Hi, I'm plugging my laptops into various networks, and each has its own setup for the various TCP/IP parameters. Most of these settings are nicely handled by dhcpd (which sets the interface parameters and changes /etc/resolve.conf [1]), but what about the HTTP proxy [2]?
The thing is, HTTP proxy configuration is application specific (http_proxy, prefs.js, etc.), and even if it was centrally configured, I don't want to restart all applications for it to take effect. The only solution I can think of it to set up a local proxy on the laptop and redirect all applications to it (either by configuring them so or using a local transparent proxy setup). The local proxy then either forwards all requests to the external proxy du jour, or does the fetches HTTP by itself if there isn't one. The external proxy can be changed on-the-fly by reconfiguring the local proxy. Is this the simplest way to do it? What's the most lightweight that's compliant with modern standards? Note that it doesn't need to do any caching, just either simple forwarding [3] or simple fetching. Squid will work, but is a bloated overkill for this task; and all "tiny" proxies I tried were badly broken. Here's one thing that won't work: configure all applications to use (say) localhost:8080 as proxy, and then set up a simple TCP relay from localhost:880 to proxy.du.jour:8080 [3]. When you'll get to a a network that does *not* have a proxy, you'll be out of the water. Another thing that won't work is to configure the applications to not use a proxy, and let iptables do a transparent redirect to a remote proxy. Many proxies out there (e.g., squid in default setup) are not configured to correctly handle the resulting requests. BTW, it seems that Windows has the same problem; but there, many applications rely on the MSIE settings in the registry, and these can and are dynamically changed (no restart required, unlike with http_proxy). Eran [1] Actually I have a VPN setup that changes the picture somewhat, but let's ignore that for now. Suffices to say that for some HTTP traffic I'm willing to compromise on security to get sane latencies. [2] Curiously, network administrators consider it is terribly important to force users to use their strangely-named and oddly-configured proxy servers, but not important enough to warrant use of a transparent proxy. Where, oh, where are the days when a packet to port 80 of some remote host just *got* there? [3] socat tcp4-listen:8080,bind=localhost,fork tcp4:proxy.du.jour:8080 ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
