transparent http proxy with Linux and Squid

11 08 2009
#<transparent proxying>
#local squid
#iptables -t nat -A PREROUTING -i $INT_IFACE -s ! $PROXY_IP -p tcp –dport 80 -j REDIRECT –to $PROXY_PORT
#remote squid
#iptables -t mangle -A PREROUTING -j ACCEPT -p tcp –dport 80 -s $PROXY_IP
#iptables -t mangle -A PREROUTING -j MARK –set-mark 3 -p tcp –dport 80
#ip rule add fwmark 3 table 2
#ip route add default via $PROXY_IP dev $INT_IFACE table 2
###!!!! do not forget to add following line to proxy_server iptables:
#iptables -A PREROUTING -t nat -i $INT_IFACE -p tcp –dport 80 -j REDIRECT –to-port $PROXY_PORT
#</transparent proxying>

if you are running Squid on or behind you Linux gateway here’s HowTo transparently run all outgoing HTTP through it

if  Squid is running on the gateway it’s quite simple:

# iptables -t nat -A PREROUTING -i $INT_IFACE -s $INTERNAL_LAN -p tcp –dport 80 -j REDIRECT –to $PROXY_PORT

in case when Squid is running on machine within your perimeter it’s a bit more tricky:

on your router add following

#iptables -t mangle -A PREROUTING -j ACCEPT -p tcp –dport 80 -s $PROXY_IP

#iptables -t mangle -A PREROUTING -j MARK –set-mark 3 -p tcp –dport 80

#ip rule add fwmark 3 table 2

#ip route add default via $PROXY_IP dev $INT_IFACE table 2

and  do not forget to add following line to proxy_server iptables:

#iptables -A PREROUTING -t nat -i $INT_IFACE -p tcp –dport 80 -j REDIRECT –to-port $PROXY_PORT

« »


Actions

Informations

Leave a comment

You can use these tags : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>