Transparent proxy

I’ve been wanting to setup a transparent proxy on my home network, but haven’t been able to because Squid isn’t running on my router. All the hacks I’d been able to find rely on some really dark routing/firewall rules that caused all sorts of problems.

Came across tproxy the other day and it’s solved all my issues. I set it up on my OpenBSD router, used pf rules to route http traffic from clients to tproxy and it handles the rest. For the record, here’s the relevant lines from my pf.conf:
table persist { INTERNAL_IP_BLOCK !SQUID_HOST }
rdr on {INTERNAL_INTERFACES} proto tcp from to any port www -> 127.0.0.1 port 81

I have tproxy starting at boot using:

if [ -x /usr/local/sbin/tproxy ]; then
echo -n ‘ tproxy’; /usr/local/sbin/tproxy -s 81 -b 127.0.0.1 SQUID_HOST SQUID_PORT
fi

[tags]OpenBSD,tproxy,Squid,Transparent Proxy,pf[/tags]

Leave a Reply