[netdale]

Ok, I've read through all documentation and have been unable to determine a solution. My iptables knowledge is limited which is why I'm asking you guys!! I'm sitting behind a MS Proxy server and attempted to forward all port80 & port443 trarffic onward to the external proxy.

I have read and reread the wiki and the Linux HOWTO's:
http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#ss6.1
http://www.dd-wrt.com/wiki/index.php/Squid_Transparent_Proxy

However, none deal with forwarding the requests onto an external proxy. Is this possible and if so, I assume additional iptable rules would be needed so that requests to the router's ip wouldn't get forwraded onto the proxy (so you could use the web config).

Clients--->DD-WRT--->MS Proxy--->Internet

Any help would be sincerely appreciated.
Thanks, Dale

[rkloost]

LS,

Before I can give a decent answer, I have to know what you're trying to accomplish
and why.

It seems like policy enforcement.

Regards,
Ruud

[netdale]

I'm behind a network here at school and don't want each client needing the proxy settings.

Its honestly that simple. I don't quite know of any alternate motives? If I wanted to tunnel I'd use http-tunnel but I'm only trying to make it so each client doesn't even need to know its behind a proxy; the requests transparently get forwarded to the proxy server.

Policy? These are my clients and I'm in no way bypassing the proxy, like I said, only trying to redirect to it.

Thanks for your time, Dale

[qubit]

tinyproxy will do what you want it to (im using it to do the exact same thing). there are various packagages for it out there, but im actually in the process of making one specifically for dd-wrt. should be finished here shortly, and once it is, i'll upload it somewhere. it even has a nice purdy section in the administration->services page of the web admin.

only drawback with tinyproxy is it doesnt handle ftp, just http and https. might poke around at making a squid package later (it can reportedly do it too)

[netdale]

Sounds great qubit; this will run behind an MS Proxy. I know FTP won't work since those ports are blocked, but http/https should work fine if relayed/forwarded.

Keep me posted on your project; I'd be happy to beta test...

Dale

[qubit]

Ok, I have something that could be a finished product.
http://parawave.net/tinyproxy/tinyproxy_1.6.3_mipsel.ipk

It should be able to be installed if youre using jffs, but if not there's an alternative method I used to get it into my firmware.

Alternative method:
I installed it by taking the pre-built firmware image used on my router and extracting it with http://www.dd-wrt.com/phpBB2/viewtopic.php?t=2844.
Then just use the ipkg-install.sh script to install the package. That will get it fully functional, however that utility isnt complete yet and doesnt have support for ipkg installation scripts, so if you want the help info included in the web interface, you can follow the next set of instructions. After youre all done, just use the script to build a new firmware image, and then flash it.

Manual install of help info:
Method 1:
Download the helpinsert file to wherever you want. Open up /www/help/HServices.asp in a text editor, and paste the contents of helpinsert right before '<dd>Check all values and click'... down at the bottom of the HServices.asp file.

Method 2:
Download the 2 files below (or extract them from the ipk file) to any directory of your choice.
Run the postinst script with the PKG_ROOT set to the root directory of the extracted firmware.
example: 'PKG_ROOT="/tmp/ddwrt-modkit/unpacked/rootfs" sh postinst'

http://parawave.net/tinyproxy/postinst
http://parawave.net/tinyproxy/helpinsert

Kinda messy, so the easiest option is the jffs by far, but jffs takes up a lot of space to enable. Any issues, just let me know and I'll see if I can get them resolved.
Enjoy

[qubit]

I just had a billion dollar idea, how about I just provide you with a firmware image
So, here are the images, all plain v23 sp1, with tinyproxy thrown in.

http://parawave.net/tinyproxy/wrt54g.bin
http://parawave.net/tinyproxy/wrt54gs.bin
http://parawave.net/tinyproxy/wrt54gsv4.bin
http://parawave.net/tinyproxy/generic.trx


Edit: oh, theres an issue with v23 where the startup scripts sometimes dont get started on boot. i cant figure out the pattern, sometimes they do, sometimes they dont. if youre running into issues, just put "sh /etc/config/tinyproxy.startup" in the administration->diagnostics page, and save it to rc_firewall, not rc_startup

[netdale]

qubit--check your PM.

I flashed with the "generic" firmware. Somehow it screwed my login and wireless all up. I reset everything and now I've been able to configure tinyproxy. What exactly should I be setting here? I've read a bit about tinyproxy; can this be combined with a "http-tunnel" like application (along with SSH)?

Lets try to get in touch...

Thanks, Dale

[qubit]

hrm, ive flashed 3 routers with it and never had any issues with it, but i have been using the wrt54g.bin image, not the generic. maybe theres something wrong with the generic :-/

the help file actually does work. the little link in the top right corner of the page. explains all the options. but to get all your traffic to go through another proxy, set the 'upstream host' option to the proxy's hostname:port.
by default it will capture any outgoing traffic on port 80 and 443 and force it through the proxy, but you can disable/change that by setting the 'anonymous capture ports' option.

Edit: oh, just thought, if you were flashing from something other than v23 sp1, that might be the issue, as thats what my firmwares were based off of.

[bone2006]

I'd like to get tinyproxy in a new release or how do I go about installing tinyproxy in dd-wrt?

[crashfly]

If you are looking for a "filtering" option for your school, you might also try openDNS. You do not have to implement a proxy, but they have options to where you can filter out all sorts of bad things such as (but not limited to) port, advertising, etc. It is done at the DNS level and should be an "easy" setup.

Edit: I looked it up, here is the following information they can filter: