7.8. IP Transparent Proxy

IP transparent proxy is a feature that enables you to redirect servers or services destined for another machine to those services on this machine. Typically, this would be useful where you have a linux machine as a router (and also provides a proxy server). You would redirect all connections destined for that service remotely to the local proxy server.

Kernel Compile Options:

       Code maturity level options  --->
                [*] Prompt for development and/or incomplete code/drivers
        Networking options  --->
                [*] Network firewalls
                [*] TCP/IP networking
                [*] IP: firewalling
                [*] IP: transparent proxy support (EXPERIMENTAL)

Configuration of the transparent proxy feature is performed using the ipfwadm command.

An example that might be useful is as follows:

       root# ipfwadm -I -a accept -D 0/0 telnet -r 2323

This example will cause any connection attempts to port telnet (23) on any host to be redirected to port 2323 on this host. If you run a service on that port, you could forward telnet connections, log them, or do whatever fits your needs.

A more interesting example is redirecting all http traffic through a local cache. However, the protocol used by proxy servers is different from native http: (where a client connects to www.server.com:80 and asks for /path/page). When it connects to the local cache, it contacts proxy.local.domain:8080 and asks for www.server.com/path/page.

To filter an http request through the local proxy, you need to adapt the protocol by inserting a small server, called transproxy (you can find it on the world wide web). You can choose to run transproxy on port 8081.Just ssue this command:

       root# ipfwadm -I -a accept -D 0/0 80 -r 8081

The transproxy program, then, will receive all connections meant to reach external servers, and will pass them to the local proxy (after fixing protocol differences). Was this section helpful? Why not Donate $2.50?