Plaidophile

Here is a simple procedure for setting up a simple transparent proxy to conduct basic network testing of some connected device, when your desktop box is running Ubuntu Linux.

1. Disable NetworkManager with sudo update-rc.d NetworkManager remove; killall nm-applet
2. Set up your network cards explicitly in /etc/network/interfaces (this isn't hard, but NetworkManager's duty in life is to crap on this configuration, it seems) and do a sudo /etc/init.d/networking restart
3. Install dhcp3-server and squid, and configure them as appropriate. Most important is to change the squid.conf line like

   http_port 3128

   to

   http_port 3128 transparent

4. Use FireHOL for the actual iptables configuration, because life is too short to screw around with iptables scripts and tutorials that don't specify where said scripts go if you want things to actually, you know, work. My /etc/firehol/firehol.conf file is like this:

   version 5
   
   transparent_proxy 80 3128 proxy
   
   interface eth0 outside
   	policy accept
   	server http accept
   	server ssh accept
   	server https accept
   	client all accept
   
   interface eth1 inside
   	policy accept
   
   router nat inface eth1 outface eth0
   	masquerade
   	route all accept

5. Angrily post this article to your blog because seriously why does Ubuntu documentation have to suck so bad

The (only) downside to FireHOL, aside from its website being a bit difficult to figure out and its documentation being hard to navigate, is there's no way (so far as I can tell) to specify which interfaces get the transparent proxy, so you can't restrict it to a certain set of clients on the lan side. So if you're doing this to, say, test how transparent proxies affect cantankerous embedded devices, you're going to have to accept it also screwing around with your desktop's web browser. C'est la vie.