you might nothe that FreeBSD (-current) has a redirection facility almost
identical to Linux's
and can redirect a TCP stream for xpararent proxy.
julian
On Thu, 10 Sep 1998, Henrik Nordstrom wrote:
> Ghilde@Arizona.EDU wrote:
>
> > I noticed the Squid Caching Update link. In the Stan Barber's Notes
> > section there was mention of Squid being able to do transparent
> > proxy. This was in the Q & A area.
> > I would like to know if anyone has implemented this, how reliable it
> > is, and how was it done.
>
> Squid has been able to do transparent caching for a long time. It relies
> on external components to rewrite/process TCP in such a way that it
> arrives to Squid, and it is in this area that most technical problems
> with transparent proxying lies.
>
> There are two widely used TCP hacking implementations that are in use by
> people running transparent proxies:
>
> 1) Linux 2.0 ipfwadm support (fully supported by Squid).
> 2) The ip-filter package for many other platforms (partially supported
> by Squid).
>
> For full HTTP functionality together with ip-filter redirection a
> external daemon is required that interfaces to the address translation
> tables maintaned by ipfilter (transproxyd). I have a preleminary patch
> that adds the ip-filter lookup functionality to Squid but I have not yet
> received a single report wether this patch works or not (I can't test it
> myself due to limited resources.. have no machine where ipfilter runs).
>
> It is hard to tell which redirection mechanism that is the best one of
> the two. Linux ipfwadm is fast but it has some MTU related problems
> (does not work well together with MTU path discovery Squid->client). I
> do not know much of the ip-filter implementation, but I would guess that
> it shares the same problem at most locations.
>
> ---
> Henrik Nordström
> Sparetime Squid Hacker
>
>
Received on Thu Sep 10 1998 - 15:51:31 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:56 MST