wo0t i'm back from 2 weeks of military training and i think i finally recovered from the sleep dep.
Anyways, i've set up a handfull of proxies. From squid caching proxies to apache mod_proxy's.
When setting up transparent proxies, you do not need to configure any machine to use them and instead machines are forced to use them transparently without knowing, hence the usage of the word transparent. My preferred way to achieve this is to host the proxy daemon on the same machine operating as the router. This typically ain't such a big deal to me as most of the routers i operate are FreeBSD boxes with a half dozen NICs in them.
However, i've done transparent proxies before where the actual proxy machine was on a separate system then the router and the only difference is that you just have to change a redirect rule (in PF for FreeBSD, iptables for linux) from forwarding the desired proxied traffic to 127.0.0.1 on the proxy port, to the ip/port combo of the location of the remote proxy. .... yup, thats all it takes.
Naturally you configure squid to operate transparently:
- Code: Select all
http_port 192.168.1.1:3128 transparent
^^ to your squid.conf, where 192.168.1.1 is the ip of the squid box and 3128 is the port you want squid to listen to for http requests
In linux you'd do most of the firewall/re-routing work with iptables. The great thing about DD-WRT is it linux and as such it comes with and uses iptables.
one of my favorite uses for DD-WRT is that i use it as a cheap SSH tunnel into my home network from wherever i am and also if i'm on an unencrypted wifi connection somewhere, i tunnel my web traffic over encrypted SSH through my home connection for privacy. No i'm not paranoid, i like to do things like check my bank account on the road and the last thing i would ever do is send those credentials over an unencrypted, broadcasted transmission.
on a side note, /me introduces Goatboy to VLANs