On Sat, Mar 24, 2001 at 12:43:00PM +0100, RoMaN SoFt / LLFB !! wrote: > On Thu, 22 Mar 2001 18:45:26 +0100 (CET), you wrote: > > >Squid can't talk ftp to your client, it can only talk ftp to the servers. > >If you configure your browser to use a "ftp-proxy" it talks http to the > >proxy, which then does the ftp requests. > > I suppose that if I make http redirection (to do http transparent > proxy) I'll achieve this kind of "ftp-proxy" to be transparent, too. > Am I right? No. The browser only uses http 'proxying' for ftp when it has proxy settings in which case transparency isn't an issue because the browser is connecting direct to the proxy. With no proxy settings the browser talks ftp direct to the remote host so your transparency on the http port is no help to you. Oh, btw. ... essentially what happens with proxy settings is that the browser connects to the proxy ip and port and goes: GET full_url_that_you_wanted HTTP/1.0 If the full url was http://something then the proxy does http to pick up the file and spools it back to the browser. If it was ftp://something then the proxy does ftp on behalf of the browser and spools the result back over the single http proxy connection the browser made to the proxy. If you wanted to transparently proxy ftp, you'd need something catching packets on port 21 rather than port 80. I still don't understand why you can't use ftp masquerading directly in the kernel if you want transparency. Sure it won't go through a userspace proxy but so what - what are you hoping the userspace proxy will do that the kernel doesn't? --C - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
