[lug] Transparent proxy on localhost

Michael Hirsch mdhirsch at gmail.com
Mon Aug 20 22:31:16 MDT 2007


I'm trying to set up a transparent proxy on localhost.  (I'm trying to
filter my kids' web browsing.)  I have the proxy all setup and
working, but I can't figure out how to get it to happen transparently.
 Here's what I've tried:

modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward

#Clean things out:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
#setup up transparent proxy
iptables -t nat -A PREROUTING -p tcp --dport 80 -j LOG
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

This is what googling gives me as the proper command, but it doesn't
do anything.  Actually, it does.  If I connect from another computer I
can see the LOG command get hit, but if I run the browser on
localhost, it does nothing.

I'm guessing that I need to do something special to get it to work on
the localhost rather than an external connection.  I tried:

iptables -t nat -i lo -A PREROUTING -p tcp --dport 80 -j LOG
iptables -t nat -i lo -A PREROUTING -p tcp --dport 80 -j REDIRECT
--to-ports 8080

but there's no change in behavior.  The web connection is unfiltered.

What am I doing wrong?

Thanks,

Michael



More information about the LUG mailing list