.\" Automatically generated by Pandoc 3.1.3
.nh
.\"
.\" Define V font for inline verbatim, using C font in formats
.\" that render this, and otherwise B font.
.ie "\f[CB]x\f[]"x" \{\
. ftr V B
. ftr VI BI
. ftr VB B
. ftr VBI BI
.\}
.el \{\
. ftr V CR
. ftr VI CI
. ftr VB CB
. ftr VBI CBI
.\}
.TH "firehol-proxy" "5" "Built 30 Mar 2024" "FireHOL Reference" "3.1.7"
.hy
.SH NAME
.PP
firehol-proxy - set up a transparent TCP, HTTP or squid proxy
.SH SYNOPSIS
.PP
transparent_proxy \f[I]service\f[R] \f[I]port\f[R] \f[I]user\f[R]
\f[I]rule-params\f[R]
.PP
transparent_squid \f[I]port\f[R] \f[I]user\f[R] \f[I]rule-params\f[R]
.SH DESCRIPTION
.PP
The \f[V]transparent_proxy\f[R] helper command sets up transparent
caching for TCP traffic.
.PP
The \f[V]transparent_squid\f[R] helper command sets up the special case
for HTTP traffic with \f[I]service\f[R] implicitly set to 80.
.RS
.PP
\f[B]Note\f[R]
.PP
The proxy application must be running on the firewall host at port
\f[I]port\f[R] with the credentials of the local user \f[I]user\f[R]
(which may be a space-delimited list enclosed in quotes) serving
requests appropriate to the TCP port service.
.RE
.PP
The \f[I]rule-params\f[R] define a set of rule parameters to define the
traffic that is to be proxied.
See firehol-params(5) for more details.
.PP
For traffic destined for the firewall host or passing through the
firewall, do not use the \f[V]outface\f[R] parameter because the rules
are applied before the routing decision and so the outgoing interface
will not be known.
.PP
An empty \f[I]user\f[R] string (\[lq]\[lq]) disables caching of
locally-generated traffic.
Otherwise, traffic starting from the firewall is captured, except that
traffic generated by the local user(s) \f[I]user\f[R].
The \f[V]inface\f[R], \f[V]outface\f[R] and \f[V]src\f[R]
\f[I]rule-params\f[R] are all ignored for locally-generated traffic.
.SH EXAMPLES
.IP
.nf
\f[C]

transparent_proxy 80 3128 squid inface eth0 src 192.0.2.0/24
transparent_squid 3128 squid inface eth0 src 192.0.2.0/24

transparent_proxy \[dq]80 3128 8080\[dq] 3128 \[dq]squid privoxy root bin\[dq] \[rs]
      inface not \[dq]ppp+ ipsec+\[dq] dst not \[dq]a.not.proxied.server\[dq]
transparent_squid \[dq]80 3128 8080\[dq] \[dq]squid privoxy root bin\[dq] \[rs]
      inface not \[dq]ppp+ ipsec+\[dq] dst not \[dq]non.proxied.server\[dq]
\f[R]
.fi
.SH SEE ALSO
.IP \[bu] 2
firehol(1) - FireHOL program
.IP \[bu] 2
firehol.conf(5) - FireHOL configuration
.IP \[bu] 2
firehol-interface(5) - interface definition
.IP \[bu] 2
firehol-router(5) - router definition
.IP \[bu] 2
firehol-params(5) - optional rule parameters
.IP \[bu] 2
firehol-nat(5) - nat, snat, dnat, redirect config helpers
.IP \[bu] 2
FireHOL Website (http://firehol.org/)
.IP \[bu] 2
FireHOL Online PDF Manual (http://firehol.org/firehol-manual.pdf)
.IP \[bu] 2
FireHOL Online Documentation (http://firehol.org/documentation/)
.SH AUTHORS
FireHOL Team.