iptables transparent redirect to proxy on localhost

Gabriel Tzagkarakis gabrieltz at gmail.com
Sun Oct 7 12:31:31 EEST 2007 

On 10/6/07, Thanasis <thanasis at asyr.hopto.org> wrote:
> on 10/05/2007 08:44 PM Gabriel Tzagkarakis wrote the following:
> > an exeis kanei compile ton kernel sou compile me CONFIG_IP_NF_MATCH_OWNER=m
> > tote isws doulepsei to e3hs:
> >
> > iptables -t nat -I OUTPUT -m owner ! --uid-owner
> > whatever_uid_you_run_squid_as -p tcp -m tcp --dport 80 -j REDIRECT
> > --to-ports 8080
> >
> > to whatever_uid_you_run_squid_as 8a to breis apo to squid.conf
> > an psa3eis gia cache_effective_user  (sunh8ws nobody)
> > opote trexeis ena id nobody kai to briskeis .
> >
> > kalh tuxh
> Ούτε έτσι έπαιξε :-(
>
> laptop ~ # iptables -t nat -I OUTPUT -m owner ! --uid-owner 31 -p tcp -m
> tcp --dport 80 -j REDIRECT --to-port 8080
>
> laptop ~ # iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
>
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> REDIRECT   tcp  --  anywhere             anywhere            ! OWNER UID
> match squid tcp dpt:http redir ports 8080
> laptop ~ #
>
> laptop ~ # ps -ef |grep -iE 'dan[s]guard|s[q]uid'
> nobody   22614     1  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
> nobody   22615 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
> nobody   22616 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
> nobody   22617 22614  0 Oct05 ?        00:00:23 /usr/sbin/dansguardian
> nobody   22618 22614  0 Oct05 ?        00:00:03 /usr/sbin/dansguardian
> nobody   22619 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
> nobody   22620 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
> nobody   22623 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
> nobody   22624 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
> nobody   22625 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian
> nobody   22626 22614  0 Oct05 ?        00:00:00 /usr/sbin/dansguardian


auto to dnasguardian den trexei san squid user opote einai logiko na
mhn sou pai3ei.
kane to e3hs :
tre3e eite to squid san user nobody h' to dnasguardian san user squid
kai 8a eisai ok
arkei 3ana sto iptable rule pou sou edwsa prin na baleis to koino
pleon uid me to opoio
trexoun ta duo processes.

> root     24651     1  0 Oct05 ?        00:00:00 /usr/sbin/squid -DYC
> squid    24654 24651  0 Oct05 ?        00:00:00 (squid) -DYC
> squid    24655 24654  0 Oct05 ?        00:00:00 (unlinkd)
> laptop ~ #
>
>

good luck.

More information about the Linux-greek-users mailing list