Red Hat Bugzilla – Bug 110512
Ask for tarnsparent proxy support
Last modified: 2007-11-30 17:10:33 EST
From Bugzilla Helper: User-Agent: Opera/7.22 (X11; Linux i686; U) [en] Description of problem: Is this possible to add tarnsparent proxy support for netfilter? It's needed to build proxy based firewalls (e.g. Zorp, see: http://www. balabit.hu). Version-Release number of selected component (if applicable): kernel-2.4.22-1.2115.nptl
my transproxy squid works fine without this patch....
Unneeded. http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#s2
Zorp is not a http proxy it is a full proxying firewall suite with proxy support for _ALL_ protocols.
See: http://www.balabit.com/products/zorp/
Netfilter _HAS_ transparent proxy support already. Zorp seems to be nothing more than a bunch of tools to manage an ipchains based proxy. I don't see anything new here as far as the kernel is concerned.
Netfilter has transparent proxy support in 2.2, but it was leaved out, because it was dirty implementation. The clean implementation for 2.4 and 2.6 (and Solaris 8!) comes from BalaBit Ltd. (http://www.balabit.com). It may go into the official kernel in the future. BTW: What do you mean "a bunch of tools to manage an ipchains based proxy"? Zorp is an application level (OSI layer 5) firewall. http://www.balabit.com/products/oss/tproxy/, http://www.balabit.com/products/zorp_gpl/ and http://www.balabit.com/dl/zorp2.pdf for details.
If it's an improvement, it should go upstream. I suggest you take it up with the netfilter developers.