[isf-wifidog] Content filtering

Eric S. Jensen esjensen42 at comcast.net
Mar 13 Nov 15:16:05 EST 2007

Hello Wifidog list,

What is the best way to configure iptables, Wifidog, and a web proxy so they 
work simulataneously?

Specifically, I am trying to add tinyproxy to a Wifidog machine so it acts as 
a transparent proxy for all the traffic it routes.  These iptables rules that 
redirect port 80 to 8888 make tinyproxy work, but they bypass Wifidog: 

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 

If I start Wifidog and then invoke these commands, it works correctly: 
iptables -t nat -I WiFiDog_WIFI2Internet -i eth0 -m mark --mark 0x2 -p tcp 
--dport 80 -j REDIRECT --to-port 8888
iptables -t nat -I  WiFiDog_WIFI2Internet -i eth1 -m mark --mark 0x2 -p tcp 
--dport 80 -j DNAT --to

I have modified Wifidog so that if I add "WebProxyPort 8888" to the config 
file, Wifidog sets up those second rules along with the rest of its iptables 
changes.   This works, but it does not seem like the way it ought to be done.  


Plus d'informations sur la liste de diffusion WiFiDog