Re: nftables transparent proxy for outbound connections on a server

To: debian-user@lists.debian.org
Subject: Re: nftables transparent proxy for outbound connections on a server
From: Andre Rodier <andre@rodier.me>
Date: Sun, 11 Dec 2022 06:27:53 +0000
Message-id: <[🔎] e8225972-3c3f-c492-6b42-ec97abbbff5e@rodier.me>
In-reply-to: <[🔎] c8e94eb6-081b-ed8b-f290-8ff2a13e778a@rodier.me>
References: <[🔎] c8e94eb6-081b-ed8b-f290-8ff2a13e778a@rodier.me>

Good morning, all.

Is there anyone around to help me to setup a transparent proxy on Debian, please ?

I have tinyproxy running on my server, and I would like, with nftables,
to intercept any outbound web traffic (tcp ipv4.ipv6),
and to redirect to the proxy on 127.0.0.1:8888.

So far, I have seen these examples online:

> ...
> chain prerouting {
>   type nat hook prerouting priority dstnat; policy accept;
>   tcp dport { 80, 443 } counter dnat ip to 127.0.0.1:8888
>   tcp dport { 80, 443 } counter dnat ip6 to [::1]:8888
> }
> ...

Or sometimes, I see using redirect or even tproxy

What is the best nftables approach, please ?

Can you copy and paste what you are using ?

Thanks,
André Rodier

Reply to:

Follow-Ups:
- Re: nftables transparent proxy for outbound connections on a server
  - From: Christoph Brinkhaus <c.brinkhaus@t-online.de>

References:
- nftables transparent proxy for outbound connections on a server
  - From: Andre Rodier <andre@rodier.me>

Prev by Date: Re: Debian failed
Next by Date: Re: CR/LF
Previous by thread: nftables transparent proxy for outbound connections on a server
Next by thread: Re: nftables transparent proxy for outbound connections on a server
Index(es):
- Date
- Thread