Home / server / Questions / 219740
Accepted
nixnotwin
Asked: 2011-01-08 00:23:52 +0800 CST

redirecting some url requests to a LAN proxy

  • 772

I use a linux based router which has dnsmasq and iptables. On a LAN machine I have squid proxy. I want to know if requests for certain urls can be forwarded to the proxy, while other urls are allowed directly to the WAN. For example the request for www.onedomian.com should be forwarded to the proxy by the router.

routing proxy squid

2 Answers

  1. Best Answer

    You can use iptables to redirect the HTTP requests based on the destination IP (IP of web server) and/or based on the URL (some string) using string matching module.

    For example, you can use a rule to forward the requests to the proxy:

    $ sudo iptables -t nat -A PREROUTING -s your_client_ip -d your_url_ip -p tcp --dport 80 -j DNAT --to-destination PROXY_IP:PROXY_PORT

    Another example using sting matching:

    $ sudo iptables -t nat -A PREROUTING -s your_client_ip -p tcp --dport 80 -m string --string "your_url" --algo bm -j DNAT --to-destination PROXY_IP:PROXY_PORT

    The normal case will be to forward the requests directly (given that there is no proxy settings in your browser). You just need to setup the default gateway and specify the needed FORWARD rules. The rules above assume using transparent proxying.

    If you want to specify a proxy settings in your browser, you can use exception list in the browser to specify the URLs/IPs that are not passed to the proxy server.

    • 2

  2. Yes, using a proxy.pac file, that you can save on your disc or on a http server and then setting it the proxy configuration of your browser.

    This is an example found in internet, if you have particular needs let us know.

    function FindProxyForURL(url, host)
{
if ((isPlainHostName(host) ||
dnsDomainIs(host, ".noa.com") ||
isInNet(host, "10.0.0.0", "255.0.0.0") ||
isInNet(host, "150.0.0.0", "255.255.0.0") ||
isInNet(host, "192.168.1.0", "255.255.255.0") ||
isInNet(host, "155.16.0.0", "255.255.0.0") ||
isInNet(host, "222.123.76.43", "255.255.255.255") ||
isInNet(host, "222.123.76.24", "255.255.255.255") ||
isInNet(host, "222.223.120.0", "255.255.255.0")) && (
!localHostOrDomainIs(host, "aproxy.noa.com") &&
!localHostOrDomainIs(host, "10.1.80.10") &&
!localHostOrDomainIs(host, "newproxy.noa.com") &&
!localHostOrDomainIs(host, "10.1.1.74") &&
!localHostOrDomainIs(host, "cproxy.proxy.com") &&
!localHostOrDomainIs(host, "10.1.80.11"))) {
return "DIRECT";
}
else if (url.substring(0,16)=="http://localhost")
{
return "DIRECT";
}

else {
return "PROXY your.proxy.com:8080";
}
}
    • 1