Iptables -t nat -A PREROUTING -i tun0 -s $CHILLI_NET -p tcp -dport 80 -j DNAT -to $PROXY_IP:$PROXY_PORT Iptables -t nat -A PREROUTING -i tun0 -s $CHILLI_NET -d $LAN_NET -p tcp -dport 80 -j ACCEPT Edit the bolded variables to match your configuration.
I have changed the script Option 1 above to this needs. Scripts above are used when the Proxy Server is on same network, who needs proxy transparent with dd-wrt Chillispot enabled in most case (mine too), the Proxy Server is on different Network. Proxy Server on Different Network and Using Chillispot Replace PROXY_PORT with the correct port for your proxy, which would be 3128 from the previous example. Iptables -A PREROUTING -t nat -i eth0 -p tcp -dport 80 -j REDIRECT -to-port Add the following rule to the iptable on your proxy machine (note, extra steps will be needed on your proxy box to make this change persistent, but they are not covered here). You will still need to redirect the packets to the correct proxy port as they arrive. The changes above will route packets to your the IP Address of your poxy server, but since the packets were unmodified, they will still arrive at the proxy on port 80. Iptables -t mangle -A PREROUTING -p tcp -dport 80 -s -j ACCEPT Ip route add default via $PROXY_IP dev br0 table 2Ĭhange the PROXY_IP variable to match your proxy server's IP address. Iptables -t mangle -A PREROUTING -p tcp -dport 80 -j MARK -set-mark 3 Iptables -t mangle -A PREROUTING -p tcp -dport 80 -s $PROXY_IP -j ACCEPT This solution was adapated from information found at. This requires some additional iptable configuration on your proxy server, but it also has the advantage of retaining the client IP address. The following alternative approach uses the mangle table to mark packets and route them to the proxy using a custom routes table, which only has one defaut route directly to the proxy box. As a result, it's not possible to see the IP address of the originating client in the proxy logs, nor is it possible to apply access rules in the proxy based on the originating client IP address. The result is that packets arriving at the proxy have a source IP address of the router rather than the original client. This solution described in the previous section redirects packets to the proxy server using Network Address Translation to modify the actual packets. Proxy Server on the LAN Subnet - Alternative Solution Iptables -t nat -I PREROUTING -i br0 -s -j ACCEPT DirecTV receivers which have Video On Demand need to bypass the proxy. You can use it to add as many exceptions as you like. If you need to allow a host to bypass the transparent proxy (such as a game system, or media receiver), then add this command which allows a specific IP to bypass the proxy. Iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -dport $PROXY_PORT -j ACCEPTĬhange the PROXY_IP and PROXY_PORT variables to match your proxy server's IP address and TCP port. Iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT -to $LAN_IP Iptables -t nat -A PREROUTING -i br0 ! -s $PROXY_IP -p tcp -dport 80 -j DNAT -to $PROXY_IP:$PROXY_PORT Iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp -dport 80 -j ACCEPT In the WEB UI navigate to Administration -> Commands and paste your edited script in the input box, then press the Save Firewall button. These script need to be saved to your firewall script. Be sure to edit the variables at the top. If you don't have a good grasp on iptables yet, someone has already done the work and written a shell script to do the work for you.
#SITE PROXIE HOW TO#
You will need to use iptables to tell your router how to forward traffic. Try using Squid3 from Debian Lenny or downgrade to Squid-2.6 in Etch. The Squid3 (squid3_3.0.PRE5-5) package from Debian Etch isn't working with this kind of transparent proxy. Substituting the IP address you're listening on, and the port you wish to use in the example, making sure they match the variables at the top of the router setup script below. With Squid installed on your Unix/Linux box, set the following: After that you have to set up Squid to do transparent proxying with these settings:
#SITE PROXIE INSTALL#
Desktop Setup Squid versions older than 2.6įirst install Squid on your Unix box. 2.3 Proxy Server on Different Network and Using Chillispot.2.2 Proxy Server on the LAN Subnet - Alternative Solution.
0 kommentar(er)
