[lug] Transparent proxy on localhost

steve at badcheese.com steve at badcheese.com
Tue Aug 21 08:57:28 MDT 2007 

I use squid (web proxy) at both of my offices for my work and use 
transparent proxying on them.  It's pretty easy, just set up squid on your 
default gateway machine.  Make sure it works on the normal port (3128), 
then you use iptables to redirect all port 80 traffic through squid:

iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128

I'm not doing any filtering in squid, but it helps keep the web surfing 
bandwidth to as low as possible because of the caching.

- Steve

On Mon, 20 Aug 2007, Michael Hirsch wrote:

> Date: Mon, 20 Aug 2007 22:31:16 -0600
> From: Michael Hirsch <mdhirsch at gmail.com>
> Reply-To: "Boulder (Colorado) Linux Users Group -- General Mailing List"
>     <lug at lug.boulder.co.us>
> To: "Boulder (Colorado) Linux Users Group -- General Mailing List"
>     <lug at lug.boulder.co.us>
> Subject: [lug] Transparent proxy on localhost
> 
> I'm trying to set up a transparent proxy on localhost.  (I'm trying to
> filter my kids' web browsing.)  I have the proxy all setup and
> working, but I can't figure out how to get it to happen transparently.
> Here's what I've tried:
>
> modprobe iptable_nat
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> #Clean things out:
> iptables -F
> iptables -X
> iptables -t nat -F
> iptables -t nat -X
> #setup up transparent proxy
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j LOG
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
>
> This is what googling gives me as the proper command, but it doesn't
> do anything.  Actually, it does.  If I connect from another computer I
> can see the LOG command get hit, but if I run the browser on
> localhost, it does nothing.
>
> I'm guessing that I need to do something special to get it to work on
> the localhost rather than an external connection.  I tried:
>
> iptables -t nat -i lo -A PREROUTING -p tcp --dport 80 -j LOG
> iptables -t nat -i lo -A PREROUTING -p tcp --dport 80 -j REDIRECT
> --to-ports 8080
>
> but there's no change in behavior.  The web connection is unfiltered.
>
> What am I doing wrong?
>
> Thanks,
>
> Michael
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>

-- 
EMAIL: (h) steve at badcheese.com  WEB: http://badcheese.com/~steve

More information about the LUG mailing list