-
Notifications
You must be signed in to change notification settings - Fork 48
Redirecting clients on local network into a proxy
In that scenario all TCP traffic which gets through a gateway gets redirected into dumbproxy. Assuming that gateway is operating on some Linux.
We will use redsocks in this to redirect transit TCP connections into a HTTP proxy. Unfortunately, redsocks can't interact directly with a proxy over TLS, so we are going to need dumbproxy on client side as well to expose regular HTTP proxy on a local port.
All in all, you need to run dumbproxy on local port like this: dumbproxy -bind-address 127.0.0.1:3128 -proxy https://login:password@example.org. Assuming that you have remote TLS-enabled instance of (dumb)proxy hosted on example.org and having login and password login and password.
Most likely redsocks should be available for installation via your package manager. Use config file like this one:
base {
// debug: connection progress & client list on SIGUSR1
log_debug = off;
// info: start and end of client session
log_info = on;
/* possible `log' values are:
* stderr
* "file:/path/to/file"
* syslog:FACILITY facility is any of "daemon", "local0"..."local7"
*/
log = "syslog:daemon";
// detach from console
daemon = on;
/* Change uid, gid and root directory, these options require root
* privilegies on startup.
* Note, your chroot may requre /etc/localtime if you write log to syslog.
* Log is opened before chroot & uid changing.
*/
user = redsocks;
group = redsocks;
// chroot = "/var/chroot";
/* possible `redirector' values are:
* iptables - for Linux
* ipf - for FreeBSD
* pf - for OpenBSD
* generic - some generic redirector that MAY work
*/
redirector = iptables;
}
redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 0.0.0.0;
local_port = 12345;
// `ip' and `port' are IP and tcp-port of proxy-server
// You can also use hostname instead of IP, only one (random)
// address of multihomed host will be used.
ip = 127.0.0.1;
port = 3128;
// known types: socks4, socks5, http-connect, http-relay
type = http-connect;
// login = "foobar";
// password = "baz";
}
Pay attention mostly to redsocks section of redsocks config, other sections most likely can be left with defaults.
Depending on the way iptables are managed in your system, you need an equivalent of this iptables rule to make actual redirection:
iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.0/16 '!' -d 192.168.0.0/16 -p tcp -j REDIRECT --to-ports 12345
Assuming that eth0 is your local interface and 192.168.0.0/16 is an IP address range in your LAN.
That's all, it should work by now!