Last active
March 22, 2018 16:43
-
-
Save GeoffWilliams/a65d09cab22f7a5e289e to your computer and use it in GitHub Desktop.
transparent proxy rules for openwrt and squid
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Shell commands to run on router to enable transparent proxying | |
# | |
uci add firewall redirect | |
uci set firewall.@redirect[0].name='Transparent Proxy Redirect' | |
uci set firewall.@redirect[0].src=lan | |
uci set firewall.@redirect[0].proto=tcp | |
uci set firewall.@redirect[0].dest_port=3128 | |
uci set firewall.@redirect[0].src_dport=80 | |
uci set firewall.@redirect[0].src_dip='!192.168.15.1' | |
uci set firewall.@redirect[0].dest_ip=192.168.15.1 | |
uci set firewall.@redirect[0].target='DNAT' | |
uci commit firewall | |
/etc/init.d/firewall restart |
You are probably overriding the first redirect route of your router. Either do this (notice the -1, it's basically targeting the last rule you added)
uci add firewall redirect
uci set firewall.@redirect[-1].name='Transparent Proxy Redirect'
uci set firewall.@redirect[-1].src=wan
uci set firewall.@redirect[-1].proto=tcp
uci set firewall.@redirect[-1].src_dip='!192.168.1.1'
uci set firewall.@redirect[-1].src_dport=80
uci set firewall.@redirect[-1].dest_ip=192.168.1.1
uci set firewall.@redirect[-1].dest_port=3128
uci set firewall.@redirect[-1].target='DNAT'
uci commit firewall
/etc/init.d/firewall restart
or with a unique identifier, because deleting the first rule via commandline is cumbersome and can caus unwanted effects. I'd rather do this:
uci set firewall.transparent=redirect
uci set firewall.transparent.name='Transparent Proxy Redirect'
uci set firewall.transparent.src=wan
uci set firewall.transparent.proto=tcp
uci set firewall.transparent.src_dip='!192.168.1.1'
uci set firewall.transparent.src_dport=80
uci set firewall.transparent.dest_ip=192.168.1.1
uci set firewall.transparent.dest_port=3128
uci set firewall.transparent.target='DNAT'
uci commit firewall
/etc/init.d/firewall restart
# uci delete firewall.transparent
settings = FAIL
Hi!
Would you tell me why did you change from .src=lan
to .src=wan
and why .src_dip
instead of .src_ip
?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It's not working for me.
The browser just waiting all the time until time out.