fre 2006-12-08 klockan 16:02 +0100 skrev Ghislain Garçon: > I looked in kernel sources... and it's look like the lines above open > a device created by ipfilter... but pf doesn't need ipfilter in order > to work. The question to ask is how does pf report the oiginal destination address to the application? There is three methods commonly used a) ioctls on a special device. (ipfilter and derivates) b) getsockopt on the filedescriptor. (linux iptables/netfilter) c) getsockname() returning the original address as the local endpoint. (linux ipchains, and some others) Maybe pf falls into category 'c'. If so then it should work if you do not specify any --enable-... options for transparent interception. To test try the following from an intercepted client telnet 12.160.37.9 80 GET / HTTP/1.0 [blank line] should return the squid-cache.org home page, and http://12.160.37.9/ should get logged in Squid access.log. Note: this can't be tested with a browser. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
