1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Transparent proxy rule

Discussion in 'Tomato Firmware' started by buggage, Dec 27, 2013.

  1. buggage

    buggage LI Guru Member

    Looking to setup a simple transparent proxy rule to forward web traffic to port 3128 on a device in my network where it's filtered then allowed back out, without the need to set proxy on individual host machines.

    I found a script online over at the DD-WRT board (I'm currently running Victek's latest Tomato version), that appeared to be what I was looking for, and adapted it to use my device IP's. It seems to work fine, but just wondering if it's fine the way it is, or if I can optimize it any (not sure about differences between Tomato vs DD-WRT).

    This is the script I'm running currently. Again, it does appear to work, but I don't have much experience creating rules such as these, so thought I'd ask anyone with more experience if this looks OK, or anything that I might not need, or anything could be done any differently. Any input is appreciated, thanks.

    iptables -t nat -A PREROUTING -i br0 -s 192.168.1.1/255.255.255.0 -d 192.168.1.1/255.255.255.0 -p tcp --dport 80 -j ACCEPT
    iptables -t nat -A PREROUTING -i br0 -s ! 192.168.1.5 -p tcp --dport 80 -j DNAT --to 192.168.1.5:3128
    iptables -t nat -I POSTROUTING -o br0 -s 192.168.1.1/255.255.255.0 -d 192.168.1.5 -p tcp -j SNAT --to 192.168.1.1
    iptables -I FORWARD -i br0 -o br0 -s 192.168.1.1/255.255.255.0 -d 192.168.1.5 -p tcp --dport 3128 -j ACCEPT
     

Share This Page