nftables transparent proxy for outbound connections on a server

To: debian-user@lists.debian.org
Subject: nftables transparent proxy for outbound connections on a server
From: Andre Rodier <andre@rodier.me>
Date: Sat, 10 Dec 2022 08:48:10 +0000
Message-id: <[🔎] c8e94eb6-081b-ed8b-f290-8ff2a13e778a@rodier.me>

Hello, all.

I have tinyproxy running on my server, and I would like, with nftables,to intercept any outbound web traffic (tcp ipv4.ipv6), and to redirectto the proxy on 127.0.0.1:8888.


So far, I have seen these examples online:

> ...

chain prerouting {
  type nat hook prerouting priority dstnat; policy accept;
  tcp dport { 80, 443 } counter dnat ip to 127.0.0.1:8888
  tcp dport { 80, 443 } counter dnat ip6 to [::1]:8888

> }
> ...

Or sometimes, I see using redirect or even tproxy

What is the best nftables approach, please ?

Can you copy and paste what you are using ?

Thanks,
Andre

Reply to:

Follow-Ups:
- Re: nftables transparent proxy for outbound connections on a server
  - From: Andre Rodier <andre@rodier.me>

Prev by Date: Re: Monitor traffic on a port.
Next by Date: Re: e-mail with line in body beginning with "From"
Previous by thread: Re: Monitor traffic on a port.
Next by thread: Re: nftables transparent proxy for outbound connections on a server
Index(es):
- Date
- Thread