I arranged a transparent Squid proxy which listens to port 3128 on localhost, to block some web sites.
I've tested the proxy using Firefox, and it works.
Then I ran this, hoping to redirect all the http requests to the proxy:
sudo iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 3128
Sadly, nothing happens. The other browsers in my system don't seem to be using the proxy. I don't want to configure each browser, to use the proxy either.
sudo iptables -L
shows no rules assigned.
I'm on Ubuntu 13.04, and using a 3G USB modem (ppp0
) to connect to the Internet. Any advice is appreciated!
I think you are missing the destination port, try following
Without dport, you are forwarding traffic with destination port 3128 to local port 3128. What you want is traffic with destination port 80 forward to local port 3128.
Additionally, to show nat rules, use
However, the above rules will not work for a transparent proxy setup on the same machine of the browser, because PREROUTING chain alters packges before routing from a remote client and it will not do anything for locally generated packets. Thus we should use OUTPUT chain for packets locally generated which are going out from the system.
Try following instead
It will only redirect traffic for processes other than the ones owned by
proxy
user.Without
-m owner ! --uid-owner proxy
, it will not work because the rules will also caught the proxy server outgoing traffic and end up in a loop.