If you add a new transparent web filter profile at Web Protection > Web Filter Profiles then the
chosen source network isn't added to the Chain TPROXY_HOOK_HTTP of the mangle table and so the request doesn't reach the proxy.
You have to disable and enable the profile; after that the rule is written correctly.
I tested a profile for the ip 1.2.3.4. Just after adding iptables-save shows:
# iptables-save | grep 1.2.3.4
-A AUTO_PRE -d 1.2.3.4/32 -i eth2.1000 -p tcp -m tcp --sport 1024:65535 --dport 2712 -j REDIRECT --to-ports 2712 -> normal wifi stuff
After disable and enable the profile:
# iptables-save | grep 1.2.3.4
-A TPROXY_HOOK_HTTP -s 1.2.3.4/32 -p tcp -m tcp --sport 1:65535 --dport 80 -j TPROXY_DIVERT_HTTP
-A TPROXY_HOOK_HTTP -s 1.2.3.4/32 -p tcp -m tcp --sport 1:65535 --dport 443 -j TPROXY_DIVERT_HTTP
-A AUTO_PRE -d 1.2.3.4/32 -i eth2.1000 -p tcp -m tcp --sport 1024:65535 --dport 2712 -j REDIRECT --to-ports 2712
-A AUTO_INPUT -s 1.2.3.4/32 -p tcp -m tcp --sport 1:65535 --dport 8080 -j CONFIRMED
Regards,
Marco
Guest User!
You are not Sophos Staff.
