TProxy
TProxy (Transparent Proxy) is a module in the Linux kernel that transparently proxies TCP and UDP traffic. The main feature of a transparent proxy is that the client is unaware that its traffic is passing through a proxy server, which makes it very useful in certain application scenarios, such as load balancing, security monitoring, and network optimization. Here is a detailed introduction to TProxy:
Features of TProxy
- Transparency: The client does not need to perform any configuration or be aware of the existence of the proxy, and the proxy server can intercept and process the traffic.
- TCP/UDP support: TProxy supports both TCP and UDP traffic, and can proxy various types of network communications.
- Flexibility: Combined with iptables, traffic redirection and processing rules can be flexibly defined.
- Non-interruption: Since TProxy works at the network layer, the proxy process of traffic is seamless to the client and does not interrupt communication.
Working Principle
TProxy works at the network layer of the Linux kernel and transparently redirects traffic to the proxy server for processing by modifying the destination address of the IP packet. The specific steps are as follows:
- Capture traffic: Use iptables to capture and redirect traffic to the TProxy module.
- Proxy processing: TProxy receives the redirected traffic, processes it, and forwards it to the target server.
- Return response: The response traffic of the target server is returned to the client through TProxy, and the client thinks it is communicating directly with the target server.
Configuration steps
The following are example steps to configure TProxy to transparently proxy TCP and UDP traffic:
Prerequisites
- Install and configure the Linux operating system.
- Make sure the kernel version supports TProxy (Linux kernel 2.6.28 and above).
- Install iptables and iproute2 tools.
Kernel module loading
modprobe xt_TPROXY
modprobe nf_tproxy_core
Configure iptables
- Create mangle table rules: Capture and redirect traffic to the local proxy port.
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p udp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
- Add PREROUTING rules: Redirect traffic to TProxy.
iptables -t mangle -A PREROUTING -p tcp -j TPROXY --tproxy-mark 0x1/0x1 --on-port 12345
iptables -t mangle -A PREROUTING -p udp -j TPROXY --tproxy-mark 0x1/0x1 --on-port 12345
Configure ip rule and ip route
- Set ip rule: Set routing rules for marked traffic.
ip rule add fwmark 1 lookup 100
- Set routing table: Configure routing table 100 to redirect traffic to local.
ip route add local 0.0.0.0/0 dev lo table 100
Example: Use TProxy to proxy HTTP traffic
Suppose you have an HTTP proxy server running on port 12345 locally, you can use the following configuration to transparently proxy HTTP traffic:
Configure iptables
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 12345
iptables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 12345
Application scenarios
- Load balancing: TProxy can transparently distribute traffic to multiple servers to achieve load balancing.
- Security Monitoring: Transparent proxy can monitor and filter network traffic, detect and block malicious behavior.
- Network Optimization: Cache and optimize traffic through proxy servers to improve network performance.
- Access Control: Perform access control and permission management based on traffic characteristics.
Advantages and Disadvantages
Advantages:
- Transparent to the client, no need to modify the client configuration.
- Supports TCP and UDP traffic, with a wide range of applications.
- Combined with iptables, flexible rule configuration.
Disadvantages:
- Requires high network configuration and maintenance skills.
- Increases the load on the proxy server and has high hardware requirements.
Summary
TProxy is a powerful transparent proxy tool suitable for various scenarios that require transparent proxy and processing of network traffic. By combining with iptables and iproute2, TProxy can flexibly capture and redirect TCP and UDP traffic to achieve functions such as load balancing, security monitoring and network optimization. Despite the complex configuration, its powerful functions and flexibility make it an important tool for network administrators and developers.