[PLUG] TPROXY, something missing...
michael at robinson-west.com
michael at robinson-west.com
Tue Apr 21 14:29:14 UTC 2020
root at filter:~# iptables -vL -t mangle
Chain PREROUTING (policy ACCEPT 139 packets, 46095 bytes)
pkts bytes target prot opt in out source destination
6 360 TPROXY tcp -- any any anywhere anywhere tcp dpt:http TPROXY redirect 0.0.0.0:3128 mark 0x1/0x1
Chain INPUT (policy ACCEPT 90 packets, 20053 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 49 packets, 26042 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 78 packets, 18952 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 127 packets, 44994 bytes)
pkts bytes target prot opt in out source destination
Something's wrong still. I cannot get to html sites with this rule in and this does nothing for secure sites. I could do multiport and 80,443 I suppose, but this needs to work first.
I'm attempting to do transparent http/https proxying. Otherwise, I can only access Web Safety by manually setting a proxy on my Linux based client.
I have a dynamic IP on my Buster based gateway, so I cannot easily set up a second routing table...
root at filter:~# iptables -vL -t nat
Chain PREROUTING (policy ACCEPT 186 packets, 13656 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 129 packets, 10202 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 32 packets, 6136 bytes)
pkts bytes target prot opt in out source destination
110 8711 MASQUERADE all -- any eth1 anywhere anywhere
Chain OUTPUT (policy ACCEPT 99 packets, 12109 bytes)
pkts bytes target prot opt in out source destination
root at filter:~#
root at filter:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.254.1 netmask 255.255.255.0 broadcast 192.168.254.255
ether 1c:87:2c:63:9f:8c txqueuelen 1000 (Ethernet)
RX packets 2972666 bytes 519050930 (495.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5485892 bytes 7018867791 (6.5 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 68.113.240.174 netmask 255.255.254.0 broadcast 255.255.255.255
ether 00:e0:4c:69:13:21 txqueuelen 1000 (Ethernet)
RX packets 6215628 bytes 8109355377 (7.5 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3206581 bytes 572263768 (545.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:any1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 8.8.8.8 netmask 255.255.255.255 broadcast 8.8.8.8
ether 1c:87:2c:63:9f:8c txqueuelen 1000 (Ethernet)
eth0:any2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 8.8.8.4 netmask 255.255.255.255 broadcast 8.8.8.4
ether 1c:87:2c:63:9f:8c txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 867482 bytes 350741806 (334.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 867482 bytes 350741806 (334.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root at filter:~# ip route list
default via 71.90.98.1 dev eth1 proto dhcp metric 101
default via 192.168.254.1 dev eth0 proto dhcp src 192.168.254.16 metric 202
default via 68.113.240.1 dev eth1 proto dhcp src 68.113.240.174 metric 203 mtu 1500
68.113.240.0/23 dev eth1 proto kernel scope link src 68.113.240.174 metric 101
68.113.240.0/23 dev eth1 proto dhcp scope link src 68.113.240.174 metric 203 mtu 1500
71.90.98.0/23 dev eth1 proto kernel scope link src 71.90.99.190 metric 101
192.168.254.0/24 dev eth0 proto dhcp scope link src 192.168.254.16 metric 202
More information about the PLUG
mailing list