Menu

Rootserver Sponsor

webtropia"

Donations

Please support your operating system's further development:

donate"

News

Blog

FAQ  •  Search  •  Register  •  Log in to check your private messages
Log in  •   Maximize

Transparent proxy and browser on same computer
aptosid.com Forum Index » Support Forums » Software
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
mbodOffline
Post subject: Transparent proxy and browser on same computer  PostPosted: 07.01.2011, 12:15



Joined: 2010-09-12
Posts: 9

Status: Offline
Hello,

I have suqid3 and squidGuard installed on my computer and iceweasel is forced to use the proxy with a system wide mozilla.cfg file. So far so good.

But what I really want is that the proxy is mandatory for every webbrowser (konqueror, chrome, firefox, lynx, etc.) on this computer.

All I can find on the internet are instructions with dedicated proxy servers with separate clients. But that does not work for me. I have one computer and this one computer needs to do both: Be a transparent proxy and execute the various browser programs.

Is it at all possible to have a transparent proxy with this setup? Your help is highly appreciated.

Thanks
Matthias
 
 View user's profile Send private message  
Reply with quote Back to top
slhOffline
Post subject: RE: Transparent proxy and browser on same computer  PostPosted: 07.01.2011, 13:32



Joined: 2010-08-25
Posts: 962

Status: Offline
The easiest way would be to put your proxy in a small headless virtual machine (kvm & virtio preferred) and treat it just like a separate system on your network. Denying applications direct access just means that they mustn't have any option to access anything on the outside, except through the proxy - while there are ways to tag packages on a per application base (or jail like approaches, think lxc/ openvz coupled with custom selinux rules and stuff), those are a lot more complex to implement.
 
 View user's profile Send private message  
Reply with quote Back to top
mbodOffline
Post subject: found the solution  PostPosted: 20.03.2011, 08:49



Joined: 2010-09-12
Posts: 9

Status: Offline
The easiest way to create a trasnparent proxy on a single PC which is browser and proxy at the same time is to use squid3 and iptables.

I found the solution here:
http://blog.bodhizazen.net/linux/how-to-transparent-proxy/

In squid.conf I needed to make the following changes:
      Code:
# uncomment
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
# add
http_access allow localnet
# add "intercept"
http_port 3128 intercept


Next step is to created two rules with iptables:
      Code:
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner root -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner proxy -j REDIRECT --to-port 3128


Make sure to have "iptables-persistent" installed and save the settings:
      Code:
iptables-save > /etc/iptables/rules.v4


This is all. The proxy is now transparent without touching the applications. Each request for port 80 is run throught the proxy.

Matthias
 
 View user's profile Send private message  
Reply with quote Back to top
slhOffline
Post subject: RE: found the solution  PostPosted: 22.03.2011, 02:30



Joined: 2010-08-25
Posts: 962

Status: Offline
...which is nice, but doesn't drop all kinds of internet access circumventing the proxy, but just port 80 - there are 65533 other usable ports, different transport protocols and totally different means of transporting information through the internet.
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 12 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 aptosid.com Forum Index » Support Forums »  Software
Powered by Zafenio