trusty (5) sanewall-transparent_proxy.5.gz
NAME
sanewall-transparent_proxy, sanewall-transparent_squid - set up a transparent proxy
SYNOPSIS
transparent_proxy service port user [rule-params]
transparent_squid port user [rule-params]
DESCRIPTION
The transparent_proxy helper command sets up transparent caching for TCP traffic.
Note
The proxy application must be running on the firewall host at port port with the credentials of the
local user user (which may be a space-delimited list enclosed in quotes) serving requests appropriate
to the TCP port service.
The rule-params define a set of rule parameters to define the traffic that is to be proxied. See optional
rule parameters: sanewall-rule-params(5) for more details.
For traffic destined for the firewall host or passing through the firewall, do not use the outface rule
because the rules are applied before the routing decision and so the outgoing interface will not be
known.
An empty user string ("") disables caching of locally-generated traffic. Otherwise, traffic starting from
the firewall is captured, except traffic generated by the local user(s) user. The inface, outface and
srcrule-params are all ignored for locally-generated traffic.
The transparent_squid helper command sets up the special case for HTTP traffic with service implicitly
set to 80.
EXAMPLES
transparent_proxy 80 3128 squid inface eth0 src 192.0.2.0/24
transparent_squid 3128 squid inface eth0 src 192.0.2.0/24
transparent_proxy "80 3128 8080" 3128 "squid privoxy root bin" \
inface not "ppp+ ipsec+" dst not "a.not.proxied.server"
transparent_squid "80 3128 8080" "squid privoxy root bin" \
inface not "ppp+ ipsec+" dst not "non.proxied.server"
SEE ALSO
Sanewall program: sanewall(1) Sanewall configuration: sanewall.conf(5) interface definition: sanewall-interface(5) router definition: sanewall-router(5)
AUTHOR
Sanewall Team
COPYRIGHT
Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>