D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] Transparent proxying using iptables

 

Hello everyone.
At my Uni they have a standard NAT setup, with one major exception- no 
traffic is allowed to port 80. Instead, you have to go through their 
proxy server, which runs on port 8080.
I read somewhere that you can setup a transparent proxy system using 
iptables. However, this setup uses the REDIRECT target, which just 
directs traffic to a specified port on the local machine. So if you have 
a proxy running on port 8080, you can use a rule like this:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

However, I want to use an external proxy server. I checked the iptables 
man page and eventually came up with this:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 
137.222.10.108:8080

But it doesn't work. The problem is that I don't know if my rule will 
actually do what I want it to. I also don't know if the proxy server 
will handle this. In my understanding, the above rules (both of them 
actually) mean that the proxy server has to serve web pages as though it 
is a web server. I always thought that there was a special set of proxy 
commands. Also, the proxy server always mentioned in the howtos is 
squid, which perhaps has some extra functionality that allows this? I 
don't know what proxy the uni is running.

As an aside, why doesn't the DNAT target support DNS lookups?

If anyone can shed some light on this issue I would be grateful.
Thanks in advance
Simon

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html