On 13-05-04 07:03 PM, Bruno Araújo wrote:
> Hi,
>
> How can I use TS as transparent proxy, like squid tproxy, on a FreeBSD bridge
> QoS?
Our solution is likely to not work for anyone else, but I'll describe it
anyway just in case.
We use a custom (and older) FreeBSD kernel that we've hacked to allow bind()
to spoof IP addresses without privileges.
To get transparent TS in our environment, I taught the build a
--tproxy=nosockopt which enables transparent proxying without trying to
setsockopt(IP_TRANSPARENT). I can make this patch available if you like.
Conceivably this might allow you do have transparent TS if you run it as
root, but I haven't tried that.
We have plans to move to a modern FreeBSD, and at that time I intend to dig
into FreeBSD's Capsicum stuff and see if I can get TS to properly do
transparency on FreeBSD. But at this time I can't say when this might happen.
M.
