[lug] Transparent proxy on localhost
George Sexton
gsexton at mhsoftware.com
Tue Aug 21 08:53:46 MDT 2007
I've seen this before. Localhost doesn't traverse the pre-routing chain.
In my case, I was running tomcat on port 8080 and redirecting to port
80. Same problem.
Michael Hirsch wrote:
> I'm trying to set up a transparent proxy on localhost. (I'm trying to
> filter my kids' web browsing.) I have the proxy all setup and
> working, but I can't figure out how to get it to happen transparently.
> Here's what I've tried:
>
> modprobe iptable_nat
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> #Clean things out:
> iptables -F
> iptables -X
> iptables -t nat -F
> iptables -t nat -X
> #setup up transparent proxy
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j LOG
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
>
> This is what googling gives me as the proper command, but it doesn't
> do anything. Actually, it does. If I connect from another computer I
> can see the LOG command get hit, but if I run the browser on
> localhost, it does nothing.
>
> I'm guessing that I need to do something special to get it to work on
> the localhost rather than an external connection. I tried:
>
> iptables -t nat -i lo -A PREROUTING -p tcp --dport 80 -j LOG
> iptables -t nat -i lo -A PREROUTING -p tcp --dport 80 -j REDIRECT
> --to-ports 8080
>
> but there's no change in behavior. The web connection is unfiltered.
>
> What am I doing wrong?
>
> Thanks,
>
> Michael
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
--
George Sexton
MH Software, Inc.
Voice: +1 303 438 9585
URL: http://www.mhsoftware.com/
More information about the LUG
mailing list