transparent proxy in single pc

[JosePF]

Hello,
Im trying to configure a transparent proxy with squid (and filter content with dansguardian) in Debian/Ubuntu.
If i configure firefox to use it, it runs ok.
I had seen a lot of iptables rules to use fowarding proxy to a lan, but i would like to use squid and dansguardin in a single pc that run them and filter web content.
Plesae, What iptables rules i have to use?

Thanks in advance
Regards

[Lazydog]

You will have to redirect that systems traffic to the proxy. Something like this:

Code:

iptables -t nat -A PREROUTE -i <lan-interface> -p tcp -s <ip-of-system> -dport 80 -j DNAT --to-destination <ip-of-proxy:port>

Then all traffic will be directed to the proxy even if it is not setup in browser to do so.

[JosePF]

Thank you,

but i already tried that:
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp -s 192.168.0.191 --dport 80 -j DNAT --to-destination 192.168.0.191:3128
and (i think that is the same thing),
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 3128
and nothing.

i run firefox but iptables packets do not pass through these rules:

Chain PREROUTING (policy ACCEPT 7 packets, 1101 bytes)
pkts bytes target prot opt in out source destination

0 0 REDIRECT tcp -- wlan0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 redir ports 3128
0 0 DNAT tcp -- wlan0 * 192.168.0.191 0.0.0.0/0
tcp dpt:80 to:192.168.0.191:3128

i dont know what to do...
thanks again

[Lazydog]

REDIRECT is used for connecting ending on the system and for you this is not the case as the packets are to pass through.

Can you save your rules and then paste them using the CODE tags? Click on the '#' above the reply window and place the contents in between the tags.

Also could you post the output from ifconfig and route -a in the same way?
Please from both the firewall and the system you are trying to capture.

If the computer you are trying to capture is a windows machine then ipconfig and route -print from that computer please.

[JosePF]

Ok,
thanks,
but my problem is that squid and dansguardian run ok if i configure webbrowser to use them ("normal" proxy). I have configured all ok.

But i would like that squid run as a transparent proxy, then i hava changed in squid configuration to "transparent": "http_port X:3128 transparent".

When you want that this runs, i think that it is necessary to config iptables to enable transparent use. I know how configure it to give access to third pcs, but i dont know in my server squid pc.
If i add a OUTPUT nat rule, squid refuse connection because he is not enable to find parent proxy or the internet content. I guess I'm wrong in the rule or have to add another...

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port "squid port"

Thanks in advance

[Lazydog]

It would really help a lot if I could see your entire firewall rules.

That OUTPUT rule is wrong. You want to redirect the input from your LAN.