[lug] Transparent proxy on localhost
Michael Hirsch
mdhirsch at gmail.com
Tue Aug 21 15:18:54 MDT 2007
Thanks, but I'm trying to not use a gateway machine, but do it on
single system. I want my kids box to run the proxy and filter the web
traffic on that box. It appears to be a little different than doing
it on a gateway.
Michael
On 8/21/07, steve at badcheese.com <steve at badcheese.com> wrote:
> I use squid (web proxy) at both of my offices for my work and use
> transparent proxying on them. It's pretty easy, just set up squid on your
> default gateway machine. Make sure it works on the normal port (3128),
> then you use iptables to redirect all port 80 traffic through squid:
>
> iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
>
> I'm not doing any filtering in squid, but it helps keep the web surfing
> bandwidth to as low as possible because of the caching.
>
> - Steve
>
> On Mon, 20 Aug 2007, Michael Hirsch wrote:
>
> > Date: Mon, 20 Aug 2007 22:31:16 -0600
> > From: Michael Hirsch <mdhirsch at gmail.com>
> > Reply-To: "Boulder (Colorado) Linux Users Group -- General Mailing List"
> > <lug at lug.boulder.co.us>
> > To: "Boulder (Colorado) Linux Users Group -- General Mailing List"
> > <lug at lug.boulder.co.us>
> > Subject: [lug] Transparent proxy on localhost
> >
> > I'm trying to set up a transparent proxy on localhost. (I'm trying to
> > filter my kids' web browsing.) I have the proxy all setup and
> > working, but I can't figure out how to get it to happen transparently.
> > Here's what I've tried:
> >
> > modprobe iptable_nat
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> > #Clean things out:
> > iptables -F
> > iptables -X
> > iptables -t nat -F
> > iptables -t nat -X
> > #setup up transparent proxy
> > iptables -t nat -A PREROUTING -p tcp --dport 80 -j LOG
> > iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
> >
> > This is what googling gives me as the proper command, but it doesn't
> > do anything. Actually, it does. If I connect from another computer I
> > can see the LOG command get hit, but if I run the browser on
> > localhost, it does nothing.
> >
> > I'm guessing that I need to do something special to get it to work on
> > the localhost rather than an external connection. I tried:
> >
> > iptables -t nat -i lo -A PREROUTING -p tcp --dport 80 -j LOG
> > iptables -t nat -i lo -A PREROUTING -p tcp --dport 80 -j REDIRECT
> > --to-ports 8080
> >
> > but there's no change in behavior. The web connection is unfiltered.
> >
> > What am I doing wrong?
> >
> > Thanks,
> >
> > Michael
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> >
>
> --
> EMAIL: (h) steve at badcheese.com WEB: http://badcheese.com/~steve
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list