Intercepting traffic with IPFW on Linux
by Brian Feeny
Warning: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.
NP: This configuration information is up-to-date as of Linux 2.0.33
NOTE: NAT configuration will only work when used on the squid box. This is required to perform intercept accurately and securely. To intercept from a gateway machine and direct traffic at a separate squid box use policy routing.
ipfwadm Configuration (/etc/rc.d/rc.local)
Replace SQUIDIP with the public IP squid may use to send traffic. Repeat the ipfwadm line for each such IP Squid uses.
# Accept all on loopback ipfwadm -I -a accept -W lo # Accept my own IP, to prevent loops (repeat for each interface/alias) ipfwadm -I -a accept -P tcp -D SQUIDIP 80 # Send all traffic destined to port 80 to Squid on port 3129 ipfwadm -I -a accept -P tcp -D 0/0 80 -r 3129
it accepts packets on port 80, and redirects them to 3127 which is the port my squid process is sitting on.
First, compile and install Squid. It requires the following options:
You will need to configure squid to know the IP is being intercepted like so:
http_port 3129 transparent
In Squid 3.1+ the transparent option has been split. Use 'intercept to catch IPFW packets.
http_port 3129 intercept
To test if it worked, use the nc utility. Stop squid and from the command line as root type in:
nc -l 3129
Then restart squid and try to navigate to a page.
You should now see an output like this:
> nc -l 3129 GET / HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; GNotify 220.127.116.11) Host: example.com Connection: Keep-alive ...
From there on out, just set your browsers up normally with no proxy server, and you should see the cache fill up and your browsing speed up.