1

I'm trying to test a fancy traffic analyzer app, which I have running on port 8890.

My current plan is to let any HTTP request come into Squid, on port 3128, and let it process the request, and then just before it sends the response back, use iptables to redirect the response packets (leaving port 3128) to port 8890.

I've researched this all night, and tried many iptables commands, but I'm missing something and my hair is falling out.

I thought something like this would work:
iptables -t nat -A OUTPUT -p tcp --sport 3128 -j REDIRECT --to-ports 8990
This rule gets created ok, but it never redirects anything.

Is this even possible? If so, what iptables incantation could do it? If not, any idea what might work on a single host, given multiple remote browser clients?

I wonder if Apache with mod_proxy might be a candidate for this setup, instead of Squid?

If I could just tell Squid (or Apache or any other HTTP proxy) to send the response to a different local port rather than back to the remote client, that would also work (even without iptables).

Any suggestion of another HTTP proxy with this capability would be great.

Improve this question
0

2 Answers 2

Reset to default
0

Turns out my original plan is not possible.

But I can achieve the original intended goal, which is to allow any remote client to see this fancy traffic analyzer doing its job, by running OpenVPN on the host, and then using iptables in a typical way to capture packets for port 80 from one subnet (the tunneled one) and redirecting to another subnet (the host's normal one). This works with the design of the analyzer, which expects the gateway itself to be modified for this type of redirection.

Improve this answer
0

Using iptables with TEE should get you where you need to be.

http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/

Improve this answer
1
  • Thanks much for helping, but this still doesn't seem to work (in fact I think it's one of the many permutations I already tried). I use tcpdump to check. I think the major catch here is that the connection to Squid is already established, and it has already handled the incoming request packets, but I want to just redirect the outgoing response packets (from the already established TCP transaction). I think it's weird and I'm not sure it can work at all, but I expect there are many experts out there who know more than I. Commented Apr 5, 2010 at 20:36

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.