0

I'm trying to transparently proxy HTTP requests in a LAN that is served by a pfSense router over SSH.

So far, I've tried setting up an Ubuntu box outside that network and forwarding everything going outward that's HTTP to redsocks on the outside Ubuntu box which is forwarding to RedSOCKS which then points to a SOCKS server provided by a SSH connection to a box that's also outside the network. This does not work and I am not sure why. Connecting to the socks server directly on an internal machine works but I need the traffic transparently forwarded.

Rough diagram of how I am thinking it is setup.

Client -> Router(pfSense)  -> RedSOCKS -> SSH SOCKS -> Outside Internet

Help would be much appreciated.

As for searches I've done: I'm kinda doing what this guy wants to do. I don't want to resort to his solution of installing a proximity on every client computer as that would be a extraordinary massive hassle/compatibility issue for me. http://forum.pfsense.org/index.php/topic,20294.0.html

quanta
  • 50,327
  • 19
  • 152
  • 213
nelsonjchen
  • 113
  • 1
  • 5
  • Can you break down the list of connections that are/aren't working? Creating an outbound NAT from port 80 to your proxy server should be fairly easy. – Andrew Nov 07 '11 at 02:07

1 Answers1

0

I think I nailed this. I added another interface to pfSense and another to the Ubuntu box with the Ubuntu box as a gateway in pfSense on that interface. I had the rules set to have anything going out on port 80 from a certain host use the gateway that was the Ubuntu box on that point to point LAN. On the Ubuntu box, I had the prerouting table there point to the redsocks instance on the Ubuntu box. From there on, it's a matter of doing the SSH SOCKS thing. Thanks for the help.

For pfSense, I looked at policy based routing.

This was the most helpful thing for me regarding iptables: https://askubuntu.com/questions/4010/iptables-issue-with-squid-as-transparent-proxy

Community
  • 1
nelsonjchen
  • 113
  • 1
  • 5