[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Anonymous/Nonymous Communication Coexisting?



> 
> 
> #!/bin/sh
> 
> # 192.168.10.1 = router
> # 192.168.10.10 = workstation to proxy
> # 192.168.10.1:3128 = Squid
> # 192.168.10.1:1211 = Transsocks
> 
> 
> INCLUDE="192.168.10.10"
> EXCLUDE="192.168.0.0/16 127.0.0.1 10.12.77.0/24"
> 
> 
> #Exceptions
> for exception in ${EXCLUDE} ; do
>         iptables -t nat -A PREROUTING --dst ${exception} -j RETURN
> done
> 
> #Avoid feedback loops
> #iptables -t nat -A PREROUTING -m owner --cmd-owner transocks -j RETURN
> 
> #Send to transocks
> for host in ${INCLUDE} ; do
>         #iptables -t nat -A PREROUTING -s ${host} -p tcp -j LOG --log-level
> info --log-prefix "SOCKSify "
>         iptables -t nat -A PREROUTING -s ${host} -d ! 192.168.10.1 -p
> tcp --dport 80 -j REDIRECT --to-port 3128
>         #iptables -t nat -A PREROUTING -s ${host} -p tcp --dport 80 -j
> DNAT --to 192.168.10.1:3128
>         iptables -t nat -A POSTROUTING -s ${host} -d 192.168.10.1 -j
> SNAT --to-source 192.168.10.1
>         iptables -t nat -A PREROUTING -s ${host} -p tcp -j
> REDIRECT --to-port 1211
>         iptables -t nat -A PREROUTING -s ${host} -j DROP
> done
> 
> # Socksify traffic leaving this host:
> #iptables -t nat -A OUTPUT -p tcp --syn -j PREROUTING
> 
> 
> Markus
> 
> 

I configured myself like this too.  Very nice. I have one problem left
still. The machine on which the programs are, the router, doesn't want to
connect via squid nor transocks, i. e. transparent proxying works only for
the machines on the LAN, not the server/router itself.  Any hints?
Here are the pertinent iptables rules, and as one can see nothing's hitting
the OUPTUT chain:  

~# iptables-save -c -t nat
# Generated by iptables-save v1.2.11 on Fri Jun 10 10:59:23 2005
*nat
:PREROUTING ACCEPT [1204:84937]
:POSTROUTING ACCEPT [1456:101425]
:OUTPUT ACCEPT [0:0]
:SOCKSIFY - [0:0]
[101:5252] -A PREROUTING -s 192.168.167.0/255.255.255.0 -p tcp -m tcp \
	--tcp-flags SYN,RST,ACK SYN -j SOCKSIFY
[0:0] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j SOCKSIFY
[768:43008] -A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS \
	--clamp-mss-to-pmtu
[0:0] -A POSTROUTING -s 192.168.167.0/255.255.255.0 -d ! \
	192.168.167.0/255.255.255.0 -o ppp+ -j MASQUERADE
[0:0] -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j SOCKSIFY
[0:0] -A SOCKSIFY -o lo -j RETURN
[0:0] -A SOCKSIFY -p tcp -m tcp --dport 9055 -j RETURN
[0:0] -A SOCKSIFY -d 66.240.11.101 -j RETURN
[0:0] -A SOCKSIFY -d 143.247.254.11 -j RETURN
[0:0] -A SOCKSIFY -d 143.247.253.10 -j RETURN
[0:0] -A SOCKSIFY -d 216.239.64.140 -j RETURN
[0:0] -A SOCKSIFY -d 209.237.230.66 -j RETURN
[0:0] -A SOCKSIFY -d 206.241.31.21 -j RETURN
[36:1872] -A SOCKSIFY -d 192.168.167.0/255.255.255.0 -j RETURN
[0:0] -A SOCKSIFY -d 127.0.0.1 -j RETURN
[0:0] -A SOCKSIFY -s 127.0.0.1 -j RETURN
[65:3380] -A SOCKSIFY -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j LOG \
	--log-prefix "SOCKSify: " --log-level 6
[65:3380] -A SOCKSIFY -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8888
[0:0] -A SOCKSIFY -p tcp -j REDIRECT --to-ports 1211
COMMIT
# Completed on Fri Jun 10 10:59:24 2005


Many Thanks!


Rescator
(GingkoBiloba server)