I'm trying to test a fancy traffic analyzer app, which I have running on port 8890.
My current plan is to let any HTTP request come into Squid, on port 3128, and let it process the request, and then just before it sends the response back, use iptables to redirect the response packets (leaving port 3128) to port 8890.
I've researched this all night, and tried many iptables commands, but I'm missing something and my hair is falling out.
I thought something like this would work:
iptables -t nat -A OUTPUT -p tcp --sport 3128 -j REDIRECT --to-ports 8990
This rule gets created ok, but it never redirects anything.
Is this even possible? If so, what iptables incantation could do it? If not, any idea what might work on a single host, given multiple remote browser clients?
I wonder if Apache with mod_proxy might be a candidate for this setup, instead of Squid?
If I could just tell Squid (or Apache or any other HTTP proxy) to send the response to a different local port rather than back to the remote client, that would also work (even without iptables).
Any suggestion of another HTTP proxy with this capability would be great.
Best Answer
Turns out my original plan is not possible.
But I can achieve the original intended goal, which is to allow any remote client to see this fancy traffic analyzer doing its job, by running OpenVPN on the host, and then using iptables in a typical way to capture packets for port 80 from one subnet (the tunneled one) and redirecting to another subnet (the host's normal one). This works with the design of the analyzer, which expects the gateway itself to be modified for this type of redirection.