iptables transparent redirect to proxy on localhost

Thanasis thanasis at asyr.hopto.org
Sat Oct 6 00:11:29 EEST 2007 

on 10/05/2007 08:44 PM Gabriel Tzagkarakis wrote the following:
> an exeis kanei compile ton kernel sou compile me CONFIG_IP_NF_MATCH_OWNER=m
> tote isws doulepsei to e3hs:
>
> iptables -t nat -I OUTPUT -m owner ! --uid-owner
> whatever_uid_you_run_squid_as -p tcp -m tcp --dport 80 -j REDIRECT
> --to-ports 8080
>
> to whatever_uid_you_run_squid_as 8a to breis apo to squid.conf
> an psa3eis gia cache_effective_user  (sunh8ws nobody)
> opote trexeis ena id nobody kai to briskeis .
>
> kalh tuxh
Ούτε έτσι έπαιξε :-(

laptop ~ # iptables -t nat -I OUTPUT -m owner ! --uid-owner 31 -p tcp -m
tcp --dport 80 -j REDIRECT --to-port 8080

laptop ~ # iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
REDIRECT   tcp  --  anywhere             anywhere            ! OWNER UID
match squid tcp dpt:http redir ports 8080
laptop ~ #

laptop ~ # ps -ef |grep -iE 'dan[s]guard|s[q]uid'
nobody   22614     1  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
nobody   22615 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
nobody   22616 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
nobody   22617 22614  0 Oct05 ?        00:00:23 /usr/sbin/dansguardian
nobody   22618 22614  0 Oct05 ?        00:00:03 /usr/sbin/dansguardian
nobody   22619 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
nobody   22620 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
nobody   22623 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
nobody   22624 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
nobody   22625 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
nobody   22626 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
root     24651     1  0 Oct05 ?        00:00:00 /usr/sbin/squid -DYC
squid    24654 24651  0 Oct05 ?        00:00:00 (squid) -DYC
squid    24655 24654  0 Oct05 ?        00:00:00 (unlinkd)
laptop ~ #


Ιδού μια σελίδα στον firefox που αναφέρει το πρόβλημα:


  ERROR


    The requested URL could not be retrieved

------------------------------------------------------------------------

While trying to process the request:

GET / HTTP/1.1
Host: www.google.gr
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070802 Firefox/2.0.0.6
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: el,en-us;q=0.7,en;q=0.3
Accept-Encoding: identity,gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: Close
Cookie: PREF=ID=3a2137aaa7ecc74d:TM=1191344705:LM=1191344705:S=eMWAegV2eUuarIgi

The following error was encountered:

    * *Invalid Request *

Some aspect of the HTTP Request is invalid. Possible problems:

    * Missing or unknown request method
    * Missing URL
    * Missing HTTP Identifier (HTTP/1.0)
    * Request is too large
    * Content-Length missing for POST or PUT requests
    * Illegal character in hostname; underscores are not allowed

Your cache administrator is root <mailto:root>.

------------------------------------------------------------------------
Generated Fri, 05 Oct 2007 20:37:17 GMT by laptop.vergina.dyndns.org
(squid/2.6.STABLE13)

More information about the Linux-greek-users mailing list