I am using a 56k modem connection to some by-call provider. As I wanted to use
the email and news server that is located at my univerity, I have sucessfully
set up an ssh port tunnel via a host within the university's domain that has the
appropriate rights to access those servers.
Now the following idea comes into my mind: I could use that port tunnel also for
http and ftp proxying, which would means that I could benefit from ssh's
compression features when I surf the web or do a download.
The point is that I want to have a transparent proxy, i.e. the requests should
go out to port 80 as usual, but then redirected to the external proxy server.
That is why I have done some research and have come to the following solution:
Here is the beginning of my firewall rules (I am using ipfw and natd).
00100 allow ip from any to any via lo0
# local network card, currently unused
00200 allow ip from any to any via xl0
00300 divert 8668 ip from any to any via tun0
# These rules are for the transparent proxy
00400 allow log logamount 1000 tcp from 127.0.0.1 to any 80
00500 fwd 127.0.0.1,8081 log logamount 1000 tcp from any to any 80
[ more rules ]
To my mind, rule 500 means, that any traffic on port 80 is forward to
On localhost:8081 tproxy is listening (/usr/ports/www/transproxy), with the
tproxy -s 8081 -r nobody -l/var/log/tproxy.log 127.0.0.1 8082
and I have a port tunnel from localhost to the external proxy:
ssh [...] -L8082:my.external.proxy:8080
Since it didn't work I have started ssh with the -v (verbose options) with the
"telnet localhost 8082" causes some lines to be printed by ssh indicating that
it's forwarding something to the external proxy.
This means: the ssh tunnel is working correctly.
"telnet localhost 8081" causes the same:
This means: tproxy is successfully intercepting requests on port 8081,
processing them and writing its output to port 8082 where ssh is listening.
But if I use a web browser to access a www site, nothing happens (i.e. ssh -v
does not print anything), whereas it works, when I specify localhost:8082 has a
http proxy in my web browser.
/var/log/tproxy.log is empty btw. (it is writable for 'nobody')
Here are the messages in /var/log/security from the rules 400 and 500
(no messages for rule 400, and many messages like these)
ipfw: 500 Forward to 127.0.0.1:8081 TCP 184.108.40.206:2804 220.127.116.11:80
out via tun0
18.104.22.168 is the ip address the ISP has assigned to me.
I think, my ipfw forwarding rules are broken.
Could somebody please help me?