This page is dedicated to our efforts of creating a transparent proxy solution portable accross several operating systems.
A proxy is a server-like program, receiving requests from clients, forwarding those requests to the real server on behalf of the user, and returning the response as it arrives.
Proxies read and parse the application protocol, and reject invalid traffic. So using proxies on a firewall to mediate requests means higher level of security, than packet filtering firewalls.
Simple, non-transparent proxying is somewhat difficult to manage and administer since each client program must be set up to use proxies.
To simplify management tasks of clients sitting behind proxy firewalls, the technique 'transparent proxying' was invented. Transparent proxying means that the presence of the proxy is invisible to the user. Transparent proxying however requires kernel support.
Real transparent proxying requires the following three features from the IP stack of the computer it is running on:
Item #1 is usually provided by packet filtering packages like Netfilter/IPTables, IPFilter.
All three were provided in Linux kernels 2.2.x, but support for this was removed.
For more detailed introduction to TPROXY and its features, please read the README file.
You can download our patches released under the terms of the GNU GPL by following this link.
A mailing list has been created for TPROXY related discussions. You can find it at https://lists.balabit.hu/mailman/listinfo/tproxy.