Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
transparent proxy rules for openwrt and squid
#
# Shell commands to run on router to enable transparent proxying
#
uci add firewall redirect
uci set firewall.@redirect[0].name='Transparent Proxy Redirect'
uci set firewall.@redirect[0].src=lan
uci set firewall.@redirect[0].proto=tcp
uci set firewall.@redirect[0].dest_port=3128
uci set firewall.@redirect[0].src_dport=80
uci set firewall.@redirect[0].src_dip='!192.168.15.1'
uci set firewall.@redirect[0].dest_ip=192.168.15.1
uci set firewall.@redirect[0].target='DNAT'
uci commit firewall
/etc/init.d/firewall restart
@hzxie

This comment has been minimized.

Copy link

@hzxie hzxie commented Mar 31, 2016

It's not working for me.
The browser just waiting all the time until time out.

@tomsiwik

This comment has been minimized.

Copy link

@tomsiwik tomsiwik commented Jun 14, 2016

You are probably overriding the first redirect route of your router. Either do this (notice the -1, it's basically targeting the last rule you added)

uci add firewall redirect
uci set firewall.@redirect[-1].name='Transparent Proxy Redirect'
uci set firewall.@redirect[-1].src=wan
uci set firewall.@redirect[-1].proto=tcp
uci set firewall.@redirect[-1].src_dip='!192.168.1.1'
uci set firewall.@redirect[-1].src_dport=80
uci set firewall.@redirect[-1].dest_ip=192.168.1.1
uci set firewall.@redirect[-1].dest_port=3128
uci set firewall.@redirect[-1].target='DNAT'
uci commit firewall
/etc/init.d/firewall restart

or with a unique identifier, because deleting the first rule via commandline is cumbersome and can caus unwanted effects. I'd rather do this:

uci set firewall.transparent=redirect
uci set firewall.transparent.name='Transparent Proxy Redirect'
uci set firewall.transparent.src=wan
uci set firewall.transparent.proto=tcp
uci set firewall.transparent.src_dip='!192.168.1.1'
uci set firewall.transparent.src_dport=80
uci set firewall.transparent.dest_ip=192.168.1.1
uci set firewall.transparent.dest_port=3128
uci set firewall.transparent.target='DNAT'
uci commit firewall
/etc/init.d/firewall restart

# uci delete firewall.transparent
@Chrisnetika

This comment has been minimized.

Copy link

@Chrisnetika Chrisnetika commented Jan 18, 2018

settings = FAIL

@diogosimao

This comment has been minimized.

Copy link

@diogosimao diogosimao commented Mar 22, 2018

Hi!
Would you tell me why did you change from .src=lan to .src=wan and why .src_dip instead of .src_ip ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment