如何在Linux中使用iptables将HTTP和https流量转发到透明代理 [英] How to use iptables in linux to forward http and https traffic to a transparent proxy

问题描述

我有一个Ubuntu Linux系统，充当具有两个接口的网关系统.一种接口用于局域网，一种接口用于互联网.我完全可以通过它路由流量.我使用两个iptables规则从内部接口转发出站流量:

I have a Ubuntu linux system acting as a gateway system with two interfaces on it. One interface is for the local network and one interface is for the internet. I am able to route traffic through it with no problem at all. I use two iptables rules to forward outbound traffic from the internal interface:

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

我现在需要创建一个iptables规则，该规则过滤并重定向所有TCP端口80和443流量，并通过eth1接口离开我的网络，并将其发送到位于TCP端口的环回接口上的代理服务器9090.

I now need to create an iptables rule that filters out and redirects all tcp port 80 and 443 traffic leaving my network through the eth1 interface and send it to a proxy server that resides on a loopback interface on tcp port 9090.

我一直在搜索SO，但是找不到能够工作的示例.有没有一种有效的方法可以做到这一点?

I have been searching all over SO but I have not been able to find an example that works. Is there an efficient way to do this?

推荐答案

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 9090

HTTPS不能与透明代理一起使用.有一些骇客，但没有任何意义，而且毫无用处.

HTTPS cannot be used with a transparent proxy. There are some hacks, but it doesn't make any sense and is useless.

这篇关于如何在Linux中使用iptables将HTTP和https流量转发到透明代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！