* Stuart Henderson <[email protected]> le [21-09-2018 10:10:03 +0000]:
> On 2018-09-20, Thuban <[email protected]> wrote:
> > By the way, I'm confused about the "transparent forward" directive in
> > relayd.conf. It doesn't seems to work at all and setting a transparent
> > proxy is
> > not using this keyword.
>
> "transparent proxy" used to be common for web proxies meaning "you
> don't need to tell the client to use a proxy" but this is a confusing
> term. squid has got rid of this in favour of the more descriptive
> "interception proxy" now.
>
> if you want to originate packets using the client's original source
> address you will need to figure out what's wrong with your setup using
> "transparent forward" as that is exactly what you need to use. I've had
> it working before but it *is* awkward.
That's exactly where I'm confused with the man page of relayd.
It is mentionned :
forward to destination options ...
When redirecting connections with a divert-to
rule in pf.conf(5)
to a relay listening on localhost, this
directive will look up
the real destination address of the intended
target host,
allowing the relay to be run as a **transparent
proxy.**
That's what I did, but the orginal source address isn't keeped.
The "transparent" directive just don't work :
[transparent] forward [with tls] to address [port port] options ...
I tried relayd listening on port 80 and set up httpd to listen on port 8080. In
relayd.conf :
transparent forward to 127.0.0.1 port 8080
No success.
Either I misunderstand the manpage, either it miss some precisions.
Regards.
thuban
