Linux Networking/IP Transparent Proxy

IP Transparent Proxy


IP transparent proxy is a feature that enables you to redirect servers or services destined for another machine to those services on this machine. Typically this would be useful where you have a linux machine as a router and also provides a proxy server. You would redirect all connections destined for that service remotely to the local proxy server.

Kernel Compile Options:

      Code maturity level options --->
          [*] Prompt for development and/or incomplete code/drivers
      Networking options --->
          [*] Network firewalls
          [*] TCP/IP networking
          [*] IP: firewalling
          [*] IP: transparent proxy support (EXPERIMENTAL)

Configuration of the transparent proxy feature is performed using the ipfwadm command

An example that might be useful is as follows:

      root# ipfwadm -I -a accept -D 0/0 telnet -r 2323

This example will cause any connection attempts to port telnet (23) on any host to be redirected to port 2323 on this host. If you run a service on that port, you could forward telnet connections, log them or do whatever fits your need.

A more interesting example is redirecting all http traffic through a local cache. However, the protocol used by proxy servers is different from native http: where a client connects to and asks for /path/page, when it connects to the local cache it contacts proxy.local.domain:8080 and asks for

To filter an http request through the local proxy, you need to adapt the protocol by inserting a small server, called transproxy (you can find it on the World Wide Web). You can choose to run transproxy on port 8081, and issue this command:

      root# ipfwadm -I -a accept -D 0/0 80 -r 8081

The transproxy program, then, will receive all connections meant to reach external servers and will pass them to the local proxy after fixing protocol differences.