IPTables configuration for transparent proxy

Question

IPTables configuration for transparent proxy

I am confused why my IPTable does not work in Router. what I'm trying to do is redirect any packets from the source ip destined for port 80 and 443 to 192.168.1.110haps128. however, when I tried this:

 iptables -t nat -A PREROUTING -s 192.168.1.5 -p tcp --dport 80:443 -j DNAT --to-destination 192.168.1.110:3128

does not work. however, when I add this,

iptables -t nat -A POSTROUTING-j MASQUARADE

it works. but the problem with masquarade is that I am not getting a real ip, but instead of an ip router. I need to get the source ip so that my proxy can record all the ips associated with it. can someone tell me how to make it work without making a BUILD transition to Masquarade?

+3

proxy iptables

James g May 15 '12 at 6:53

source share

5 answers

Robert Siemer · Answer 1 · 2014-11-25T00:45:24+0000

TPROXY ( mangle, PREROUTING). iptables-, NAT, MASQUERADE, REDIRECT, IP- , , .

- () () , , ( Linux ( ) root). - " " .

, , "TPROXY" !

vinod_garag · Answer 2 · 2012-09-28T12:57:17+0000

, :

iptables -t nat -A PREROUTING -s 192.168.1.5 -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 192.168.1.110:3128

--dport 80:443 80 443
--dports 80,443 80 443.

, , 192.168.1.5 80 443, 192.168.1.110 3128, :

iptables -t nat -A PREROUTING -d 192.168.1.5 -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 192.168.1.110:3128

, 192.168.1.110 ip.

, , .

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE

eth1 .

atripes · Answer 3 · 2015-01-22T15:39:56+0000

, , - ip . nginx :

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass http://name_of_proxy;
    proxy_redirect off;
}

Lan ... · Answer 4 · 2016-08-31T22:27:28+0000

iptables -t nat -A PREROUTING -p tcp -s foreign ip to your device --dport 80:443 -j DNAT --to-destination your application or local ip:port.i, , , 80 443, - .192.168.1.5, .

and remember the configuration echo 1 > /proc/sys/net/ipv4/ip_forward

Chet · Answer 5 · 2012-06-16T12:00:27+0000

I think you are doing NAT in both directions without specifying an interface. Try adding -o eth0to your line -j MASQUERADE. (Replace any of your "external" interfaces, not eth0depending on your installation.)

IPTables configuration for transparent proxy

More articles: