User Tools

Site Tools


guifi.net:proxy_transparent

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid

Proxy transparente

Puerto 80

Instalar Squid y configurar la conexión a otro proxy:

http_port <ip local>:3128 transparent
cache_peer <ip proxy1> parent 3128 0 login=usuario:contrasenya no-query default round-robin
cache_peer <ip proxy2> parent 3128 0 login=usuario:contrasenya no-query default round-robin

Por ejemplo:

http_port 192.168.1.4:3128 transparent
cache_peer 10.145.0.36 parent 3128 0 login=ca.lafou:qh76SPga no-query default round-robin
cache_peer 10.145.2.34 parent 3128 0 login=ca.lafou:qh76SPga no-query default round-robin

Resto de puertos

Configuramos una conexión con el corkscrew por el puerto 443 a una VPN de un servidor en inernet

#! /bin/bash
iptables -t nat -D PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128
route add -net 10.145.0.0 netmask 255.255.0.0 gw 192.168.1.1
route del default
route add -host 192.168.65.1 dev tun0
route add default gw 192.168.65.1
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Corkscrew: Fichero .ssh/config:

Host calafouproxy
Port 443
ProxyCommand /usr/bin/corkscrew 10.145.0.36 3128 94.23.80.158 443 /home/caedes/.proxycalafou
IdentityFile /root/.ssh/tunnel_key

OpenVPN

client
dev tun
proto tcp
remote 127.0.0.1r 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert seldon.crt
key seldon.key
#comp-lzo
verb 3
#cipher none
script-security 2
up /etc/openvpn/up.sh

Fichero /etc/openvpn/up.sh es el script del uptables

/etc/inetd.conf

# ssh tunnel to smarthost.com's SMTP server
127.0.0.1:1194  stream  tcp     nowait  root    /usr/bin/ssh  -q -T vpncalafou@calafouproxy
guifi.net/proxy_transparent.txt · Last modified: 2015/04/13 20:19 by 127.0.0.1