You are not logged in.
Hello. I have a fairly specific question about transparent proxying:
My dorm mandates a HTTP proxy (probably squid). It has a local ip adress like 10.x.x.x. It also seems to have HTTP CONNECT support so I can use it for different protocols like HTTPS, SMTPS, SSH. I've tested some solutions using netcat. Including weird port numbers like 6845. It's NOT SOCKS{4,5}. It's a caching HTTP proxy.
Now I want to transparently proxy ALL outgoing TCP communication, except local trough this proxy using IPTables (and maybe Squid?) but I am not sure how. I figured out I need to force all the outgoing connections via local Squid proxy that hands them to dorm's proxy (as the parent). But I need specific IPTables rules. Note that they should NOT be HTTP-only. The ports can be anything. As I said I tried and it works via Netcat. So no --dport 80 rules. I've searched it. All people on the internet replicate the same tutorial.
As an additional problem I want to share my network connection via Wi-Fi. I have been using create_ap script that creates a Wi-Fi hotspot for me. It deals with its own IPTables entries and hostapd config, it spawns a DHCP server coupled with a DNS caching server using dnsmasq. The IP addresses from the Wi-Fi devices are 192.168.12.x . I want to seamlessly route the packets through the proxy originating from my Wi-Fi network too.
My ethernet interface is eth1 and Wi-Fi interface is wlan0
Current set of IPTables rules after starting create_ap is below
*filter
:INPUT ACCEPT [10883:14738139]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10401:1355308]
-A INPUT -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5353 -j ACCEPT
-A FORWARD -d 192.168.12.0/24 -i eth1 -j ACCEPT
-A FORWARD -s 192.168.12.0/24 -i wlan0 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [15664:1170692]
:INPUT ACCEPT [1113:76140]
:OUTPUT ACCEPT [2505:167629]
:POSTROUTING ACCEPT [2505:167629]
-A PREROUTING -s 192.168.12.0/24 -d 192.168.12.1/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353
-A PREROUTING -s 192.168.12.0/24 -d 192.168.12.1/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 5353
-A POSTROUTING -s 192.168.12.0/24 ! -o wlan0 -j MASQUERADE
COMMITLast edited by 6ng4n (2019-01-31 01:00:56)
Offline