iptables proxy two ips for one host

Hi,

I'm trying to forward http connections from my browser to a
transparent proxy on the SAME machine and could need some advice.

I have one linux box on the lan with one ethernet card, which I have
assigned the ip address 192.168.1.4 to.

For my purpose I need a second ip address, which I created using the
following commmand:

ifconfig eth0:1 192.168.1.5

The transparent proxy, which I have written myself, is bound to the ip
address 192.168.1.5 on port 8000.

I only have one PC in the lan. I would like to forward all http
connections of my browser to the proxy on the same pc.

In order to achieve this I have to be able distiniguish between http
connections originating from my browser and those originating from the
proxy!

I hoped that the follwing iptable rule would do the job, but it does
not work 100%. Maybe you can help me here:

iptables -t nat -A OUTPUT -o eth0 -p tcp --source 192.168.1.4 --dport
80 -j DNAT --to-destination 192.168.1.5:8000

Now, when I open a URL with my browser, then my proxy actually gets an
incoming connection. So forwarding from the browser to the proxy seems
to work.

However, the outgoing connections of the proxy bounce back. They
reenter the proxy and do not get sent to the internet.

I thought I would prohibit this by using "--source 192.168.1.4" but it
does not work. Can somebody tell me what I should do?

Have a look at http://en.tldp.org/HOWTO/TransparentProxy.html, I read this
document and i configured a transparent proxy first time without any
issues
)

If you still have problems gimme a shout, and i will try and help were i
can

Yas

On Fri, 09 Jul 2004 02:37:48 -0700, Fritz Bayer wrote:

> Hi,
>
> I'm trying to forward http connections from my browser to a
> transparent proxy on the SAME machine and could need some advice.
>
> I have one linux box on the lan with one ethernet card, which I have
> assigned the ip address 192.168.1.4 to.
>
> For my purpose I need a second ip address, which I created using the
> following commmand:
>
> ifconfig eth0:1 192.168.1.5
>
> The transparent proxy, which I have written myself, is bound to the ip
> address 192.168.1.5 on port 8000.
>
> I only have one PC in the lan. I would like to forward all http
> connections of my browser to the proxy on the same pc.
>
> In order to achieve this I have to be able distiniguish between http
> connections originating from my browser and those originating from the
> proxy!
>
> I hoped that the follwing iptable rule would do the job, but it does
> not work 100%. Maybe you can help me here:
>
> iptables -t nat -A OUTPUT -o eth0 -p tcp --source 192.168.1.4 --dport
> 80 -j DNAT --to-destination 192.168.1.5:8000
>
> Now, when I open a URL with my browser, then my proxy actually gets an
> incoming connection. So forwarding from the browser to the proxy seems
> to work.
>
> However, the outgoing connections of the proxy bounce back. They
> reenter the proxy and do not get sent to the internet.
>
> I thought I would prohibit this by using "--source 192.168.1.4" but it
> does not work. Can somebody tell me what I should do?

Yas <(E-Mail Removed)> wrote in message news:<(E-Mail Removed). uk>...
> Have a look at http://en.tldp.org/HOWTO/TransparentProxy.html, I read this
> document and i configured a transparent proxy first time without any
> issues
> )

I have already read this before, but it does not apply to my problem.