Transparent TCP proxy

sreenaath vasudevan sreenaathkv at gmail.com
Mon May 16 12:18:01 PDT 2016 

Hi Juli
Thanks for the quick response.
Yes I did go through the earlier discussion in the mailing list regarding
transparent proxy. Hence, I wanted to check if anything has changed in the
meanwhile.
I currently have a simple bridge module in kernel which nats the incoming
tcp connections to localhost on a specific port (so that listening client
side wanproxy can serve the incoming connection and connect to server side
wanproxy).
I can use that or redsocks as you suggested.
But assuming I use one of the above two mechanisms (custom bridge kernel
module with snat or redsocks), how should I configure wanproxy on both the
client and server side?

Would be more interested in knowing wanproxy configuration for such a
deployment scenario. An example wanproxy config would get me started.
If there is some prior experience in redsocks + wanproxy I will be willing
to try that quick as well.

Thanks

On Mon, May 16, 2016 at 11:40 AM, Juli Mallett <juli at clockworksquid.com>
wrote:

> Hello, Sreenaath,
>
> Full transparent proxy support is not yet implemented.  There is some
> missing configuration glue, some of which is fairly substantial.  It
> could be done in a short period of time, but so far there hasn't quite
> been enough interest.  Also, there's the matter of the fact that
> support for packet interfaces is OS-specific, and where I'm most
> familiar with netmap (which would support both FreeBSD and Linux; I've
> been maintaining substantial code bases using netmap for years),
> there's the matter of users possibly not wanting to be so limited, so
> we'd want pcap/BPF as well, and it's a question of which to
> prioritize.  Netmap also gives you the option of doing your filtering
> in another application and using VALE to route packets to the proxy.
> And so on.  If there's an interest in making that work happen, I'm
> willing to do it.  I think if you search the mailing list archives you
> may find past discussions about this.
>
> It's possible to use OS-provided features usually to redirect some
> connections to WANProxy, so you wouldn't have full transparency, but
> also wouldn't require configuration of proxies on each client.  I
> believe redsocks is one of the more popular mechanisms for routing
> traffic into WANProxy, but others may have their own suggestions.
>
> Thanks,
> Juli.
>
> On Mon, May 16, 2016 at 11:19 AM, sreenaath vasudevan
> <sreenaathkv at gmail.com> wrote:
> > Hi
> > Has anyone tried to run wanproxy as transparent tcp proxy? Is it
> possible to
> > run wanproxy in transparent proxy mode?
> > I saw examples on wanproxy.org link @ here showing how to run it via
> SSH or
> > over SOCKS.
> > In my case, I want client side wanproxy to run as transparent tcp proxy.
> > This will connect to the server side wan proxy (again running as
> transparent
> > proxy) over regular tcp/udp session.
> > In other words, Client <-> Server connection will be broken down in to 3
> > connections i.e Client <-> Client_Proxy + Client_Proxy <-> Server_Proxy +
> > Server_proxy <-> Server.
> > I assume this is possible with wanproxy. Just wanted to know if the
> example
> > already covers this or there is some other configuration needed for the
> > above example.
> >
> > Thanks !
> >
> > --
> > regards
> > sreenaath
> >
> > _______________________________________________
> > wanproxy mailing list
> > wanproxy at lists.wanproxy.org
> > http://lists.wanproxy.org/listinfo.cgi/wanproxy-wanproxy.org
> >
>



-- 
regards
sreenaath
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20160516/1927a8f7/attachment.htm>

More information about the wanproxy mailing list