I have an IPTables firewall on a Debian server, with a bunch of hosts behind it with masquerading. In the upstream network I don't have direct access to the internet, and I need to go through a proxy server to get to web sites.
I want the hosts behind my firewall to automatically go through the proxy server without each host needing to set up proxy on their own (mostly because I want to be able to change the proxy address in a single point, because I have different proxies for different network scenarios).
Is there a way to have IPTables force all outgoing traffic on port 80 and 443 to go through the proxy? If not, can I use some other readily available software to get the behavior I need?
Best Answer
There are at least two ways of doing this:
The first option uses WPAD mechanism:
In your DHCP server config, you must include option 252 (e.g. for dhcpd):
Your proxy.pac is just a bit of JS which tells the browser what to proxy (e.g.):
The second option is to use iptables to redirect http traffic transparently (e.g.):