I have ubuntu 14.04 LTS server installed on my server, and I would like to install transparent proxy server on my server for LAN network. Please help me with this.
Thanks in advance.
Asked
Active
Viewed 1.1k times
1 Answers
2
This is quite simple given you already have a Ubuntu machine with 2+ NICs - you just need to have more or less recent Squid installed; all machines in your network must be using Squid box as default gateway; then add the following to squid config:
# port configuration
http_port 3126 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/opt/qlproxy/etc/myca.pem
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/opt/qlproxy/etc/myca.pem
Finally redirect incoming traffic from ports 80 -> 3126, 443 -> 3129 using iptables:
# redirect all HTTP(tcp:80) traffic coming in through eth0 to 3126
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3126
# redirect all HTTPS(tcp:443) traffic coming in through eth0 to 3127
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127
Enable NAT and you are good to go. More info at http://blog.diladele.com/2014/04/10/transparent-ssl-https-filtering-on-centos/
Simpler approach by using FirewallD on CentOS 7 at http://docs.diladele.com/tutorials/transparently_filtering_https_centos/index.html
Rafael
- 534
- 2
- 3