I have an Asus RT-n66u connected to the internet with a number of clients (children's laptops) connected via wifi and lan ports.
I want to transparently route all http traffic to a Windows server running Privoxy where I can filter it.
I looked at the following guide but couldn't get it working:
http://www.tldp.org/HOWTO/TransparentProxy-6.html
This is my script that doesn't work:
# Privoxy server
PRIVOXY_IP=192.168.0.200
# Privoxy port
PRIVOXY_PORT=8118
# Arbitrary mark used to route packets by the firewall
FWMARK=3
# Select and mark the packets on port 80, except those coming from privoxy itself
iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s $PRIVOXY_IP
iptables -t mangle -A PREROUTING -j MARK --set-mark $FWMARK -p tcp --dport 80
ip rule add fwmark $FWMARK table 2
ip route add default via $PRIVOXY_IP dev br0 table 2
iptables -A PREROUTING -t nat -i br0 -p tcp --dport 80 -j REDIRECT --to-port $PRIVOXY_PORT
I have a feeling br0 isn't correct or the last iptables command is wrong.
Do I need to connect my provoxy server on a specific LAN port and give it a separate VLAN? (No idea how to do that)
More info, if this helps:
/tmp/home/root> brctl show
bridge name bridge id STP enabled interfaces
br0 8000.ac220bd30050 yes vlan1
eth1
eth2
/tmp/home/root> nvram show | grep vlan1ports
vlan1ports=1 2 3 4 8*
size: 44505 bytes (21031 left)
/tmp/home/root> nvram show | grep vlan2ports
vlan2ports=0 8u
size: 44505 bytes (21031 left)
I want to transparently route all http traffic to a Windows server running Privoxy where I can filter it.
I looked at the following guide but couldn't get it working:
http://www.tldp.org/HOWTO/TransparentProxy-6.html
This is my script that doesn't work:
# Privoxy server
PRIVOXY_IP=192.168.0.200
# Privoxy port
PRIVOXY_PORT=8118
# Arbitrary mark used to route packets by the firewall
FWMARK=3
# Select and mark the packets on port 80, except those coming from privoxy itself
iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s $PRIVOXY_IP
iptables -t mangle -A PREROUTING -j MARK --set-mark $FWMARK -p tcp --dport 80
ip rule add fwmark $FWMARK table 2
ip route add default via $PRIVOXY_IP dev br0 table 2
iptables -A PREROUTING -t nat -i br0 -p tcp --dport 80 -j REDIRECT --to-port $PRIVOXY_PORT
I have a feeling br0 isn't correct or the last iptables command is wrong.
Do I need to connect my provoxy server on a specific LAN port and give it a separate VLAN? (No idea how to do that)
More info, if this helps:
/tmp/home/root> brctl show
bridge name bridge id STP enabled interfaces
br0 8000.ac220bd30050 yes vlan1
eth1
eth2
/tmp/home/root> nvram show | grep vlan1ports
vlan1ports=1 2 3 4 8*
size: 44505 bytes (21031 left)
/tmp/home/root> nvram show | grep vlan2ports
vlan2ports=0 8u
size: 44505 bytes (21031 left)
