Send HTTP request through proxy server to Internet

Question

I have a client that has no direct access to the internet. But it is connected to a server on a LAN connection, whereas the server has access to the Internet.

I'd like to send an HTTP request from the client through the Server to the Internet. How can I do this?

+--------+        +--------+        +--------+
|        |  LAN   | Ubuntu |   WAN  |        |
| Client <--------> 16.04  <-------->  WWW   |
|        |        | Server |        |        |
+--------+        +--------+        +--------+

Steps:

Client sends request to Server on LAN at https://user:pass@local-server:1234
Server forwards request to remote endpoint at https://user:pass@remote-server

Note: I only need to forward the HTTP request to a single endpoint

I have been looking at running squid or tinyproxy on the server but I'm not sure how to properly configure them or if it's the simplest approach. Is a proxy server needed here?

Alexander Tolkachev · Answer 1 · 2017-12-20T20:53:01.173

3

There is two solutions. First - configure NAT on server, Second - configure HTTP Proxy. So, from my point of view, for your situation best way - configure NAT, you don't need to install any additional software, just configure firewall.

To configure it on iptables you should do two steps:

First of all make sure the packet forwarding is enabled in the kernel

# echo 1 > /proc/sys/net/ipv4/ip_forward

You can also make it permanent by adding below line to /etc/sysctl.conf

net.ipv4.ip_forward = 1

Then you should add to iptables configuration two rules:

-A PREROUTING -p tcp -m tcp --dport 1234 -j DNAT --to-destination internet-ip:1234
-A POSTROUTING -p tcp -m tcp --dport 1234 -j MASQUERADE

It could be done by command:

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 1234 -j DNAT --to-destination internet-ip:1234
iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 1234 -j MASQUERADE

With this you should check that there is no rule for forwarding block, it looks like this -A FORWARD -j REJECT --reject-with icmp-host-prohibited. If it exist, it could be removed by command:

iptables -t filter -D FORWARD -j REJECT --reject-with icmp-host-prohibited

As well, you could read articles for enabling forwarding in ufw in internet. Here two[1][2] examples.

edited Dec 20 '17 at 20:53

answered Dec 20 '17 at 20:13

Alexander Tolkachev

4,513
3
14
23

Correct options. Insufficient justification of recommendation. – Daniel Widrick Dec 20 '17 at 20:15
@DanielWidrick it's hard to recommend anything, because I don't know what Linux distributive and what firewall use topic starter. – Alexander Tolkachev Dec 20 '17 at 20:17
@AlexanderTolkachev can you give some more details on how I could do this? – Ryan R Dec 20 '17 at 20:34
@RyanR I know how to configure `iptables`. If it's ok for you, I could write simple configuration. – Alexander Tolkachev Dec 20 '17 at 20:38
@AlexanderTolkachev yes that would be helpful to get me started, thanks. – Ryan R Dec 20 '17 at 20:41
@RyanR, please check updated answer. – Alexander Tolkachev Dec 20 '17 at 20:53
@AlexanderTolkachev thanks I will try and report back. – Ryan R Dec 20 '17 at 21:49
Upvoting after edit. I still think a proxy may be more appropriate here but this solution will work. – Daniel Widrick Dec 21 '17 at 01:59

Send HTTP request through proxy server to Internet

1 Answers1