Transparent proxy

Transparent proxy

Post by Simon Barne » Thu, 10 Jan 2002 19:36:48



Hi,

I am using a 56k modem connection to some by-call provider. As I wanted to use
the email and news server that is located at my univerity, I have sucessfully
set up an ssh port tunnel via a host within the university's domain that has the
appropriate rights to access those servers.

Now the following idea comes into my mind: I could use that port tunnel also for
http and ftp proxying, which would means that I could benefit from ssh's
compression features when I surf the web or do a download.

The point is that I want to have a transparent proxy, i.e. the requests should
go out to port 80 as usual, but then redirected to the external proxy server.

That is why I have done some research and have come to the following solution:

Here is the beginning of my firewall rules (I am using ipfw and natd).
00100 allow ip from any to any via lo0

# local network card, currently unused
00200 allow ip from any to any via xl0
00300 divert 8668 ip from any to any via tun0

# These rules are for the transparent proxy
00400 allow log logamount 1000 tcp from 127.0.0.1 to any 80
00500 fwd 127.0.0.1,8081 log logamount 1000 tcp from any to any 80

[ more rules ]

To my mind, rule 500 means, that any traffic on port 80 is forward to
localhost:8081.

On localhost:8081 tproxy is listening (/usr/ports/www/transproxy), with the
following options:

tproxy -s 8081 -r nobody -l/var/log/tproxy.log 127.0.0.1 8082

and I have a port tunnel from localhost to the external proxy:

ssh [...] -L8082:my.external.proxy:8080

Since it didn't work I have started ssh with the -v (verbose options) with the
following result:

"telnet localhost 8082" causes some lines to be printed by ssh indicating that
it's forwarding something to the external proxy.

This means: the ssh tunnel is working correctly.

"telnet localhost 8081" causes the same:

This means: tproxy is successfully intercepting requests on port 8081,
processing them and writing its output to port 8082 where ssh is listening.

But if I use a web browser to access a www site, nothing happens (i.e. ssh -v
does not print anything), whereas it works, when I specify localhost:8082 has a
http proxy in my web browser.

/var/log/tproxy.log is empty btw. (it is writable for 'nobody')

Here are the messages in /var/log/security from the rules 400 and 500
(no messages for rule 400, and many messages like these)

ipfw: 500 Forward to 127.0.0.1:8081 TCP 195.252.164.39:2804 195.252.164.39:80
      out via tun0

195.252.164.39 is the ip address the ISP has assigned to me.

I think, my ipfw forwarding rules are broken.
Could somebody please help me?

Simon