The trick is to write a proxy.
You redirect all _external_ packets of port 80 on this machine.
Then you set up some processes, binding to the addresses of all _real_
interfaces, leaving out loopback. If a packet arrives (in this case a
socket) then look if it's for a local Web server or a remote.
If it's for a remote, proxy it with a proxy request.
If it's local, hand it over to your local apache.
Configure apache for 127.0.0.1:80 and _NOT_ for general port 80.
The tricks lie
o in the fact that getsockname returns the _original_ destination
address, not (as expected) my own.
o in specifying 127.0.0.1:80 in the apache config. file
o in deciding if it's a local or remote address (endless loop).
One public available program is transproxy-0.4 from someone in
australia, I don't remember the URL. If you want to have the source
I'll mail it, it's only 15k.
The transparent proxy that does those things mentioned above is
(unfortunately) not public available. You can get a free demoCD image of a
firewall from our Canadian distributor comspec.com, I will mail you the
exact URL if you're interested (if you can burn it for yourself) and you
can look how that specialized proxy works after logging in. Look at the
ipchains rules and into the apache configuration file.
Regards
Frank
Frank Bernard
frankb@ipf.de
http://www.linux-firewall.de
On Thu, 11 Mar 1999, Christophe Dupre wrote:
> Date: Thu, 11 Mar 1999 18:15:53 -0500
> From: Christophe Dupre <duprec@risq.qc.ca>
> To: linux-kernel@vger.rutgers.edu
> Subject: Linux Transparent proxy support ?
>
>
> Hi all,
> I'm having a hard time figuring out how to use the transparent proxy support
> in Linux.
>
> For exemple, I have here an Apache server configured to do HTTP and FTP
> proxying. When I configure Netscape to use that machine as a proxy, all works
> well. But when I tell Netscape to NOT use a proxy, and configure the firewall
> to redirect all outgoing TCP paquets addressed to port 80, to the proxy's
> port, then it doesn't work. Which seems normal to me since the HTTP request
> Netscape sends is not a valid proxy request.
>
> So how do you guys make it work ? It would really be neat to be able to have
> all the proxy's advantages (save in bandwidth, better end-user response)
> without the hassles (having to configure all the end-user stations)...
>
> thanks!
>
>
> --
>
> Christophe Dupre
> Analyste de systemes,
> RISQ inc.
> 550 Sherbrooke ouest, suite 250-ouest Tel: (514) 845-7181, ext 237
> Montreal, QC CANADA FAX: (514) 845-8083
>
> "Nous ne sommes pas libres de ne pas etre libres, nous sommes obliges de
> l'etre" - Fernando Savater
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/