bridge and PF for transparent proxy
Mij
mij at bitchx.it
Wed Feb 4 18:51:25 PST 2009
Hello folks,
On a FBSD7.1 box I would like to implement this sort of
"transparent reverse proxy":
inet <---> (vr0)<box>(vr1) <---> host
such box is expected to
1) pass transparently anything from inet to host and viceversa
2) redirect some of such traffic (some well-defined TCP connections)
from "inet" to an application listening on 127.0.0.1 on the box
3) make this application connect to "host" pretending to be the
original source -- that is, using as source address the address
of the client that connected to it from inet
I use bridge(4) over vr0 and vr1 to implement 1).
I use something similar to
http://marc.info/?l=openbsd-misc&m=108089194621750&w=2
for 2).
Although from the network perspective 3) seems easily feasible as
well, I cannot think of a reasonable setup on the box host for it.
Anyone
has some advice for it?
More information about the freebsd-pf
mailing list