Transparent proxy

less than 1 minute read

I’ve been wanting to setup a transparent proxy on my home network, but haven’t been able to because Squid isn’t running on my router. All the hacks I’d been able to find rely on some really dark routing/firewall rules that caused all sorts of problems.

Came across tproxy the other day and it’s solved all my issues. I set it up on my OpenBSD router, used pf rules to route http traffic from clients to tproxy and it handles the rest. For the record, here’s the relevant lines from my pf.conf: table <internal_clients> persist { INTERNAL_IP_BLOCK !SQUID_HOST } rdr on {INTERNAL_INTERFACES} proto tcp from <internal_clients> to any port www -> 127.0.0.1 port 81

I have tproxy starting at boot using: if [ -x /usr/local/sbin/tproxy ]; then echo -n ' tproxy'; /usr/local/sbin/tproxy -s 81 -b 127.0.0.1 SQUID_HOST SQUID_PORT fi

[tags]OpenBSD,tproxy,Squid,Transparent Proxy,pf[/tags]

Categories:

Updated:

Leave a Comment