Linux Networking/IP Transparent Proxy
IP Transparent Proxy
[edit | edit source]IP transparent proxy is a feature that enables you to redirect servers or services destined for another machine to those services on this machine. Typically this would be useful where you have a linux machine as a router and also provides a proxy server. You would redirect all connections destined for that service remotely to the local proxy server.
Kernel Compile Options:
Code maturity level options ---> [*] Prompt for development and/or incomplete code/drivers Networking options ---> [*] Network firewalls .... [*] TCP/IP networking .... [*] IP: firewalling .... [*] IP: transparent proxy support (EXPERIMENTAL)
Configuration of the transparent proxy feature is performed using the ipfwadm command
An example that might be useful is as follows:
root# ipfwadm -I -a accept -D 0/0 telnet -r 2323
This example will cause any connection attempts to port telnet (23) on any host to be redirected to port 2323 on this host. If you run a service on that port, you could forward telnet connections, log them or do whatever fits your need.
A more interesting example is redirecting all http traffic through a local cache. However, the protocol used by proxy servers is different from native http: where a client connects to www.server.com:80 and asks for /path/page, when it connects to the local cache it contacts proxy.local.domain:8080 and asks for www.server.com/path/page.
To filter an http request through the local proxy, you need to adapt the protocol by inserting a small server, called transproxy (you can find it on the World Wide Web). You can choose to run transproxy on port 8081, and issue this command:
root# ipfwadm -I -a accept -D 0/0 80 -r 8081
The transproxy program, then, will receive all connections meant to reach external servers and will pass them to the local proxy after fixing protocol differences.