Episode 179 - Transparent Proxies

# Episode 179 - Transparent Proxies {%youtube Y9UjKDu5HwI %} ## Events - AWS Partner summit this week - [OpenObservabilityCon & OTel Community Day](https://events.linuxfoundation.org/openobservabilitycon-otel-community-day/) - [KubeCon NA](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/program/cfp/) - Open Source Summit Korea - Seoul, Korea - November 5, 2025 - CFP is open - deadline June 30, 2025. - Open Source Summit Japan - Tokyo, Japan - December 8-10, 2025 - CFP is open - deadline August 4, 2025 - Open Compliance Summit - Tokyo, Japan - December 11 & 12, 2025 CFP is open - deadline August 17, 2025 ## News * [Cilium newsletter!](https://cilium.io/newsletter) * [Optimizing eBPF I/O latency accounting when running 37M IOPS, on 384 CPUs - Tanel Poder Consulting](https://tanelpoder.com/posts/optimizing-ebpf-biolatency-accounting/) ## Transparent Proxies! ![](https://soax.com/hs-fs/hubfs/What%20is%20a%20Transparent%20Proxy.png?width=3840&height=2160&name=What%20is%20a%20Transparent%20Proxy.png) ### Why? - Observability (read-only) - Security (Add encryption) - Security (block traffic/content filtering) - Application (re-direct traffic) - Application (caching) ### Examples - Squid 🦑 - [https://www.squid-cache.org/](https://www.squid-cache.org/) - [https://mitmproxy.org/](https://mitmproxy.org/) - Envoy - [https://www.envoyproxy.io](https://www.envoyproxy.io/docs/envoy/latest/intro/life_of_a_request) ### Getting traffic to a proxy - iptables Since we’re configuring a transparent proxy, we need to configure IP forwarding on the system: `sudo sysctl net.ipv4.ip_forward=1` Anything going outbound to `80` should be "transparently" redirected to 3128) port of squid `sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128` For HTTPs we can create a middle cert that we have to accept in the browser (it's not great) Example: https://dev.to/suntong/squid-proxy-and-ssl-interception-1oa4 - Applications built upon cURL *libcurl respect environnement variables http_proxy https_proxy* ``` So this is very simple : export http_proxy=http://yourproxy.example.com:3128/ export https_proxy=http://yourproxy.example.com:3128/ ./my-application ``` ### Example with eBPF