File: README

package info (click to toggle)
transproxy 0.3-7
  • links: PTS
  • area: main
  • in suites: hamm, slink
  • size: 116 kB
  • ctags: 30
  • sloc: ansic: 526; makefile: 50; sh: 21
file content (119 lines) | stat: -rw-r--r-- 4,244 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
Welcome to Transparent Proxying
-------------------------------

Introduction
------------

The program is used in conjunction with the Linux Transparent Proxy
networking feature, and ipfwadm, to transparently proxy HTTP and
other requests.

How Is It Used?
---------------

Take for example the network configuration of a Linux box acting as
a dialin server (or terminal server), and another Linux box acting
as a Squid (or any other) proxy cache. Normally users would have to
configure their browser to access the proxy. This transparent proxy
will automatically intercept HTTP accesses and re-direct them to the
Squid (or any other) proxy server. The users need not even know that
a proxy is being used, it's that transparent.

How Do I Build It?
------------------

Just type 'make' no configuration in the source is needed. It's
written in ANSI C using the portable Berkeley sockets interface so
it should compile on 99.9% of machine without change.

How Do I Install It?
--------------------

Just type 'make install' to install the binary and man page. Then
choose either one of 'Inetd Installation' or 'Standalone Server'.

Inetd Installation
------------------

For a low volume application, using inetd to start the proxy is very
simple. The installation places the proxy on port 81, just above the
normal HTTP port. Just follow these steps.

1)	Add a line like the following to /etc/services.

	tproxy		tcp/81			# Transparent Proxy

2)	Add a line like the following to /etc/inetd.conf

	tproxy	stream	tcp	nowait	nobody	/usr/sbin/tcpd	in.tproxyd <your-proxy-server> 8080

	This tells inetd to accept requests on port 81, and the transparent
	proxy server to pass these on to the host 'proxy' at port 8080.

	Restart the inetd daemon, usually 'kill -HUP `cat /var/run/inetd.pid`'
	does the trick. But check first before running this shell command.

Standalone Server
-----------------

For high volume applications it's best to install the server as a standalone
server. This prevents inetd having to start a new process for ever new
request. Just follow these steps.

1)	Add a line like the following to /etc/services.

	tproxy		tcp/81			# Transparent Proxy

2)	Find a place to add the server startup to, /etc/rc.d/rc.local
	or something similar. Add a line like the following to this
	file.

	in.tproxyd -s 81 -r nobody <your-proxy-server> 8080

	This tells the transparent proxy server to accept requests on port
	81 and to pass these on to the host 'proxy' at port 8080.

	Note: The -t option may be given to make the proxy act in a
	completely transparent mode. Normal operation is for the proxy
	daemon to convert HTTP requests to a form suitable for a Squid
	(or any other) proxy cache.

Ipfwadm Config
--------------

To make HTTP requests get proxied transparently, ipfwadm filters rules
must be put in place to pass HTTP requests to the proxy that would normally
pass through to the outside world. Also the Linux kernel must be compiled
with the TRANSPARENT_PROXY feature enabled. You only get asked about this
feature if you have requested to be prompted about EXPERIMENTAL things.

If the dialin server (terminal server) host is not running a httpd on
port 80, then the ipfwadm rules are different to when it is.

Example when a httpd is running on port 80.

# ipfwadm -I -a accept -P tcp -D localhost 80
# ipfwadm -I -a accept -P tcp -D <ip of local network>/<bits-in-net> 80
# ipfwadm -I -a accept -P tcp -D 0.0.0.0/0 80 -r 81

If no httpd is running on the local network you may want to
reject connections quickly instead of accepting them.

# ipfwadm -I -a reject -P tcp -D localhost 80
# ipfwadm -I -a reject -P tcp -D <ip of local network>/<bits-in-net> 80
# ipfwadm -I -a accept -P tcp -D 0.0.0.0/0 80 -r 81

These rules allow port 80 requests direct at the local network to pass (or
get rejected). Then any requests to the outside world get redirected to
port 81 and hence get handled by the transparent proxy.

Who Am I?
---------

My name is John Saunders <john@nlc.net.au> and I run a modest ISP in
Sydney Australia, http://www.nlc.net.au/ take a look.

The latest version of this package will always be at the follwing
URL ftp://ftp.nlc.net.au/pub/linux/www/ with a name like
transproxy-x.x.tgz or on Sunsite.