• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 279 subscribers
  • Views 2039 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Linux IPtables and port forwarding rule help for SOCKS5 proxy access via my OpenWRT/ LEDE router

d09h

Background:

I'm running LEDE/ OpenWRT on a Linksys WRT1900ACS router.  Adblocking and privoxy are set up and work great.  I also use the router as a SOCKS5 proxy for safer browsing remotely from networks I tend not to trust (which is really every other network--employer/ oil change place/ retail stores/ coffee shop/ hotel/ relatives/ friends).  The SOCKS5 proxy works via PKI and my terminal emulator (ConnectBot / VX ConnectBot/ PuTTy). I believe my SOCKS5 proxy sessions in my phone's browser don't gain the benefit of adblocking and privoxy as I seem to almost get a DMZ experience vs a LAN experience.  I've confirmed that suspicion by tailing privoxy logs and by trying to hit its management web page http://p.p and http://config.privoxy.org (both of which work from the LAN and take me to the management page where I can toggle the service or check for applicable actions on any domain).  I know my browsing is really going through the router at the house (since public IP seen by web servers is my home ISP rather than Sprint cellluar), but I don't see adblocking and privoxy benefits that I had hoped to.  It's still a net gain as I'm using the router's McAfee and Komodo DNS, and the networks I connect from only see my SSH session out on port 443 to my dynamic DNS hostname, with all browser DNS resolution inside that tunnel (unseen).

Question:

Basically my question is, since the following iptables rule is how I succeeded in forcing LAN traffic through my privoxy service (intercepting proxy), should I expect a similar rule will be necessary to force incoming SOCKS5 proxied traffic (me anywhere but home) through privoxy on its listening port?  Note that before this rule was added, manual configuration of browser SOCSK5 proxy had to be set for LAN clients.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 j REDIRECT --to-ports 8080

Perhaps the same rule as above with eth0 changed to my router's WAN interface?

Should I instead try to handle this by a telnet inside my SSH session to the listening port of the privoxy service?  Or a command to be run after my PKI authenticated SSH session succeeds?

I would sure appreciate any advice.

  • 0

    I still don't know if the connectivity I described can be made to work. Meanwhile, since I had a Raspberry Pi sitting around, I loaded up Debian Freedombox.  No messing with config files required...just a few clicks and Privoxy was available to anything that could be pointed that way.  Now investigating whether I want to use Pagekite service or make the Freedombox available via the DDNS solution I bought last month.  Will be using OpenVPN + Pagekite or OpenVPN plus DDNS on the LEDE/ OpenWRT router to give Privoxy benefits to my Android devices while away.  As I just started reading about Pagekite, I don't know what I don't know.  Freedombox looks infinitely more streamlined than messing with config files/ LUCI on LEDE/OpenWRT.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.