<div dir="ltr"><div><div><div><div><div><div><div><div>Hi Juli<br></div>Thanks for the quick response.<br></div>Yes I did go through the earlier discussion in the mailing list regarding transparent proxy. Hence, I wanted to check if anything has changed in the meanwhile.<br></div>I currently have a simple bridge module in kernel which nats the incoming tcp connections to localhost on a specific port (so that listening client side wanproxy can serve the incoming connection and connect to server side wanproxy).<br></div>I can use that or redsocks as you suggested.<br></div>But assuming I use one of the above two mechanisms (custom bridge kernel module with snat or redsocks), how should I configure wanproxy on both the client and server side?<br><br></div></div>Would be more interested in knowing wanproxy configuration for such a deployment scenario. An example wanproxy config would get me started.<br>If there is some prior experience in redsocks + wanproxy I will be willing to try that quick as well.<br><br></div>Thanks<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 16, 2016 at 11:40 AM, Juli Mallett <span dir="ltr"><<a href="mailto:juli@clockworksquid.com" target="_blank">juli@clockworksquid.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello, Sreenaath,<br>
<br>
Full transparent proxy support is not yet implemented. There is some<br>
missing configuration glue, some of which is fairly substantial. It<br>
could be done in a short period of time, but so far there hasn't quite<br>
been enough interest. Also, there's the matter of the fact that<br>
support for packet interfaces is OS-specific, and where I'm most<br>
familiar with netmap (which would support both FreeBSD and Linux; I've<br>
been maintaining substantial code bases using netmap for years),<br>
there's the matter of users possibly not wanting to be so limited, so<br>
we'd want pcap/BPF as well, and it's a question of which to<br>
prioritize. Netmap also gives you the option of doing your filtering<br>
in another application and using VALE to route packets to the proxy.<br>
And so on. If there's an interest in making that work happen, I'm<br>
willing to do it. I think if you search the mailing list archives you<br>
may find past discussions about this.<br>
<br>
It's possible to use OS-provided features usually to redirect some<br>
connections to WANProxy, so you wouldn't have full transparency, but<br>
also wouldn't require configuration of proxies on each client. I<br>
believe redsocks is one of the more popular mechanisms for routing<br>
traffic into WANProxy, but others may have their own suggestions.<br>
<br>
Thanks,<br>
Juli.<br>
<div><div class="h5"><br>
On Mon, May 16, 2016 at 11:19 AM, sreenaath vasudevan<br>
<<a href="mailto:sreenaathkv@gmail.com">sreenaathkv@gmail.com</a>> wrote:<br>
> Hi<br>
> Has anyone tried to run wanproxy as transparent tcp proxy? Is it possible to<br>
> run wanproxy in transparent proxy mode?<br>
> I saw examples on <a href="http://wanproxy.org" rel="noreferrer" target="_blank">wanproxy.org</a> link @ here showing how to run it via SSH or<br>
> over SOCKS.<br>
> In my case, I want client side wanproxy to run as transparent tcp proxy.<br>
> This will connect to the server side wan proxy (again running as transparent<br>
> proxy) over regular tcp/udp session.<br>
> In other words, Client <-> Server connection will be broken down in to 3<br>
> connections i.e Client <-> Client_Proxy + Client_Proxy <-> Server_Proxy +<br>
> Server_proxy <-> Server.<br>
> I assume this is possible with wanproxy. Just wanted to know if the example<br>
> already covers this or there is some other configuration needed for the<br>
> above example.<br>
><br>
> Thanks !<br>
><br>
> --<br>
> regards<br>
> sreenaath<br>
><br>
</div></div>> _______________________________________________<br>
> wanproxy mailing list<br>
> <a href="mailto:wanproxy@lists.wanproxy.org">wanproxy@lists.wanproxy.org</a><br>
> <a href="http://lists.wanproxy.org/listinfo.cgi/wanproxy-wanproxy.org" rel="noreferrer" target="_blank">http://lists.wanproxy.org/listinfo.cgi/wanproxy-wanproxy.org</a><br>
><br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">regards<br>sreenaath</div>
</div>