[Gllug] how to check for a transparent proxy

[Bruce Richardson]

On Tue, Dec 03, 2002 at 09:54:56AM +0000, Mark wrote:
> On Mon, 2002-12-02 at 15:45, itsbruce at uklinux.net wrote:
> > On Mon, Dec 02, 2002 at 02:12:30PM +0000, Pete Ryland wrote:
> > > > Ah.  You mean that the transparent proxy will, having diverted an ip
> > > > packet on the way out and processed it, rewrite the source header of the
> > > > ip packet to contain the original sender address before sending it out?
> > > > And then watch for all replies to that ip address and re-divert them?
> > > > Um, no.  Not on any set-up I'm familiar with.
> > > 
> > > Ok, indeed, this is possible.  In fact, it wouldn't be that hard to set up
> > > come to think of it.
> > 
> > With iptables, yes, it should be possible.  But I've not come across it
> > done that way.
> 
> Generally the whole point of implementing a transparent proxy is to
> force all http traffic into a locally controlled cache so that maximum
> aggregation of content as close to the requestor as possible is
> achieved.
> 
> Particularly when dealing with cheap / free dialup accounts where
> keeping the bandwidth costs at the border right down is essential.

I know how transparent proxies work.  We were discussing the options for
ip packet rewriting, if you look back.  Conventionally a transparent
proxy makes itself invisible only to the client and the ip redirection
happens on the client->proxy side.  What has been suggested is a further
ip packet rewrite on the proxy->webserver side so that the webserver
sees (and responds to) the client ip address rather than the proxy one.

-- 
Bruce

Those who cast the votes decide nothing.  Those who count the
votes decide everything. -- Joseph Stalin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 261 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20021203/b613fbfd/attachment.pgp>