Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
nftables transparent proxy for outbound connections on a server
439 views
Skip to first unread message
Andre Rodier
Dec 10, 2022, 3:50:05 AM12/10/22
to
Hello, all.
I have tinyproxy running on my server, and I would like, with nftables,
to intercept any outbound web traffic (tcp ipv4.ipv6), and to redirect
to the proxy on 127.0.0.1:8888.
So far, I have seen these examples online:
> ...
> chain prerouting {
> type nat hook prerouting priority dstnat; policy accept;
> tcp dport { 80, 443 } counter dnat ip to 127.0.0.1:8888
> tcp dport { 80, 443 } counter dnat ip6 to [::1]:8888
> }
> ...
Or sometimes, I see using redirect or even tproxy
What is the best nftables approach, please ?
Can you copy and paste what you are using ?
Thanks,
Andre
I have tinyproxy running on my server, and I would like, with nftables,
to intercept any outbound web traffic (tcp ipv4.ipv6), and to redirect
to the proxy on 127.0.0.1:8888.
So far, I have seen these examples online:
> ...
> chain prerouting {
> type nat hook prerouting priority dstnat; policy accept;
> tcp dport { 80, 443 } counter dnat ip to 127.0.0.1:8888
> tcp dport { 80, 443 } counter dnat ip6 to [::1]:8888
> }
> ...
Or sometimes, I see using redirect or even tproxy
What is the best nftables approach, please ?
Can you copy and paste what you are using ?
Thanks,
Andre
Andre Rodier
Dec 11, 2022, 1:30:05 AM12/11/22
to
Good morning, all.
Is there anyone around to help me to setup a transparent proxy on Debian, please ?
André Rodier
Is there anyone around to help me to setup a transparent proxy on Debian, please ?
Christoph Brinkhaus
Dec 11, 2022, 5:30:06 AM12/11/22
to
Am Sun, Dec 11, 2022 at 06:27:53AM +0000 schrieb Andre Rodier:
> Good morning, all.
Good Morning Andre,
study how privoxy is doing that. In the past privoxy has been fine for
filtering http traffic. Nowadays it is extended to https, too. It
needs a self certified key stuff. I have not tried it so far, but it
does decryption of the incomming traffic for filtering and it does
encryption of the filtered traffic to the browser side.
Kind regards,
Christoph
> Good morning, all.
Good Morning Andre,
>
> Is there anyone around to help me to setup a transparent proxy on Debian, please ?
>
> I have tinyproxy running on my server, and I would like, with nftables,
> to intercept any outbound web traffic (tcp ipv4.ipv6),
> and to redirect to the proxy on 127.0.0.1:8888.
>
> So far, I have seen these examples online:
>
> > ...
> > chain prerouting {
> > type nat hook prerouting priority dstnat; policy accept;
> > tcp dport { 80, 443 } counter dnat ip to 127.0.0.1:8888
> > tcp dport { 80, 443 } counter dnat ip6 to [::1]:8888
> > }
> > ...
>
> Or sometimes, I see using redirect or even tproxy
If you want to interecpt encrypted traffic it might be helpful to
> Is there anyone around to help me to setup a transparent proxy on Debian, please ?
>
> I have tinyproxy running on my server, and I would like, with nftables,
> to intercept any outbound web traffic (tcp ipv4.ipv6),
> and to redirect to the proxy on 127.0.0.1:8888.
>
> So far, I have seen these examples online:
>
> > ...
> > chain prerouting {
> > type nat hook prerouting priority dstnat; policy accept;
> > tcp dport { 80, 443 } counter dnat ip to 127.0.0.1:8888
> > tcp dport { 80, 443 } counter dnat ip6 to [::1]:8888
> > }
> > ...
>
> Or sometimes, I see using redirect or even tproxy
study how privoxy is doing that. In the past privoxy has been fine for
filtering http traffic. Nowadays it is extended to https, too. It
needs a self certified key stuff. I have not tried it so far, but it
does decryption of the incomming traffic for filtering and it does
encryption of the filtered traffic to the browser side.
>
> What is the best nftables approach, please ?
>
> Can you copy and paste what you are using ?
Unfortunately I have no idea about that approaches.
> What is the best nftables approach, please ?
>
> Can you copy and paste what you are using ?
Kind regards,
Christoph
0 new messages