Provided by: transproxy_1.5-1_i386 bug

NAME

       tproxy - transparently re-direct HTTP requests to a HTTP cache.

SYNOPSIS

       tproxy [ -t | -p ] [ -f forced-url ] [ -s bind-port

       [  -d ] [ -b bind-address ] [ -r runas-uid ] [ -a access-ip-address ] ]
       [ -l log-file ] proxyhost proxyport

DESCRIPTION

       tproxy accepts HTTP requests and forwards them to a cache host. If  the
       HTTP  request has been transparently re-directed, the URL is re-written
       so that the cache host knows what web  server  to  fetch  the  document
       from. Tcp_wrappers is used to provide host access control.

       The  proxy-cache  host’s  address  and  port are given by proxyhost and
       proxyport.

OPTIONS

       -t     Operate in a fully transparent mode. Instead of connecting to  a
              proxy  and  sending  a re-written URL, connect only the intended
              destination and send the real URL. This option can  be  used  to
              allow  tproxy  to  operate  as  a  HTTP  gateway (or proxy) on a
              firewall.

       -p     Operate in proxy only mode. Normally if the  connection  to  the
              proxy  fails,  tproxy  will try and connect transparently to the
              intended destination. However for some  sites  this  will  never
              work and it is better to simply fail the connection.

       -f url Force  all  accesses  to  be  sent to the specified URL.  tproxy
              checks for accesses that are referred by  this  forced  URL  and
              allows  then  to  pass.  This allows images on the forced URL to
              work.

       -s port
              Run as a server and bind to the  specified  port.  Alternatively
              tproxy  may  be  run  from  either  inetd  or  a  program such a
              tcpserver. In these cases this options is not given.

       -d     When running as a server, do not background the daemon.  Usefull
              when   tproxy  is  started  from  inetd  or  from  the  supplied
              tproxywatch program.

       -b ipaddr
              Bind to the specified IP address. When run as  a  server  tproxy
              will not accept requests sent to any other address when the host
              has multiple addresses.

       -r user
              Run  as  the  specified  user.  The  user  must  exist  in   the
              /etc/passwd database so that its uid and gid can be obtained.

       -a access-ipaddr
              Provide  an  IP address, network, sub-net, or super-net to allow
              access. May be specified more than once. If the host portion  of
              the  address  in  non-zero  then  the  address refers to a host,
              otherwise it is assumed to refer to a network.   The  number  of
              bits  may  be  given  in  CIDR  notation to specify a sub-net or
              super-net.

       -l log-file
              Log all  accesses  to  the  specified  file.  The  logfile  will
              indicate  if  the  request  was  done transparently, it was done
              without DNS activity, or it required DNS activity.

FINE POINTS

       tproxy is not an all-in-one transparent  proxy  solution.  It  requires
       support  from  the  operating system, and configuration from the system
       administrator, to transparently capture HTTP requests.

       tproxyrun provides an example script to add firewall commands and start
       tproxy running.  It currently supports FreeBSD-3.x and various versions
       of Linux. See the environment variable definitions at the  top  of  the
       file.

       tproxywatch  provides a mechanism of ensuring that tproxy is re-started
       should it fail.  Whenever tproxy exits an email is  sent  to  the  root
       account and then tproxy is re-started.

       FreeBSD-3.x  provides  two  methods of transparently capturing packets.
       The first is ipfw(8) using the following example configuration.

       ipfw add 1000 allow tcp from 192.168.1.1 to any 80

       ipfw add 1001 fwd 192.168.1.1,8081 tcp from any to any 80

       The second is ipnat(1) using the following example configuration.  Note
       that  a  rule is required for every interface you wish to transparently
       re-direct for.

       rdr ppp0 0.0.0.0/0 port 80 -> 192.168.1.1 port 8081

       Linux provides the same mechanism with either the ipchains(8)  command,
       kernels 2.1.x and up, using the following example configuration.

       ipchains -A input -p tcp -d 0.0.0.0/0 80 -j REDIRECT 8081

       Or  the  ipfwadm(8) command, kernels 2.0.x, using the following example
       configuration.

       ipfwadm -I -a accept -P tcp -D 0.0.0.0/0 80 -r 8081

SEE ALSO

       hosts_access(5),   tcpserver(1),   ipfw(8),    ipnat(1),    ipfwadm(8),
       ipchains(8)

AUTHORS

       Written by John Saunders <john@nlc.net.au>

       Copyright  1998, 1999, 2000      NORTHLINK COMMUNICATIONS PTY LTD.  All
       rights reserved.

                                                                     tproxy(8)