iptables redirect FORWARD http traffic to privorxy port
The reason it doesn't work is because you can only modify packets in certain ways at certain parts of the netfilter stack. Modifying the destination on the way out is too late. You need to modify it on the way in.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8118
I recommend researching the various tables that make up the netfilter stack.
Related videos on Youtube
34 : 05
13 : 54
09 : 34
07 : 15
01 : 29
ArchNemSyS
Updated on September 18, 2022Comments
-
ArchNemSyS over 1 year
Ideally i m trying to use my laptop and a 3Gphone as a WiFi router to redirect FORWARD HTTP but not HTTPS Traffic to privoxy which then forwards the traffic via a SSH tunnel to a ziproxy VPS.
for the sake of simplicity privoxy is currently set to defaults ie is not forwarding to another proxy. with exception to accept intersepts 1
also sysctl net.ipv4.ip_forward=1
the following iptable commands work locally but is ignored by FORWARD traffic ie users connected by wifi are not filtered by privoxy but the local user is, i want the opposite behaviour
iptables -t nat -A POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner privoxy -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8118 iptables -A FORWARD -i ${WIFI_IFACE} -j ACCEPTHow do I force FORWARD HTTP traffic to go through privoxy ?
-
ArchNemSyS over 10 yearsI agree that PREROUTING is the correct point in the stack as traffic is being redirected. but i am now have trouble with misformed http headers, I am thinking that this howerver is a site specific problem and that the above should work for everyone else.
-
Vincenzo Bovino over 3 yearsReally late to the party, but should PREROUTING work without any NAT rules or the need for ip_forwarding?