On 01/15/2013 04:10:33 AM, Daniel Hartmeier wrote:
> Wait, the squid server is on a separate host, on the $int_if side of
> the
> firewall (the same side the clients are on)?
> Then transparent proxying would require "reflection", and doesn't
> work, see
> http://www.openbsd.org/faq/pf/rdr.html#reflect

Just read the FAQ and had a few thoughts.

Something that's not mentioned that
comes to mind is ICMP redirection.  (Without thinking
about it a lot it seems like it should be a good candidate.)
However when I tried ICMP redirection on OpenBSD
years ago I couldn't get it to work.  Never looked to see why, 
or whether it's been fixed since.  Or, I might have been doing 
something wrong.   If anyone can send a clue my way
I'd appreciate knowing more.

Another option for TCP proxying that's not mentioned
is socat.   It's like nc, but (I think) would not require


Karl <k...@meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein

Reply via email to