Re: Iptables Transparent Proxy and Browser on localhost

From: Fritz Bayer (fritz-bayer_at_web.de)
Date: 06/22/04 

Date: 22 Jun 2004 00:42:46 -0700

fritz-bayer@web.de (Fritz Bayer) wrote in message news:<a9c0aa9e.0406152126.4091a821@posting.google.com>...
> Hello,
>
> I have written a java http proxy, which accepts http connections on
> the localhost at port 8080 and forwards them to the authority in the
> internet.
>
> I would like the proxy to be transparent so that my browser's requests
> to port 80 are redirected to port 8080 on the localhost.
>
> The proxy then opens a new tcp connection and forwards the result to
> the connection originally established by the browser.
>
> The important thing to notice is that I only have one linux pc, and so
> ALL requests are originating from localhost, and that all connection
> request are having the destination port 80.
>
> I'm looking for a set of iptable rules, that redirect the requests
> from the browser to the proxy BUT that do not redirect any requests of
> the proxy to itself.
>
> So I really need some rules, which can differentiate between HTTP
> connections originating from the browser and the proxy.
>
> Those connections originating from the browser should be forwarded to
> the proxy. Those of the proxy should leave my box and go to the
> internet.
>
> I have googled a lot and read the howtos and the manpages, but I can't
> figure out how to distinguish connections of the browser from the
> proxy's connection requests, since they are all leaving the same
> interface.
>
> Any ideas?

I have tought a little bit about what people have suggested and I
figured something that might work.

If I could configure the box to have two ip address in the lan, then I
could set one of them up as described in the mini howto on transparent
proxies.

Then I could run iptables on the second ip and run the proxy on that
one also. The browser would then have to run on the other ip.

How would I set this up so? Could I just put two ip addresses into my
/etc/host file?

Relevant Pages

  • Re: access only to one external site
    ... > client (that is a browser configured to use a proxy server) requests a web ... > request" (not specific destination set, ...
    (microsoft.public.isa.configuration)
  • Re: Open mail relay surge
    ... (Excuse a slight cross-posting to RESNET-L and Incidents...) ... Originally I had counts for outbound TCP connections for this host from ... I looked for proxy connections made to this host over the same ... to an SMTP port from the inside source that were closed by graceful TCP ...
    (Incidents)
  • Re: New proxies
    ... Tor is the one option for Live 365 listeners who want ... proxy to get online coverage from one of three locations. ... I found that that there were connections from corporate ... networks all over Europe, especially during the final ...
    (comp.security.firewalls)
  • iptables proxy two ips for one host
    ... The transparent proxy, which I have written myself, is bound to the ip ... I would like to forward all http ... connections of my browser to the proxy on the same pc. ...
    (comp.os.linux.networking)
  • Re: Iptables Transparent Proxy and Browser on localhost
    ... >> I have written a java http proxy, ... >> I would like the proxy to be transparent so that my browser's requests ... >> the connection originally established by the browser. ... >> connections originating from the browser and the proxy. ...
    (comp.os.linux.networking)
Loading