On 01/15/2013 04:10:33 AM, Daniel Hartmeier wrote:
> Wait, the squid server is on a separate host, on the $int_if side of
> the
> firewall (the same side the clients are on)?
>
> Then transparent proxying would require "reflection", and doesn't
> work, see
> http://www.openbsd.org/faq/pf/rdr.html#reflect
Just read the FAQ and had a few thoughts.
Something that's not mentioned that
comes to mind is ICMP redirection. (Without thinking
about it a lot it seems like it should be a good candidate.)
However when I tried ICMP redirection on OpenBSD
years ago I couldn't get it to work. Never looked to see why,
or whether it's been fixed since. Or, I might have been doing
something wrong. If anyone can send a clue my way
I'd appreciate knowing more.
Another option for TCP proxying that's not mentioned
is socat. It's like nc, but (I think) would not require
inetd.
Regards,
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
