RE: Transparent Proxy

From: Jordan Mendelson <jordy@dont-contact.us>
Date: Thu, 14 May 1998 10:56:04 -0400

> On Thu, May 14, 1998 at 03:16:57PM +0000, Markus Sabadello wrote:
> : I am interested in the experimental 'transparent proxy' feature of
> : newer Linux kernels, and I wondered if this could be used to make
> : browsers go through proxys without knowing it. I configured my
> : intranet gateway to redirect every port 80 connections to local port
> : 8080 (squid port) and I told my browser NOT to use a proxy. It worked
> : well; when I tried to connect to home.netscape.com:80, the connection
> : was redirected to my local intranet gateway at port 8080, but the
> : problem was that my browser sent the following lines:
> :
> : GET / HTTP/1.0
>
> Yes, it's not enough to redirect the request. You must rewrite the
> request to the complete url. There exists a little daemon `trproxyd' or
> `transproxy' doing that.
>
> 0/0 80 redirect -> 81 -> tproxyd -> 8080

Linux does not require such a daemon (and for the life of me I can't figure
out why people keep bringing it up). All that is required to setup
transparent proxies under Linux is to compile it into the kernel and use:

ifpwadm -a accept -P tcp -S 0/0 -D 0/0 80 -r 3128

to redirect the requests. You will also need to setup squid to do it (read
the FAQ). I would recommend getting Squid 1.NOVM 21 and using the -V
parameter with it as well, so you can get resolved hostnames in your logs.

Jordan

--
Jordan Mendelson     : http://jordy.wserv.com
Web Services, Inc.   : http://www.wserv.com
Received on Thu May 14 1998 - 08:06:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:11 MST