Iptables – Forwarding Http traffic through another machine in the LAN

http-proxyiptablesnetworkingPROXY

I am inside a network where my machine (IP-192.168.4.53) dont have access to Gmail. But I have access to another machine with IP (192.168.4.33/24) through which Gmail is accessible. Now what I want to achieve is redirect all my http traffic through that system. Will I be able to do this using IPTables? I have tried and failed but I dont know why I am sure this can be done.

Also all my traffic goes through a proxy 192.168.53.105 where I guess there is a firewall which actually blocks gmail access based on IP (this is a guess)
Any help would be welcome. I would be grateful if you can point me in the right direction..

Best Answer

Why don't you try SSH tunneling since you mentioned you have access to another machine which has proper access to internet

Option 1:

ssh and direct connect (SOCKS5) : The following line will start the ssh client and connect to username@remote_machine.com. Port 8080 on localhost (127.0.0.1) will listen for requests and send them to the remote machine. The remote machine will then send the packets out as if they originated from itself. Now all you have to do is set the preference in Firefox/chrome/your browser choice to use a SOCKS proxy. The proxy is, of course, “localhost”, with the port 8080.

ssh -C2qTnN -D 8080 username@remote_machine.com

Option 2:

ssh to squid proxy (HTTP/SSL Proxy) : The following line will also start the ssh client and connect to username@remote_machine.com. Port 8080 on localhost (127.0.0.1) on the current machine will listen for requests and ssh tunnel them to the remote machine. On the remote machine ssh will forward the packets to localhost port 3128. If squid is listening on localhost port 3128 on the remote machine then all requests sent though the ssh tunnel will then be forwarded to squid.

ssh -C2qTnN -L 8080:localhost:3128 username@remote_machine.com

Related Solutions

Linux – force LAN hosts to go through proxy

There are at least two ways of doing this:

Proxy auto-configuration URL via DHCP
Transparent proxy redirection with iptables

The first option uses WPAD mechanism:

In your DHCP server config, you must include option 252 (e.g. for dhcpd):

option local-proxy-config code 252 = text;
...
subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.20 192.168.0.30;
  ...
  option local-proxy-config "http://your_http_server/proxy.pac";
}

Your proxy.pac is just a bit of JS which tells the browser what to proxy (e.g.):

function FindProxyForURL(url, host) {
    var proxy = "PROXY your_proxy_server:3128; DIRECT";
    var direct = "DIRECT";

    // no proxy for local hosts without domain:
    if(isPlainHostName(host)) return direct;

    // proxy everything else:
    return proxy;
}

The second option is to use iptables to redirect http traffic transparently (e.g.):

iptables -t nat -A PREROUTING -i eth0 -s ! your_proxy_server -p tcp --dport 80 -j DNAT --to your_proxy_server:3128
iptables -t nat -A POSTROUTING -o eth0 -s local-network -d your_proxy_server -j SNAT --to iptables-box
iptables -A FORWARD -s local-network -d your_proxy_server -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT

Iptables redirect HTTP traffic to proxy

This is called "transparent proxy". You need two things to do it:

Your proxy server should support it (transparent proxy). Squid is a well-known proxy server which supports transparent proxy mode.
Configure your firewall / router to redirect HTTP traffic to your proxy like the iptables rule you have.

Best Answer

Related Solutions

Linux – force LAN hosts to go through proxy

Iptables redirect HTTP traffic to proxy

Related Topic