LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-03-2009, 05:39 PM   #1
chibi
Member
 
Registered: Aug 2004
Location: Canada
Distribution: Debian
Posts: 62

Rep: Reputation: 15
help using iptables to setup a simple transparent proxy


Hello and thanks for the help. I have been reading IPTABLES stuff all morning/afternoon now so I've broken down and decided just to ask for help on this.

What I would like to accomplish is to have my linux box hosted in a datacenter act as a transparent proxy whenever I need it just by entering a line (or few ) into IPTABLES.

So for example, if I was using an application on my home computer that ran on port 56120 using a tcp protocol (and I could configure a proxy for it natively or through other software), I would want my remote linux box to handle the communication from my home computer to the variable destinations the application would make connections to. The point of this being that when I use the application at home, my server ip is what shows up to all my interactions.

As far as I am aware, this is very possible with IPTABLES. Originally I was going to use Privoxy for this, but upon setup it was learned that it doesn't work with non http protocols. Also I learned that SQUID is basically unecessary as well, since IPTABLES can be used just as easily, and I am already using IPTABLES as a sort of firewall and would like to stick to modifying IPTABLES manually and not through a program.

So far I have something like this:

iptables -A POSTROUTING -t nat -p tcp --sport 56120 -j SNAT --to-source xxx.xxx.xxx.xxx:56120

where xxx.xxx.xxx.xxx would of course be my ip at home, which of course is not networked with the linux box.

But I admit, I don't entirely understand what I am doing with that, and I suspect that's only one piece of more that needs to be done. My IPTABLES experience has basically been limited to 'iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP' and all this nat and FORWARD or POSTROUTING stuff is a bit over my head at the moment -_-

I really need to have a clearer understanding, so if someone would please provide the solution it would really help me wrap my head around it.

Thank you so very much!

-Chi

Last edited by chibi; 10-03-2009 at 05:44 PM.
 
Old 10-03-2009, 11:11 PM   #2
kirukan
Senior Member
 
Registered: Jun 2008
Location: Eelam
Distribution: Redhat, Solaris, Suse
Posts: 1,240

Rep: Reputation: 132Reputation: 132
Quote:
iptables -A POSTROUTING -t nat -p tcp --sport 56120 -j SNAT --to-source xxx.xxx.xxx.xxx:56120
change this sport as a dport and try

iptables -t nat -A POSTROUTING -p tcp --dport 443 -j SNAT --to xx.xx.xx.xx (tranparent server ip address)
i am using this for https access at transparent proxy

Last edited by kirukan; 10-03-2009 at 11:13 PM.
 
Old 10-04-2009, 06:53 PM   #3
chibi
Member
 
Registered: Aug 2004
Location: Canada
Distribution: Debian
Posts: 62

Original Poster
Rep: Reputation: 15
Thanks for replying, Kirukan. To clarify, is that what the IPTABLES of the server need to have? Looking at it, it makes me think that's something my home computer would be doing..
 
  


Reply

Tags
iptables, proxy


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
setup transparent proxy kirukan Linux - Server 10 02-15-2009 07:51 PM
Squid transparent proxy with iptables cksoo Linux - Server 5 06-12-2008 04:53 AM
IPTABLES for squid (Transparent proxy) kool_kid Linux - Networking 14 10-29-2007 11:45 AM
IPTABLES, SQUID, DANSGUARDIAN and Transparent Proxy metallica1973 Linux - Networking 18 09-03-2007 08:17 PM
Iptables+transparent Proxy seitan Linux - Networking 11 12-13-2004 09:42 PM


All times are GMT -5. The time now is 10:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration