iptables transparent redirect to proxy on localhost
Thanasis
thanasis at asyr.hopto.org
Sat Oct 6 00:11:29 EEST 2007
on 10/05/2007 08:44 PM Gabriel Tzagkarakis wrote the following:
> an exeis kanei compile ton kernel sou compile me CONFIG_IP_NF_MATCH_OWNER=m
> tote isws doulepsei to e3hs:
>
> iptables -t nat -I OUTPUT -m owner ! --uid-owner
> whatever_uid_you_run_squid_as -p tcp -m tcp --dport 80 -j REDIRECT
> --to-ports 8080
>
> to whatever_uid_you_run_squid_as 8a to breis apo to squid.conf
> an psa3eis gia cache_effective_user (sunh8ws nobody)
> opote trexeis ena id nobody kai to briskeis .
>
> kalh tuxh
Ούτε έτσι έπαιξε :-(
laptop ~ # iptables -t nat -I OUTPUT -m owner ! --uid-owner 31 -p tcp -m
tcp --dport 80 -j REDIRECT --to-port 8080
laptop ~ # iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere ! OWNER UID
match squid tcp dpt:http redir ports 8080
laptop ~ #
laptop ~ # ps -ef |grep -iE 'dan[s]guard|s[q]uid'
nobody 22614 1 0 Oct05 ? 00:00:00 /usr/sbin/dansguardian
nobody 22615 22614 0 Oct05 ? 00:00:00 /usr/sbin/dansguardian
nobody 22616 22614 0 Oct05 ? 00:00:00 /usr/sbin/dansguardian
nobody 22617 22614 0 Oct05 ? 00:00:23 /usr/sbin/dansguardian
nobody 22618 22614 0 Oct05 ? 00:00:03 /usr/sbin/dansguardian
nobody 22619 22614 0 Oct05 ? 00:00:00 /usr/sbin/dansguardian
nobody 22620 22614 0 Oct05 ? 00:00:00 /usr/sbin/dansguardian
nobody 22623 22614 0 Oct05 ? 00:00:00 /usr/sbin/dansguardian
nobody 22624 22614 0 Oct05 ? 00:00:00 /usr/sbin/dansguardian
nobody 22625 22614 0 Oct05 ? 00:00:00 /usr/sbin/dansguardian
nobody 22626 22614 0 Oct05 ? 00:00:00 /usr/sbin/dansguardian
root 24651 1 0 Oct05 ? 00:00:00 /usr/sbin/squid -DYC
squid 24654 24651 0 Oct05 ? 00:00:00 (squid) -DYC
squid 24655 24654 0 Oct05 ? 00:00:00 (unlinkd)
laptop ~ #
Ιδού μια σελίδα στον firefox που αναφέρει το πρόβλημα:
ERROR
The requested URL could not be retrieved
------------------------------------------------------------------------
While trying to process the request:
GET / HTTP/1.1
Host: www.google.gr
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070802 Firefox/2.0.0.6
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: el,en-us;q=0.7,en;q=0.3
Accept-Encoding: identity,gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: Close
Cookie: PREF=ID=3a2137aaa7ecc74d:TM=1191344705:LM=1191344705:S=eMWAegV2eUuarIgi
The following error was encountered:
* *Invalid Request *
Some aspect of the HTTP Request is invalid. Possible problems:
* Missing or unknown request method
* Missing URL
* Missing HTTP Identifier (HTTP/1.0)
* Request is too large
* Content-Length missing for POST or PUT requests
* Illegal character in hostname; underscores are not allowed
Your cache administrator is root <mailto:root>.
------------------------------------------------------------------------
Generated Fri, 05 Oct 2007 20:37:17 GMT by laptop.vergina.dyndns.org
(squid/2.6.STABLE13)
More information about the Linux-greek-users
mailing list