+ Post New Thread
Results 1 to 2 of 2
Wired Networks Thread, Auto redirect outbound traffic to a proxy in Technical; Ok, so at our organisation we have an external web proxy run by our local county, with proxy settings distributed ...
  1. #1
    SiP is offline
    SiP's Avatar
    Join Date
    Oct 2012
    Thank Post
    Thanked 1 Time in 1 Post
    Rep Power

    Auto redirect outbound traffic to a proxy

    Ok, so at our organisation we have an external web proxy run by our local county, with proxy settings distributed via GPO, the problem is with BYOD on the rise we're having trouble with certain devices that either can't take proxy settings or don't handle exceptions well and redirect all traffic, including that meant for internal servers, out to the proxy.
    Now, I have a tower with 2 network cards that was donated to us running Ubuntu, I've not played with linux as a routing tool before, but all i want it to do is direct all traffic to the external proxy, and add a list of exceptions that remain internal to the network, so i can point some of our devices at it as the default gateway and it can do the proxy decisions for them.


  2. #2
    Duke5A's Avatar
    Join Date
    Jul 2010
    Thank Post
    Thanked 136 Times in 116 Posts
    Blog Entries
    Rep Power
    As principal BYOD devices, or any device you don't administrate shouldn't even be allowed to touch your internal network. That being said, I just went through this while back setting up a guest wireless network for our district. Redirecting HTTP isn't a big deal, but you'll break HTTPS in the process. In a nutshell I setup a box with two NICs, Squid in transparent mode, and IPTABLES to redirect all HTTP traffic on the local interface to Squid; really just a standard transparent proxy setup. HTTPS is still broke at this point though since you can't redirect it without performing what basically constitutes a MITM attack. So I had to somehow get the user to set proxy settings on their end.

    To get them to do this I setup Squid as a captive portal. When the user would connect to the guest network they would immediately get redirected to a terms of service page hosted on the proxy. At the bottom of the page is an acceptance button that serves two purposes: first, Squid will continue to redirect to the TOS page until it is clicked, second, once clicked it'll take you to a page with directions for setting up most popular browsers and devices for auto proxy configuration. If the user follows the directions, HTTPS works no problem.

    To finish off the auto proxy setup, I had to write a wpad.dat file and setup both DHCP and DNS to point to it (Internet Explorer can usd DHCP to find it, and Firefox/Safari/Chrome will use DNS). The exceptions to forwarding are defined in the wpad.dat file.

    It was a huge PITA to get working, but once I got it tweaked it works remarkably well for all major browsers, and iOS devices. I'm still playing around with Android though....

+ Post New Thread

Similar Threads

  1. Route HTTPS Traffic to upstream proxy
    By Cache in forum Internet Related/Filtering/Firewall
    Replies: 8
    Last Post: 18th May 2012, 01:59 PM
  2. Replies: 6
    Last Post: 13th August 2008, 11:34 PM
  3. Replies: 4
    Last Post: 1st October 2007, 09:39 PM
  4. Redirect http traffic with DNS server?
    By netadmin in forum Windows
    Replies: 3
    Last Post: 24th July 2007, 10:16 AM
  5. ISA 2004 - no traffic to web listener
    By SimonC in forum Windows
    Replies: 0
    Last Post: 2nd May 2007, 04:55 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts