-   Linux - Networking (
-   -   help using iptables to setup a simple transparent proxy (

chibi 10-03-2009 05:39 PM

help using iptables to setup a simple transparent proxy
Hello and thanks for the help. I have been reading IPTABLES stuff all morning/afternoon now so I've broken down and decided just to ask for help on this.

What I would like to accomplish is to have my linux box hosted in a datacenter act as a transparent proxy whenever I need it just by entering a line (or few :)) into IPTABLES.

So for example, if I was using an application on my home computer that ran on port 56120 using a tcp protocol (and I could configure a proxy for it natively or through other software), I would want my remote linux box to handle the communication from my home computer to the variable destinations the application would make connections to. The point of this being that when I use the application at home, my server ip is what shows up to all my interactions.

As far as I am aware, this is very possible with IPTABLES. Originally I was going to use Privoxy for this, but upon setup it was learned that it doesn't work with non http protocols. Also I learned that SQUID is basically unecessary as well, since IPTABLES can be used just as easily, and I am already using IPTABLES as a sort of firewall and would like to stick to modifying IPTABLES manually and not through a program.

So far I have something like this:

iptables -A POSTROUTING -t nat -p tcp --sport 56120 -j SNAT --to-source

where would of course be my ip at home, which of course is not networked with the linux box.

But I admit, I don't entirely understand what I am doing with that, and I suspect that's only one piece of more that needs to be done. My IPTABLES experience has basically been limited to 'iptables -A INPUT -s -j DROP' and all this nat and FORWARD or POSTROUTING stuff is a bit over my head at the moment -_-

I really need to have a clearer understanding, so if someone would please provide the solution it would really help me wrap my head around it.

Thank you so very much!


kirukan 10-03-2009 11:11 PM


iptables -A POSTROUTING -t nat -p tcp --sport 56120 -j SNAT --to-source
change this sport as a dport and try

iptables -t nat -A POSTROUTING -p tcp --dport 443 -j SNAT --to xx.xx.xx.xx (tranparent server ip address)
i am using this for https access at transparent proxy

chibi 10-04-2009 06:53 PM

Thanks for replying, Kirukan. To clarify, is that what the IPTABLES of the server need to have? Looking at it, it makes me think that's something my home computer would be doing..

All times are GMT -5. The time now is 04:48 PM.