2

I've searched around for an answer to this question, but it seems like most of what I found wasn't specifically what I wanted to do (mostly redirecting traffic on the same host to squid running on that host).

If at all possible, I'd like to know how to use iptables (or similar, say, SuSEFirewall2 if on opensuse) to mimic the system proxy settings (ie: HTTP_PROXY_HOST in /etc/environment in Ubuntu).

The reason is, not everything uses that setting. Many services require their own proxy settings. I'm hoping to just "catch it all" at the network layer. So if I have phpcurl calling a remote webservice, I don't have to define a proxy there. Same for apt/zypper/yum, and so on. I don't want to have to configure proxy settings 25 different times on the same server for all the various services.

I've tried different variations of this (in this case, sending traffic to a Squid proxy):

iptables -t nat -A OUTPUT -p tcp -o lo --dport 80 -j DNAT --to 192.168.0.34:3128

But it doesn't work. I've set a firewall rule to block all outbound internet connectivity from this host and fired up tcpdump on the squid box to see if any packets get there (they don't). I can set my browser to use the Squid proxy on my laptop and it works, but in case I didn't have squid set up right, I figured I'd at least see the initial traffic sent to squid via tcpdump.

If someone has a better idea of how to handle this, meeting the requirements above, I'm open to suggestions.

Improve this question
1
  • Removing the "-o lo" from the iptables command above did cause traffic to get forwarded to my squid proxy. However, it wasn't the solution, so the marked answer below is still valid in my case. Commented Jan 21, 2015 at 22:22

2 Answers 2

Reset to default
2

You simply can't do this with a iptables alone and a http proxy like squid, because most network protocols simply were not designed with transparent proxy as a feature. They must be explicitly configured to use a proxy. The closest you can get is to use a socks proxy like Redsocks

Improve this answer
1
  • This does appear to be a good solution, and I have it working for port 80 now. I don't, yet, have a way to test it for SSL. I do like that it supports different proxy types as I will likely run into this (it won't always be squid I'm connecting to/through). Curious tho, it seems Redsocks hasn't had any development done on it recently. Anyone mimiced the functionality of redsocks using HAProxy? Commented Jan 21, 2015 at 19:07
-1

As far as I can tell you just want a transparent http proxy?

http://www.tldp.org/HOWTO/TransparentProxy-6.html

Improve this answer
1
  • We generally don't like link-only answers on Stack Exchange. Commented Jan 20, 2015 at 22:47

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.