Fully Transparent With TPROXY
Linux: Setup a transparent proxy with Squid in three easy steps
Squid Cache, TProxy, dan Mikrotik (Alternate Configuration for Simple Networks)
Configuring a Transparent Proxy/Webcache in a Bridge using Squid and ebtables
Squid 2.6 + tproxy + bridge + gentoo
To configure a bridge interface
ifconfig eth0 0.0.0.0 promisc up
ifconfig eth1 0.0.0.0 promisc up
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 200.1.2.3 netmask 255.255.255.0 up
route add default gw 200.1.2.254 dev br0
To intercept the concerned connections:
bash# ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \
--ip-destination-port 80 -j redirect --redirect-target ACCEPT
bash# iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \
-j REDIRECT --to-port 3128
The first command says that packets passing through the bridge going to port 80 will be redirected to the local machine, instead of being bridged. The second uses iptables to redirect those packets to local port 3128, so squid can take care of them.
沒有留言:
張貼留言