Transparent proxying is a way to intercept specific outgoing connections and redirect them to a computer that will service them in the place of the original destination computer.

This technique allows you to setup proxies for services without having to configure each coputer on the internal network. Since all traffic to the outside world goes trough the gateway, all connections to the outside world on the given port will be proxied transparently.

Suppose you have an http proxy configured to run as a transparent proxy on your firewall coputer and listen on port 8888, you can add one rule to redirect outbound HTTP trafic to the HTTP proxy:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8888

It is more complicated to transparently proxy to a service running on a dirrerent host. You can find more detail on making this work for Squid in http://www.tldp.org/howto/transparentproxy.html

 

Comments powered by CComment