Find the answer to your Linux question:
Results 1 to 6 of 6
Hello, Im trying to configure a transparent proxy with squid (and filter content with dansguardian) in Debian/Ubuntu. If i configure firefox to use it, it runs ok. I had seen ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie JosePF's Avatar
    Join Date
    Jun 2010
    Posts
    225

    transparent proxy in single pc


    Hello,
    Im trying to configure a transparent proxy with squid (and filter content with dansguardian) in Debian/Ubuntu.
    If i configure firefox to use it, it runs ok.
    I had seen a lot of iptables rules to use fowarding proxy to a lan, but i would like to use squid and dansguardin in a single pc that run them and filter web content.
    Plesae, What iptables rules i have to use?

    Thanks in advance
    Regards
    There are people trying to avoid mistakes and another that tries to target.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    You will have to redirect that systems traffic to the proxy. Something like this:

    Code:
    iptables -t nat -A PREROUTE -i <lan-interface> -p tcp -s <ip-of-system> -dport 80 -j DNAT --to-destination <ip-of-proxy:port>
    Then all traffic will be directed to the proxy even if it is not setup in browser to do so.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Linux Newbie JosePF's Avatar
    Join Date
    Jun 2010
    Posts
    225
    Thank you,

    but i already tried that:
    sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp -s 192.168.0.191 --dport 80 -j DNAT --to-destination 192.168.0.191:3128
    and (i think that is the same thing),
    sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 3128
    and nothing.

    i run firefox but iptables packets do not pass through these rules:

    Chain PREROUTING (policy ACCEPT 7 packets, 1101 bytes)
    pkts bytes target prot opt in out source destination

    0 0 REDIRECT tcp -- wlan0 * 0.0.0.0/0 0.0.0.0/0
    tcp dpt:80 redir ports 3128
    0 0 DNAT tcp -- wlan0 * 192.168.0.191 0.0.0.0/0
    tcp dpt:80 to:192.168.0.191:3128

    i dont know what to do...
    thanks again
    There are people trying to avoid mistakes and another that tries to target.

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    REDIRECT is used for connecting ending on the system and for you this is not the case as the packets are to pass through.

    Can you save your rules and then paste them using the CODE tags? Click on the '#' above the reply window and place the contents in between the tags.

    Also could you post the output from ifconfig and route -a in the same way?
    Please from both the firewall and the system you are trying to capture.

    If the computer you are trying to capture is a windows machine then ipconfig and route -print from that computer please.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Linux Newbie JosePF's Avatar
    Join Date
    Jun 2010
    Posts
    225
    Ok,
    thanks,
    but my problem is that squid and dansguardian run ok if i configure webbrowser to use them ("normal" proxy). I have configured all ok.

    But i would like that squid run as a transparent proxy, then i hava changed in squid configuration to "transparent": "http_port X:3128 transparent".

    When you want that this runs, i think that it is necessary to config iptables to enable transparent use. I know how configure it to give access to third pcs, but i dont know in my server squid pc.
    If i add a OUTPUT nat rule, squid refuse connection because he is not enable to find parent proxy or the internet content. I guess I'm wrong in the rule or have to add another...

    iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port "squid port"

    Thanks in advance
    There are people trying to avoid mistakes and another that tries to target.

  6. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    It would really help a lot if I could see your entire firewall rules.

    That OUTPUT rule is wrong. You want to redirect the input from your LAN.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •