Linux Transparent Proxy

Rafeeq Ur Rehman

Figure 1 | Figure 2 | Figure 3 | Sidebar 1

Communication links have been costly ever since wide area networks (WANs) evolved, thus people have always tried to make efficient use of available bandwidth on WAN links. The evolution of the Internet has increased the importance of bandwidth management, as all of the Internet users access resources over wide area networks. Until now, different methods have been adopted to achieve this goal. The most popular method, a proxy server, was developed by CERN. Developments have also been made to the proxy server concept, including Internet Caching Protocol (ICP), which is very useful in an environment employing multiple proxy servers for distributed caching (see RFC 2186 and RFC 2187 for details). ICP addresses chaining and grouping of multiple proxy servers. Since a proxy server also needs some configuration on the client side, a technique that has become popular is the use of "forced proxy" or "transparent proxy". With this method, the client side does not need to know about the existence of any particular proxy server, instead all Internet traffic is "forced" to pass through a proxy server.

Linux includes the "transparent proxy" feature at the kernel level, starting with kernel version 2.0. Using this feature, along with Linux firewalling, it is possible to redirect all connections (originating from the local network and destined to a remote host on the Internet) to a local server called a "transparent proxy server". This process is completely transparent for the local computer (thus the name). The local computer thinks it is talking to the remote Internet host, while in fact it is connected to the local proxy server. The redirection can be made in such a way that any port can be re-routed to some other server/port.