[Bug 1295] [PATCH] Transparent proxy support on Linux

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Apr 10 10:06:37 EST 2007


------- Comment #8 from dtucker at zip.com.au  2007-04-10 10:06 -------
(In reply to comment #7)
> Because this avoids the extra overhead and hassle of the nat-to-socks
> application.

A separate nat-to-socks application does have some advantages, though. 
You could open the tunnels on demand, and you could use different
tunnels based on different conditions (eg: target, current location on
the network).  Both of those are things that would be useful to me.

Going back to comment #6, there's another way it could be done on
OpenBSD without running sshd as root: you could use a setuid/setgid
helper to return an open descriptor on /dev/pf.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list