[isf-wifidog] Content filtering
Eric S. Jensen
esjensen42 at comcast.net
Mar 13 Nov 15:16:05 EST 2007
Hello Wifidog list,
What is the best way to configure iptables, Wifidog, and a web proxy so they
work simulataneously?
Specifically, I am trying to add tinyproxy to a Wifidog machine so it acts as
a transparent proxy for all the traffic it routes. These iptables rules that
redirect port 80 to 8888 make tinyproxy work, but they bypass Wifidog:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
192.168.1.1:8888
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port
8888
If I start Wifidog and then invoke these commands, it works correctly:
iptables -t nat -I WiFiDog_WIFI2Internet -i eth0 -m mark --mark 0x2 -p tcp
--dport 80 -j REDIRECT --to-port 8888
iptables -t nat -I WiFiDog_WIFI2Internet -i eth1 -m mark --mark 0x2 -p tcp
--dport 80 -j DNAT --to 192.168.1.1:8888
I have modified Wifidog so that if I add "WebProxyPort 8888" to the config
file, Wifidog sets up those second rules along with the rest of its iptables
changes. This works, but it does not seem like the way it ought to be done.
Eric
Plus d'informations sur la liste de diffusion WiFiDog