Messages

1

Web Proxy Filtering and Caching / Forward traffic to separate SSL proxy server

« on: October 12, 2020, 03:51:21 pm »

Hello,

I am having trouble figuring out how to set this up correctly. I have a separate IDS box on my network that I want to add a transparent SSL proxy to for analysis of SSL traffic. The app is called PolarProxy and they have a tutorial here https://www.netresec.com/index.ashx?page=Blog&month=2020-01&post=Sniffing-Decrypted-TLS-Traffic-with-Security-Onion for how to set up the gateway using iptables:

Code: [Select]

Add a forward rule on the gateway to allow forwarding traffic to our PolarProxy server:
    sudo iptables -A FORWARD -i eth1 -d [SecurityOnionIP] -p tcp --dport 10443 -m state --state NEW -j ACCEPT
 
Add a DNAT rule to forward 443 traffic to PolarProxy on port 10443:
    sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to [SecurityOnionIP]:10443

If the reverse traffic from PolarProxy to the client doesn't pass the firewall (i.e. they are on the same LAN), then we must add this hide-nat rule to fool PolarProxy that we are coming from the firewall:
    sudo iptables -t nat -A POSTROUTING -o eth1 -d [SecurityOnionIP] -p tcp --dport 10443 -j MASQUERADE
I understand adding the DNAT rule in NAT > Port Forward
But what about the reverse traffic, is that Outbound NAT? What would the configuration be for that?

Right now I am adding a forwarding rule in NAT > Port Forwarding to the network like so:
LAN side
Source any, port any
Destination any, port 443
Redirect [SecurityOnionIP] port 10443

and it is not working. Am I missing something? Any help would be appreciated. Thank you.