Local transparent proxy
I have an application that does not support proxy but I need to send it's traffic to a local proxy. I want to set IPTABLES to transparently redirect traffic to a given IP and PORT (80) to be intercepted and redirected to the local proxy. Unfortunately all examples I've found assume that the trasnsparent proxy is set in a GW doing NATTING. Is it possible to redirect the traffic to a transparent proxy (SQUID) without having to NAT? I'd appreciate an example
Yes, it is possible. You can use policy routing in Linux machine to redirect traffic to squid proxy as shown in this page.
To summarize the steps:
- Setup mangle rule in iptables to mark traffic to be redirected.
- Setup another routing table with default route towards squid machine.
- Setup an IP rule to use the new defined routing table when packet is marked according to value used in mangle rule.
- Make sure iptables allow traffic from clients IPs to squid machine.
No, it's not possible. You have to use nat if you wanna redirect traffic:
# iptables -A OUTPUT -t nat -p tcp --dport 80 -j DNAT --to 127.0.0.1:3128
Run the following command to redirect all traffic headed to (from local processes) port 80:
sudo iptables -t nat -A OUTPUT -p tcp \
-m owner ! --uid-owner root --dport 80 \
-j REDIRECT --to-port 8080
Then make sure your local proxy process is running as root. This is so the proxy doesn't have its traffic redirected to itself. If you don't want to run the proxy as root, run it as another user and edit the iptables command to change root
to the new username.
The command assumes your proxy is listening on port 8080.
Also, this question is similar to another that I answered.