Transparent HTTP Proxy 1.2

Support

Introduction

The program is used in conjunction with the FreeBSD (ipfw and ipnat) or Linux transparent proxy feature (ipfwadm and ipchains), to transparently proxy HTTP requests.

Where Do I Get It?

The latest version, along with historical versions, of this package will always be at the follwing URL ftp://ftp.nlc.net.au/pub/unix/transproxy/ with a name like transproxy-x.x.tgz.

The latest version is 1.2 transproxy-1.2.tgz.

How Do I Build It?

Just type 'make' no configuration in the source is needed. It's written in ANSI C using the portable Berkeley sockets interface so it should compile on 99.9% of machine without change.

How Do I Install It?

Just type

# make install
to install the binary and man page.

Inetd Installation

For a low volume application, using inetd to start the proxy is very simple. The installation places the proxy on port 81, just above the normal HTTP port. Just follow these steps.
  1. Add a line like the following to /etc/services.

    tproxy81/tcp# Transparent Proxy
  2. For Redhat 6.2, add a line like the following to /etc/inetd.conf and restart inetd

    tproxystream tcp nowaitnobody /usr/sbin/tcpd/usr/local/sbin/tproxy proxy.yourdomain 8080
  3. For For Redhat 7.0, make a file /etc/xinetd.d/tproxy and restart xinetd

    # Converted by inetdconvert
    service tproxy
    {
            disable = no
            socket_type             = stream
            protocol                = tcp
            wait                    = no
            user                    = nobody
            server                  = /usr/local/sbin/tproxy
            server_args             = proxy.yourdomain 8080
    }
    This tells inetd to accept requests on port 81, and the transparent proxy server to pass these on to the host 'proxy' at port 8080.

Linux Ipchains Config

To make HTTP requests get proxied transparently, ipchains filter rules must be put in place to pass HTTP requests to the proxy that would normally pass through to the outside world. Also the Linux kernel must be compiled with the TRANSPARENT_PROXY feature enabled. You only get asked about this feature if you have requested to be prompted about EXPERIMENTAL things.

 

# cd /usr/src/linux
# make menuconfig
Example when a httpd is running on port 80.

# ipchains -A input -p tcp -d localhost 80 -j ACCEPT
# ipchains -A input -p tcp -d 192.168.1.0/24 80 -j ACCEPT
# ipchains -A input -p tcp -d 202.144.157.208/28 80 -j ACCEPT
# ipchains -A input -p tcp -d 0.0.0.0/0 80 -j REDIRECT 81
If no httpd is running on the local network you may want to reject connections quickly instead of accepting them.

# ipchains -A input -p tcp -d localhost 80 -j REJECT
# ipchains -A input -p tcp -d 192.168.1.0/24 80 -j REJECT
# ipchains -A input -p tcp -d 202.144.157.208/28 80 -j REJECT
# ipchains -A input -p tcp -d 0.0.0.0/0 80 -j REDIRECT 81
These rules allow port 80 requests direct at the local network to pass (or get rejected). Then any requests to the outside world get redirected to port 81 and hence get handled by the transparent proxy.

Back

Copyright © [- SroNey / JohN -]. All rights reserved

Hosted by www.Geocities.ws

1