[plug] plug Digest, Vol 147, Issue 7

Brett Stephens fhht15687 at yandex.com
Sat Aug 27 12:54:13 AWST 2016 


26.08.2016, 06:58, "plug-request at plug.org.au" <plug-request at plug.org.au>:
> Send plug mailing list submissions to
>         plug at plug.org.au
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.plug.org.au/mailman/listinfo/plug
> or, via email, send a message with subject or body 'help' to
>         plug-request at plug.org.au
>
> You can reach the person managing the list at
>         plug-owner at plug.org.au
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of plug digest..."
>
> Today's Topics:
>
>    1. raspberry pi transparent proxy problem iptables redirect
>       (plaintext) (Brett Stephens)
>    2. Re: raspberry pi transparent proxy problem iptables redirect
>       (plaintext) (Brad Campbell)
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 25 Aug 2016 16:00:00 +0300
> From: Brett Stephens <fhht15687 at yandex.com>
> To: "plug at plug.org.au" <plug at plug.org.au>
> Subject: [plug] raspberry pi transparent proxy problem iptables
>         redirect (plaintext)
> Message-ID: <741311472114689 at web9h.yandex.ru>
> Content-Type: text/plain
>
> Hi,
>
> So I'm building a transparent raspberry pi proxy using privoxy (socks5) , tor and openwrt.
>
> Have got it working but none of the iptable redirect rules are working. I know this isn't a new problem, but none of the example solutions online are working.
>
> The idea is someone connects to wifi and the connection gets rerouted to tor without the clients setting up proxies manually or using proxy scripts.
>
> I also have multiple interfaces (subnets) on openwrt which might or might not complicate things.
>
> Client machine:
> interface: wlan0-1
> ip: 192.168.9.168
>
> raspberry pi proxy server
> interface: br-lan
> ip: 192.168.1.105
> privoxy port: 8118
>
> wireless router openwrt
>
> iptable rules which aren't working:
>
> iptables -t nat -A PREROUTING -i wlan0-1 -s ! 192.168.1.105 -p tcp --dport 80 -j DNAT --to 192.168.1.105:8118
> iptables -t nat -A PREROUTING -i wlan0-1 -s ! 192.168.1.105 -p tcp --dport 443 -j DNAT --to 192.168.1.105:8118
> iptables -t nat -A POSTROUTING -o wlan0-1 -s 192.168.9.0/24 -d 192.168.1.55 -j SNAT --to 192.168.9.1
> iptables -A FORWARD -s 192.168.9.1/24 -d 192.168.1.55 -i wlan0-1 -o wlan0-1 -p tcp --dport 8118 -j ACCEPT
>
> They're basically rewritten from: http://www.tldp.org/HOWTO/TransparentProxy-6.html
>
> The setup works if I manually setup socks5 proxies to 192.168.1.105:8118 but the automatic redirects don't work.
>
> Also I've edited the privoxy config file to allow intercepted connections '1'.
>
> Any help would be appreciated.
>
> ------------------------------
>
> Message: 2
> Date: Thu, 25 Aug 2016 21:32:11 +0800
> From: Brad Campbell <brad at fnarfbargle.com>
> To: plug at plug.org.au
> Subject: Re: [plug] raspberry pi transparent proxy problem iptables
>         redirect (plaintext)
> Message-ID: <529d647e-6f8d-8dcf-d5f9-54e4771f0f63 at fnarfbargle.com>
> Content-Type: text/plain; charset=windows-1252; format=flowed
>
> On 25/08/16 21:00, Brett Stephens wrote:
>>  Hi,
>>
>>  So I'm building a transparent raspberry pi proxy using privoxy (socks5) , tor and openwrt.
>>
>>  Have got it working but none of the iptable redirect rules are working. I know this isn't a new problem, but none of the example solutions online are working.
>>
>>  The idea is someone connects to wifi and the connection gets rerouted to tor without the clients setting up proxies manually or using proxy scripts.
>>
>>  I also have multiple interfaces (subnets) on openwrt which might or might not complicate things.
>>
>>  Client machine:
>>  interface: wlan0-1
>>  ip: 192.168.9.168
>>
>>  raspberry pi proxy server
>>  interface: br-lan
>>  ip: 192.168.1.105
>>  privoxy port: 8118
>>
>>  wireless router openwrt
>>
>>  iptable rules which aren't working:
>
> Is your default gateway 192.168.1.105 for your clients?

Without the proxy the default gateway is just 192.168.9.1 for clients.

But the default gateway for the raspberry pi proxy is 192.168.1.1 

192.168.9.1 points to the same device as 192.168.1.1 (an openwrt router).

I hope that makes sense.

>
> --
> Dolphins are so intelligent that within a few weeks they can
> train Americans to stand at the edge of the pool and throw them
> fish.
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://lists.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
> ------------------------------
>
> End of plug Digest, Vol 147, Issue 7
> ************************************

More information about the plug mailing list