shorewall-users April 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] proxy transparent

Re: [Shorewall-users] proxy transparent

From: troxlinux <xserverlinux_at_nospam>
Date: Tue Apr 17 2012 - 16:15:48 GMT
To: Shorewall Users <>

2012/4/17 Tom Eastep <>:

>> You cannot transparently proxy HTTPS -- think about it; would you want
>> to trust your private data to a protocol where a process in the middle
>> could read everything going back and fourth on the connection?

I understand your point Tom, but I explain my situation to you before
having this box linux, I had a called UTM Astaro and he works to me
perfectly of way is transparent, but we do not have money to pay but
license .

>> The data is encrypted! So a proxy can't understand what URL the client
>> is requesting -- understand?
> When you manually configure a HTTPS Proxy in your browser, the browser
> knows that it is connecting through a proxy and uses a modified protocol
> that allows it to work while still maintaining data security.
> -Tom

 I describe my infrastructure:

Router ====== Proxy Shorewall (eth0) ====
Switch ===LAN , gw lan

shorewall running ok , version shorewall-4.4.17-2.el5

it works perfect in transparent way, but I can access to pages https


-- rickygm ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. _______________________________________________ Shorewall-users mailing list