though you are sent where you
were trying to go to begin with right?

it's really simple ..... the firewall sees an attempted connection to an
outside server on port 110 from the client and it forwards the request
to a proxy for that port on the dmz