Linux currently use the most HTTP proxy is squid, there is a need to modify Http-header, the premise is to do HTTP transparent proxy, squid to achieve transparent proxy is easy, but modify Http-header didn't find method.
Privoxy is good at modifying Http-header, but how to implement it seems to have no mature way to transparent agent. Rather than modify the Http-header, transparent proxy should be implemented more simple, so the study of a bit, the following detailed said.
First, environmental description:
1. System:
CentOS 6.5 32-bit (64-bit in the installation of Privoxy often error, directly replaced by 32-bit)
2. Network:
Dual NIC
ETH0:10.3.2.30/24 (Public network) ETH1:192.168.0.1/24 (private network address, intranet gateway set this)
Gateway 10.3.2.254
3.yum install privoxy Direct mount Privoxy default port 8118
Second, configure NAT
Set Net.ipv4.ip_forward = 1 in Sysctl
Setting NAT in Iptalbes
Iptables-t nat-a postrouting-s 192.168.0.0/24-j masquerade-o eth0
Third, configure transparent proxy
Modify the service port, open the server on 192.168.0.1:8118, modify the/etc/privoxy/config file
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/B3/wKioL1Xr28qTzYe4AAIEslDI7Ck487.jpg "title=" 1.png " alt= "Wkiol1xr28qtzye4aaiesldi7ck487.jpg"/>
2. Modify Accept-intercepted-request to 1
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/B3/wKioL1Xr3LKTd-hwAACDzyW82Qc073.jpg "title=" 2.png " alt= "Wkiol1xr3lktd-hwaacdzyw82qc073.jpg"/>
3.Iptables configuration, redirect all packets from the private network 80 port to the 8118 port of 192.168.0.1, which is the key to transparent proxy
Iptables-t nat-a prerouting-s 192.168.0.0/24-p tcp--dport 80-j redirect-to-port 8118
Iv. Change of Http-header
Change/etc/privoxy/user.action (this file will not change with the version update)
Increase at the head of the file (any position):
+add-heaer {Name:liqunsheng}
/
Pay attention to the last "/" do not throw away.
V. Testing
So the configuration is done, let's test it.
Set the IP address of the client to 192.168.0.0/24 and the gateway to 192.168.0.1
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/B7/wKiom1Xr3tzzDhOBAAE2U3FOeRk482.jpg "title=" 4.png " alt= "Wkiom1xr3tzzdhobaae2u3foerk482.jpg"/>
The browser agent does not have any settings, we open the page http://10.2.1.33,
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/B7/wKiom1Xr3z7xMwe8AANrnqppho8681.jpg "title=" 5.jpg " alt= "Wkiom1xr3z7xmwe8aanrnqppho8681.jpg"/>
And in the 10.2.1.33 end with Wireshark grab bag. :
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/B4/wKioL1Xr4naheBu0AAbkiNau3c8008.jpg "title=" 6.jpg " alt= "Wkiol1xr4nahebu0aabkinau3c8008.jpg"/>
Vi. Description of the HTTP://P.P Web page cannot be opened after transparent proxy
We know that using Privoxy as a browser agent, input HTTP://P.P can jump to privoxy management page, but also to verify that the agent is successful means, but done transparent proxy the page will not open, The reason is that the browser proxy's DNS uses the proxy server 192.168.0.1 DNS, the transparent proxy uses the local DNS, the local DNS certainly does not know who the HTTP://P.P is.
Privoxy and Iptables under CentOS to implement transparent proxy, modify Http-header