I am currently trying to set up a docker squid container as a transparent proxy on my local machine. I am very close but I think I am missing one additional rule to prevent the issue I am seeing.
On squid I am exposing ports 3129 and 3130 as the intercept ports for http and https, respectively. I have the following iptables rules on my host:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3129
iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-port 3130
This mostly works, except that it seems the outgoing traffic from docker gets redirected as well, causing a forwarding loop. What I want is any traffic originating from my local machine gets redirected to the squid proxy, and anything coming from my docker container gets accepted. Hence the need for the additional rule. The problem is, I am not that familiar with how docker networking works, and from looking at wireshark, it is still not that clear to me.
Anyone know how I might go about doing this?