Bob Miller wrote: >Has anyone here ever set a *nix box up as a transparent HTTP proxy? > >How did you do it? > >My home firewall is OpenBSD, and it looks like you can't do it with >OpenBSD, at least not with 3.0. I was looking at putting the proxy on >a different host than the firewall, but I can't see how to make that >work either. > >Suggestions? I'd really rather keep the firewall as OpenBSD. > Alright, I haven't done this but if I were going to, I would try squid for the transparent proxy. Take a look at:
http://www.linuxdoc.org/HOWTO/mini/TransparentProxy-6.html as well as the rest of that document. That link describes how to set up the proxy on a separate box. You'll need to translate the iptables commands into whatever it is in OpenBSD. The configuration tips in that doc are for linux, but squid will run on other *nix systems as well, so you could potentially just run it on your firewall box. Otherwise you'll need to configure the router/firewall to masquerade/snat packets going to the proxy box so they can be sent back to the host that made the HTTP request. Hope it helps... Kahli
