Transparent proxy rule

Discussion in 'Tomato Firmware' started by buggage, Dec 27, 2013.

  1. buggage

    buggage Network Guru Member

    Looking to setup a simple transparent proxy rule to forward web traffic to port 3128 on a device in my network where it's filtered then allowed back out, without the need to set proxy on individual host machines.

    I found a script online over at the DD-WRT board (I'm currently running Victek's latest Tomato version), that appeared to be what I was looking for, and adapted it to use my device IP's. It seems to work fine, but just wondering if it's fine the way it is, or if I can optimize it any (not sure about differences between Tomato vs DD-WRT).

    This is the script I'm running currently. Again, it does appear to work, but I don't have much experience creating rules such as these, so thought I'd ask anyone with more experience if this looks OK, or anything that I might not need, or anything could be done any differently. Any input is appreciated, thanks.

    iptables -t nat -A PREROUTING -i br0 -s -d -p tcp --dport 80 -j ACCEPT
    iptables -t nat -A PREROUTING -i br0 -s ! -p tcp --dport 80 -j DNAT --to
    iptables -t nat -I POSTROUTING -o br0 -s -d -p tcp -j SNAT --to
    iptables -I FORWARD -i br0 -o br0 -s -d -p tcp --dport 3128 -j ACCEPT
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice