Skip to content

Instantly share code, notes, and snippets.

@mauron85
Last active October 22, 2023 11:57
Show Gist options
  • Save mauron85/1034e1f7557759935298243cab6ccc23 to your computer and use it in GitHub Desktop.
Save mauron85/1034e1f7557759935298243cab6ccc23 to your computer and use it in GitHub Desktop.
Transparent proxy for openwrt using tinyproxy & redsocks
#!/bin/sh
# https://crosp.net/blog/administration/routing-network-traffic-through-socks5-proxy-using-dd-wrt/
# https://serverfault.com/questions/200635/best-way-to-clear-all-iptables-rules
PROXIFYING_MACHINE=192.168.82.192
MACHINE_TO_PROXIFY=192.168.83.0/24
NETWORK=192.168.83.0/24
WAN_IP=192.168.81.1
iptables -I PREROUTING 1 -t mangle -s $MACHINE_TO_PROXIFY ! -d $NETWORK -p tcp -m multiport --dports 80,443 -j MARK --set-mark 3
iptables -I PREROUTING 2 -t mangle -s $MACHINE_TO_PROXIFY ! -d $NETWORK -p tcp -m multiport --dports 80,443 -j CONNMARK --save-mark
iptables -I PREROUTING 3 -t mangle -s $MACHINE_TO_PROXIFY ! -d $WAN_IP -p tcp -m multiport --dports 80,443 -j MARK --set-mark 3
iptables -I PREROUTING 4 -t mangle -s $MACHINE_TO_PROXIFY ! -d $WAN_IP -p tcp -m multiport --dports 80,443 -j CONNMARK --save-mark
ip rule add fwmark 3 table 13
ip route add default via $PROXIFYING_MACHINE table 13

Proxy

  • Router in role of proxy must have redsocks & tinyproxy installed
  • Important: Redsocks proxy option type must be: http-connect
iptables -A PREROUTING -t nat -i eth0 -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 12345

All other routers

Run:

dd-wrt-transparent-proxy.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment