Re: Transparent proxying

[Ng Pheng Siong <ngps () netmemetic com>]

On Wed, Feb 11, 2004 at 07:55:28PM -0800, jm wrote:
> I'm trying to enable transparent proxying from a router or from a L3/4
> switch and after a day spent on Cisco, Extreme Networks and other Enterasys
> website I'm still completely clueless as to whether I need a $1,000 or a
> $15,000 box. Since obviously I would prefer the former, I'm relying on your
> advices.

Take a look here:

    http://www.transproxy.nlc.net.au/

"The program is used in conjunction with the FreeBSD (ipfw, ipnat) or Linux
transparent proxy feature (ipfwadm, ipchains, iptables), to transparently
proxy HTTP requests. [...] Normally users would have to configure their
browser to access the proxy. This transparent proxy will automatically
intercept HTTP accesses and re-direct them to the Squid (or any other)
proxy server. The users need not even know that a proxy is being used, it's
that transparent."

I think ipfilter also works with transproxy. 

    http://coombs.anu.edu.au/~avalon/

ipfilter is available on BSD, Solaris, Irix and HPUX.

> In addition I need the router/switch to be remotely configurable from my
> proxy server. And finally I need some equipment which from a brand which is
> known enough that it won't raise too much eyebrows when installed in-line
> (i.e. Linux is out of the picture, Cisco would be ideal if the price is
> correct).

A Unixen running this thing is of course remotely manageable. If BSD or
Linux is out maybe you can go for a Solaris or a HPUX?

Pros: meets your cost and technical requirements.
Cons: may not meet your political(?) requirements.

Cheers.

-- 
Ng Pheng Siong <ngps () netmemetic com> 

http://firewall.rulemaker.net -+- Firewall Change Management & Version Control
http://sandbox.rulemaker.net/ngps -+- Open Source Python Crypto & SSL
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards