🔗 Linux traffic Interception with Squid and the Browser on the same box
- by Joshua N Pritikin
To Intercept web requests transparently without any kind of client configuration. When web traffic is rgenerated by the machine squid is run on.
NP: for most non-Windows boxes setting the http_proxy environment variable (http_proxy=”http://SQUIDIP:3128/”) is a preferred alternative to the below interception.
NP: other users have reported setting outgoing TOS and filtering on it instead of process gid to also be effective.
🔗 iptables configuration
- Replace SQUIDIP with the public IP(s) which squid may use for its listening port and outbound connections. Repeat each iptables line one per squid outbound IP.
iptables -t nat -F # clear table # normal transparent proxy iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3127 # handle connections on the same box (SQUIDIP is a loopback instance) gid=`id -g proxy` iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --gid-owner $gid -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination SQUIDIP:3127
🔗 Squid Configuration File
You will need to configure squid to know the IP is being intercepted like so:
http_port 3127 transparent
- In Squid 3.1+ the transparent option has been split. Use ‘intercept to catch DNAT packets.
http_port 3127 intercept
⚠️ Disclaimer: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.
Categories: ConfigExampleNavigation: Site Search, Site Pages, Categories, 🔼 go up