You are not logged in.

#1 2013-09-19 14:55:37

walterjwhite
Member
Registered: 2011-05-01
Posts: 207

iptables - forward traffic to external proxy

Hi all,

We have a proxy server on our internal network and rather than configure each browser or setup a proxy through Gnome or specify it via command line, I'd like to setup an iptables rule.  I can successfully redirect unencrypted traffic to the proxy server; however, cannot do the same with SSL.

These are my rules:

WEBCACHE=aaa.bbb.ccc.ddd

iptables -t nat -A OUTPUT -p tcp --dport ftp -j DNAT --to-destination $WEBCACHE
iptables -t nat -A OUTPUT -p tcp --dport www -j DNAT --to-destination $WEBCACHE


Walter

Offline

#2 2013-09-19 15:27:10

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: iptables - forward traffic to external proxy

Add a line for https - port 443?

Offline

#3 2013-09-19 15:38:41

walterjwhite
Member
Registered: 2011-05-01
Posts: 207

Re: iptables - forward traffic to external proxy

Hi brebs,

I cannot do that because it is HTTPS.  When I setup the proxy in firefox, it connects to the SSL port just fine, but through iptables it does work.


Walter

Offline

#4 2013-09-19 15:44:12

walterjwhite
Member
Registered: 2011-05-01
Posts: 207

Re: iptables - forward traffic to external proxy

The error I get with wget is "Unable to establish SSL connection.".


Walter

Offline

#5 2013-09-19 18:52:30

Tarqi
Member
From: Ixtlan
Registered: 2012-11-27
Posts: 179
Website

Re: iptables - forward traffic to external proxy

There is no easy way for transparent proxying https. See here.


Knowing others is wisdom, knowing yourself is enlightenment. ~Lao Tse

Offline

#6 2013-09-19 18:57:50

walterjwhite
Member
Registered: 2011-05-01
Posts: 207

Re: iptables - forward traffic to external proxy

So, what you're saying is, there is no way to do this with iptables?

Offline

Board footer

Powered by FluxBB