[Firehol-support] appropriate way to do transparent proxy to a node on the LAN

Spike spike at drba.org
Sat Jul 22 01:24:14 BST 2017


Hi,

I current have transparent proxy set up on the gateway on which firehol is
also running and a simple "transparent_proxy4..." nicely did the job.

However I now need to move the proxy functionalities to another box and it
seems the only way out is to NAT since REDIRECT is to localhost (I guess
under the hood that's also NAT).

Should this do it?

nat4 to-destination $content_filter_lan:8080 proto tcp dport 80

any gotchas I should be aware of? will this also alter the source ip?
otherwise requests will be sent back to the original box and fail afaik.

thanks,

Spike



More information about the Firehol-support mailing list