On Wednesday 20 March 2002 17:29, Jean-Michel Hemstedt wrote: > I have: > - non-proxy aware clients (not controlable) > - non-transparent aware proxy (not controlable, > and even not on Linux, it is not in-housed) > > an in the middle: > - one (or more) default gateway, the netfilter box. > > => goal: > 1) HTTP: rewrite the HTTP requests (PDU) so that they > can be handled by the proxy. > 2) HTTPS: insert the CONNECT transactions so that the > proxy can create its https tunnel to the orig-server. > (and there is no mitma issue) > 3) for both: keep the source ip addresses of the clients > in the modified forwarded packets, so that the proxy > can do simple source based authentication (possibly > with the collaboration of exteral elements such as > radius, but athentication is out of scope here).
How about transproxying to Squid on the netfilter box, and getting Squid to passthrough to the `real' proxy? Cheers; Leon