LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How to redirect local port 80/443 traffic for other users on same machine (https://www.linuxquestions.org/questions/linux-networking-3/how-to-redirect-local-port-80-443-traffic-for-other-users-on-same-machine-4175734371/)

dalacor 02-29-2024 02:48 AM
How to redirect local port 80/443 traffic for other users on same machine
 
This should be simple, but I can't see how you actually achieve this.

I have E2guardian Proxy Server installed on Slackware. I have transparent and explicit proxy setup in the firewall rules as follows:

Code:
# TCP Ports 80 and 443 Transparent Proxy redirect to E2guardian Proxy Server

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 8081
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-ports 8443

# TCP Port 80 Linux and E2guardian HTTP Internet Access

iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT

# TCP Port 443 Linux and E2guardian HTTPS Internet Access

iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT

# TCP Port 8081 E2guardian Explicit Internet Access - No transparent Proxy

iptables -A INPUT -i eth1 -p tcp --dport 8081 -m conntrack --ctstate NEW -j ACCEPT

# TCP Port 8443 Transparent Proxy through E2guardian

iptables -A INPUT -i eth1 -p tcp --dport 8443 -m conntrack --ctstate NEW -j ACCEPT
So all traffic on Internal lan connects to the proxy server either explicitly using port 8081 or transparently using port 8443. E2guardian proxy server is able to connect to the Internet on the allowed outbound ports 80/443. So the computers behind the proxy server are filtered perfectly.

Problem is, the Slackware system that E2guardian itself is installed on, is not going through the proxy server, so I can't see what websites the Slackware system itself connects to!

I know that I need to change coding below:

Code:
# TCP Port 80 Linux and E2guardian HTTP Internet Access

iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT

# TCP Port 443 Linux and E2guardian HTTPS Internet Access

iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
to use this so as to only allow the user e2guardian to connect to the Internet:

Code:
# TCP Port 80 Linux and E2guardian HTTP Internet Access

iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m owner --uid-owner e2guardian -m conntrack --ctstate NEW -j ACCEPT

# TCP Port 443 Linux and E2guardian HTTPS Internet Access

iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m owner --uid-owner e2guardian -m conntrack --ctstate NEW -j ACCEPT
So restricting internet out access to E2guardian is simple. But I still can't see how to redirect port 80/443 traffic from other users on the same Slackware system to go to E2guardian service itself. Prerouting is not right as the traffic is already on Slackware - not coming into the network interface.

I am sure it's very simple, but I can't see what one does to redirect other users internet traffic to the proxy service on the same machine.

dalacor 03-12-2024 05:14 AM
I am closing this question as I have managed to solve the issue. Solution is posted - https://www.linuxquestions.org/quest...ne-4175734340/


All times are GMT -5. The time now is 12:03 AM.