SO_BINDANY and pf divert
Attila Nagy
bra at fsn.hu
Wed Jul 30 16:16:27 UTC 2008
Hello,
OpenBSD's relayd has grown a very useful transparent relay support,
which means you can run a HTTP(S) reverse proxy transparently
(maintaining the source IP, while you have a different TCP stream open
from the proxy to the backend, even by terminating the SSL part and
speaking clear text HTTP to the backends).
For this (as far as I could figure out, while trying to make this newer
relayd working on FreeBSD) two pieces are needed, which FreeBSD
currently lacks:
- the SO_BINDANY support (see
http://marc.info/?l=openbsd-cvs&m=121030159009823&w=2 and
http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt)
- the pf part, which diverts the non-local packets to the given socket
(see http://marc.info/?l=openbsd-cvs&m=121030115209292&w=2 and
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf)
After having those said, the question is obvious. :)
Does anybody feel the need for these two in FreeBSD and have the
competence and time to port them?
Thanks,
More information about the freebsd-net
mailing list