Transparent Proxy, Forwarding Request?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2, 3  Next
Author Message
lamez
DD-WRT Novice


Joined: 06 Dec 2009
Posts: 13

PostPosted: Sun Dec 06, 2009 9:25    Post subject: Transparent Proxy, Forwarding Request? Reply with quote
Hello, I have a proxy up and running, but I want to make it transparent. I went into Services -> Hotspots -> Http Forwarding, and pointed it to the Proxy's IP address, but according to its logs, it is not working.

So, how can I forward all HTTP requests to my proxy server without making it a gateway?

Thanks Guys!

P.S. I read the Wiki, and I tried the script, it did not work either, maybe I did it wrong.

http://www.dd-wrt.com/wiki/index.php/Squid_Transparent_Proxy
Sponsor
lamez
DD-WRT Novice


Joined: 06 Dec 2009
Posts: 13

PostPosted: Mon Dec 07, 2009 0:04    Post subject: Reply with quote
no one? Any forums that might be able to help me then?
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Mon Dec 07, 2009 1:15    Post subject: Reply with quote
There was a fairly large discussion about this earlier in the year but the few people who actually use transparent proxies never updated the wiki. Essentially those scripts were written several years ago for v23 and haven't been updated for v24. It should be very easy to make them work but somebody needs to test it and confirm that it works.

All you should need to do is remove this line:

if [ -z $TRANSPARENT_PROXY ]; then

and everything between and including these lines:

else
[...]
fi

There's a little more that can be removed but those are the important things to remove. Make sure to execute it from the firewall script.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)


Last edited by phuzi0n on Mon Dec 07, 2009 4:49; edited 1 time in total
lamez
DD-WRT Novice


Joined: 06 Dec 2009
Posts: 13

PostPosted: Mon Dec 07, 2009 3:54    Post subject: Reply with quote
okay so I have this as the firewall script:

Code:
#!/bin/sh
INTERNAL_NETWORK="192.168.1.0/24"
ROUTER_IP="192.168.1.1"
PROXY_SERVER="megatron"
PROXY_PORT="3128"

/usr/sbin/iptables -t nat -A PREROUTING -i br0 -s  -d  -p tcp --dport 80 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -i br0 -s !  -p tcp --dport 80 -j DNAT --to :
/usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s  -p tcp -d  -j SNAT --to
/usr/sbin/iptables -t filter -I FORWARD -s  -d  -i br0 -o br0 -p tcp --dport  -j ACCEPT
export TRANSPARENT_PROXY="1"
fi



Right?
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Mon Dec 07, 2009 4:57    Post subject: Reply with quote
INTERNAL_NETWORK="192.168.1.0/24"
ROUTER_IP="192.168.1.1"
PROXY_SERVER="192.168.1.10"
PROXY_PORT="3128"

iptables -t nat -A PREROUTING -i br0 -s $INTERNAL_NETWORK -d $INTERNAL_NETWORK -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_SERVER -p tcp --dport 80 -j DNAT --to $PROXY_SERVER:$PROXY_PORT
iptables -t nat -A POSTROUTING -o br0 -s $INTERNAL_NETWORK -d $PROXY_SERVER -p tcp -j SNAT --to $ROUTER_IP
iptables -I FORWARD -i br0 -o br0 -s $INTERNAL_NETWORK -d $PROXY_SERVER -p tcp --dport $PROXY_PORT -j ACCEPT

Avoid using DNS lookups, specify the actual IP to avoid adding potential problems.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
lamez
DD-WRT Novice


Joined: 06 Dec 2009
Posts: 13

PostPosted: Mon Dec 07, 2009 5:33    Post subject: Reply with quote
Thanks, it worked. Now I just have to adjust a few things in squid. Thank you once again! Razz
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Mon Dec 07, 2009 6:44    Post subject: Reply with quote
Good, could you also test this simpler version before I update the wiki.

PROXY_IP=192.168.1.10
PROXY_PORT=3128
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`

iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
lamez
DD-WRT Novice


Joined: 06 Dec 2009
Posts: 13

PostPosted: Wed Dec 09, 2009 5:03    Post subject: Reply with quote
yep, that works as well.
liverpoolatnight
DD-WRT User


Joined: 29 May 2008
Posts: 243
Location: United Kingdom

PostPosted: Thu Jan 28, 2010 14:17    Post subject: Reply with quote
#!/bin/sh
PROXY_IP=192.168.6.2
PROXY_PORT=3128
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`

iptables -t nat -I PREROUTING -i br0 -s 192.168.6.2 -j ACCEPT
iptables -t nat -I PREROUTING -i br0 -s 192.168.6.4 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT

Thats my setup:

192.168.6.2 = squid server

192.168.6.4 = xbox 360

but i got a question, Would only port 80 (http) become accessible?

and if i changed the br0 to wl0 would be used for wireless only?

Rolling Eyes

_________________
TP-Link TL-WDR3600 v1 [EU]: r36330 (07/16/18 )
D-Link DIR-615 D2 [EU]: r36330 (07/16/18 )
Mikrotik RB750r2 (OpenWrt 17.01.4)
EE BrightBox 1 aka A4001N (OpenWrt 17.01.4)
Sagemcom FAST@5364 (VDSL2,FTTC (Fibre to the Cabinet) Synced 65/17

Twitter: @francisuk1989
---------------------------------
Found a bug? Report it http://svn.dd-wrt.com
DD-WRT Official FB Group: https://www.facebook.com/groups/493762527744455
nikolajt
DD-WRT Novice


Joined: 16 Feb 2010
Posts: 2

PostPosted: Tue Feb 16, 2010 8:35    Post subject: Wrong HTTP header Reply with quote
I've got the proxy forwarding up and running on my router, but all of my HTTP requests gets rejected, and I've found that its due to the fact that my computer sends the request as "GET / HTTP/1.1" when it doesn't think its behind a proxy, and the squid proxy requires the full URL in the request header. Is there any way to get DD-WRT to convert the header, or what else can i do? I don't have access to configure the proxy server...
ShawnMcGraw
DD-WRT Novice


Joined: 21 Feb 2010
Posts: 1

PostPosted: Sun Feb 21, 2010 13:20    Post subject: Reply with quote
This is exactly what I need. However, the proxy service that I use requires user authentication via User Name and Password. Any thoughts as to how to tie that authentication into this script?
vineethvijaysv
DD-WRT Novice


Joined: 08 Mar 2010
Posts: 1

PostPosted: Mon Mar 08, 2010 13:48    Post subject: Wrong Http-Header Reply with quote
Hello,

I too have the same http header problem as above.
Can anybody help please?
liverpoolatnight
DD-WRT User


Joined: 29 May 2008
Posts: 243
Location: United Kingdom

PostPosted: Sat Apr 24, 2010 8:56    Post subject: easyer running squid on windows, thanks to liverpoolatnight Reply with quote
http://code.google.com/p/squidproxywindows/

Created this project as i thought it will be easy for people on the windows side just to run "control.bat" and when they have finnished using the web proxy they can close it down, So no going though with all that configging squid blah blah

But you would need to copy and paste the firewall settings Smile

Just make sure you choose transparent when your in downloads Smile

Note: The squid verson is Squid 2.7.STABLE7

_________________
TP-Link TL-WDR3600 v1 [EU]: r36330 (07/16/18 )
D-Link DIR-615 D2 [EU]: r36330 (07/16/18 )
Mikrotik RB750r2 (OpenWrt 17.01.4)
EE BrightBox 1 aka A4001N (OpenWrt 17.01.4)
Sagemcom FAST@5364 (VDSL2,FTTC (Fibre to the Cabinet) Synced 65/17

Twitter: @francisuk1989
---------------------------------
Found a bug? Report it http://svn.dd-wrt.com
DD-WRT Official FB Group: https://www.facebook.com/groups/493762527744455
samfiller
DD-WRT Novice


Joined: 16 Nov 2009
Posts: 28

PostPosted: Mon May 17, 2010 11:19    Post subject: Proxy with authentication Reply with quote
Good Afternoon,

I came across this thread while looking how to set up a proxy on my router I appreciate any help that is provided.

I signed up with an advanced parental control web filtering service to filter the internet in my home.
I wanted to know how my router can send all Browser traffic (http,https etc) but not SIP and RDP through this proxy service?

The reason I did not understand which one of the examples in the wiki to use is, I need authentication to log on to this proxy.

Any ideas would be greatly appreciated.

Sam
liverpoolatnight
DD-WRT User


Joined: 29 May 2008
Posts: 243
Location: United Kingdom

PostPosted: Tue May 18, 2010 10:58    Post subject: Re: Proxy with authentication Reply with quote
[quote="samfiller"]I need authentication to log on to this proxy.
/quote]

googles your friend.
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum