.. > : Internet : ipfilter server ext & int iface : Internal Server > : : e1000g0 e1000g1 > 210.my.ext.IP -> 210.172.133.140:7100 & 172.20.11.254 -> 172.20.11.5:7100 > proxy.c
ok, let me explain this. The transparent proxy is for use in situations where you are on (say) 210.my.ext.IP and you telnet "172.20.11.5 7100" with a rdr rule like this: rdr e1000g0 0.0.0.0/0 port 7100 -> 210.172.133.140 port 1 tcp It will cause the connection to 172.20.11.5 to be terminated locally on the ipfilter server at port 1. This is the only scenario that requires the use of tproxy. *IF* you are on 210.my.ext.IP and you want to connect to the Internal Server automatically and the command you use is "telnet 210.172.133.140 7100" , you would do: rdr e1000g0 0/0 port 7100 -> 172.20.11.5 port 7100 tcp *IF* you are on 210.my.ext.IP and you want to connect to a proxy on the ipfilter server and have the proxy connect to the Internal Server then you do not use rdr rules or ipnat, you just use a TCP relay program. Darren
