Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

tproxy(8)							     tproxy(8)

NAME
       tproxy - transparently re-direct HTTP requests to a HTTP cache.

SYNOPSIS
       tproxy [ -t | -p ] [ -f forced-url ] [ -s bind-port

       [  -d ] [ -b bind-address ] [ -r runas-uid ] [ -a access-ip-address ] ]
       [ -l log-file ] proxyhost proxyport

DESCRIPTION
       tproxy accepts HTTP requests and forwards them to a cache host. If  the
       HTTP  request has been transparently re-directed, the URL is re-written
       so that the cache host knows what web  server  to  fetch	 the  document
       from. Tcp_wrappers is used to provide host access control.

       The  proxy-cache	 host's	 address  and  port are given by proxyhost and
       proxyport.

OPTIONS
       -t     Operate in a fully transparent mode. Instead of connecting to  a
	      proxy  and  sending  a re-written URL, connect only the intended
	      destination and send the real URL. This option can  be  used  to
	      allow  tproxy to operate as a HTTP gateway (or proxy) on a fire‐
	      wall.

       -p     Operate in proxy only mode. Normally if the  connection  to  the
	      proxy  fails,  tproxy  will try and connect transparently to the
	      intended destination. However for some  sites  this  will	 never
	      work and it is better to simply fail the connection.

       -f url Force  all  accesses  to	be  sent to the specified URL.	tproxy
	      checks for accesses that are referred by	this  forced  URL  and
	      allows  then  to	pass.  This allows images on the forced URL to
	      work.

       -s port
	      Run as a server and bind to the  specified  port.	 Alternatively
	      tproxy  may  be  run  from  either  inetd	 or  a	program such a
	      tcpserver. In these cases this options is not given.

       -d     When running as a server, do not background the daemon.  Usefull
	      when  tproxy  is started from inetd or from the supplied tproxy‐
	      watch program.

       -b ipaddr
	      Bind to the specified IP address. When run as  a	server	tproxy
	      will not accept requests sent to any other address when the host
	      has multiple addresses.

       -r user
	      Run  as  the  specified  user.  The  user	 must  exist  in   the
	      /etc/passwd database so that its uid and gid can be obtained.

       -a access-ipaddr
	      Provide  an  IP address, network, sub-net, or super-net to allow
	      access. May be specified more than once. If the host portion  of
	      the  address in non-zero then the address refers to a host, oth‐
	      erwise it is assumed to refer to a network.  The number of  bits
	      may be given in CIDR notation to specify a sub-net or super-net.

       -l log-file
	      Log  all	accesses to the specified file. The logfile will indi‐
	      cate if the request was done transparently, it was done  without
	      DNS activity, or it required DNS activity.

FINE POINTS
       tproxy  is  not	an  all-in-one transparent proxy solution. It requires
       support from the operating system, and configuration  from  the	system
       administrator, to transparently capture HTTP requests.

       tproxyrun provides an example script to add firewall commands and start
       tproxy running.	It currently supports FreeBSD-3.x and various versions
       of  Linux.  See	the environment variable definitions at the top of the
       file.

       tproxywatch provides a mechanism of ensuring that tproxy is  re-started
       should  it  fail.   Whenever  tproxy exits an email is sent to the root
       account and then tproxy is re-started.

       FreeBSD-3.x provides two methods of  transparently  capturing  packets.
       The first is ipfw(8) using the following example configuration.

       ipfw add 1000 allow tcp from 192.168.1.1 to any 80

       ipfw add 1001 fwd 192.168.1.1,8081 tcp from any to any 80

       The  second is ipnat(1) using the following example configuration. Note
       that a rule is required for every interface you wish  to	 transparently
       re-direct for.

       rdr ppp0 0.0.0.0/0 port 80 -> 192.168.1.1 port 8081

       Linux  provides the same mechanism with either the ipchains(8) command,
       kernels 2.1.x and up, using the following example configuration.

       ipchains -A input -p tcp -d 0.0.0.0/0 80 -j REDIRECT 8081

       Or the ipfwadm(8) command, kernels 2.0.x, using the  following  example
       configuration.

       ipfwadm -I -a accept -P tcp -D 0.0.0.0/0 80 -r 8081

SEE ALSO
       hosts_access(5),	   tcpserver(1),    ipfw(8),   ipnat(1),   ipfwadm(8),
       ipchains(8)

AUTHORS
       Written by John Saunders <john@nlc.net.au>

       Copyright 1998, 1999, 2000      NORTHLINK COMMUNICATIONS PTY LTD.   All
       rights reserved.

								     tproxy(8)

Vote for polarhome