Linux traffic Interception with Squid and the Browser on the same box
by Joshua N Pritikin
Warning: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.
Contents
Outline
To Intercept web requests transparently without any kind of client configuration. When web traffic is rgenerated by the machine squid is run on.
NP: for most non-Windows boxes setting the http_proxy environment variable (http_proxy="http://SQUIDIP:3128/") is a preferred alternative to the below interception.
NP: other users have reported setting outgoing TOS and filtering on it instead of process gid to also be effective.
iptables configuration
![/!\](/wiki/squidtheme/img/alert.png "/!\")
Replace SQUIDIP with the public IP(s) which squid may use for its listening port and outbound connections. Repeat each iptables line one per squid outbound IP.
iptables -t nat -F # clear table # normal transparent proxy iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3127 # handle connections on the same box (SQUIDIP is a loopback instance) gid=`id -g proxy` iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --gid-owner $gid -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination SQUIDIP:3127
Squid Configuration File
You will need to configure squid to know the IP is being intercepted like so:
http_port 3127 transparent
- In Squid 3.1+ the transparent option has been split. Use 'intercept to catch DNAT packets.
http_port 3127 intercept