Some of you have probably seen upside-down-ternet this guy did
http://www.ex-parrot.com/~pete/upside-down-ternet.html

As an exercise I'm trying to implement this on the WRT54G. I'm thinking I'll need to install tinyproxy for the redirection then I believe I can use microperl to peform the redirection script. I'll admit I haven't gotten this far yet. I don't see a dhcpd.conf file on the WRT but I'm guessing I could just set up Static IP addresses based on MAC to create the netblock? I'm learning this as I go so if you've got any suggestions they would be appreciated.

I do have libjpeg and jpegtrans installed for doing the picture flipping. Still trying to get a working gifflip to flip the gif files.

Rotfl

Ditto.  I think it's hillarious.

I can see some cool ideas, too - setting the language to something like turkish, or kiswahili for example - redirecting all google searches to http://www.google.co.il/ (or just set up a database of random non-roman aplhabet languages and use those....)

--Yan

Heh. Great. Have you done any success with it?

Still working on it. I've tested the jpeg library and jpegtran so that will flip the images. I think I can install Squid or tinyproxy but I've not tested tinyproxy yet (since it's smaller). All I need is perl and redirection.

I'm trying to get giffflip working for gifs but got a segmentation fault or gifflip not found error when running it.

be sure to write it all here when you got it

Perhaps it's just the newbie, I knew getting into this project I'd be over my head, not knowing anything about setting up a Squid proxy, especially on Openwrt (Perhaps I should do this all in desktop linux environment first) but I can't seem to grasp this statement:

"That machine runs squid with a trivial redirector that downloads images, uses mogrify to turn them upside down and serves them out of it's local webserver."

Is he just saying, I've set up Squid as a transparent proxy and I've set up a rule in the squid.conf to redirect all traffic through this 'simple perl script' (trivial redirector) I've created which uses morgrify to flip the images and then serve them back out using Squid's built-in webserver (aks transparent proxy). I'm trying to understand if a "trivial redirector" is another program to install or just a line in the .conf file that pushes everything through the perl script.

Also, is there a stripped down version of the squid.conf? I've installed squid_2.5.STABLE13-1_mipsel.ipk I believe it's got transparent proxy (something I think I need).

It appears that Tinyproxy only performs rudimentary whitelisting/blacklisting but would be able to run the perl script. Again, being a newbie at this and not knowing the proper terminology makes it difficult to find what I'm looking for.

what about setting up those 2 lans with dnsmasq..? or did you just make that static ip allocations are below *.*.*.100 and dynamic after that..?

I was thinking of using this guys tactic as well.

Im thinking of off-loading it to a backend server though to do all the squid / perl stuff.
Seems like it will be easier that way.

I will be working on this project aswell. I'm doing it for a college assignment, so I have a bit more motivation than most

I'll keep everyone posted.

---Begin Edit---
Keeping in mind that I am running Gentoo, Slackware and Debian (and sometimes Suse), are there any easy HowTo's for backporting existing packages? As you might immagine, I will be needing ImageMagick.
My first tests with Subversion have failed with some sort of SSL crapout (Gentoo, probably my USE flags) and Slackware needs libraries. Next step is Debian.
---End Edit---

Alex.

(Last edited by Lord_Alex on 24 Nov 2006, 12:49)

I was going to use Jpegtrans and giftrans on the WRT since they're smaller and don't require imagemagick. They can be cross-compiled from their respective libraries. This worked but I got pulled off onto something else so I haven't gotten to the proxy part.

(Last edited by beakmyn on 26 Nov 2006, 14:03)

So I have something working for now...

I needed a second computer though
I used Debian. make sure you have perl, squid, dhttpd and a coffee.

in the squid config file (/etc/squid/squid.conf), make sure these directives are set

http_port 80
redirect_program /usr/lib/squid/redirect.pl
redirect_children 2
#http_access allow all
cache_effective_user proxy
cache_effective_group proxy
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

http_access allow all will permit anybody to use your proxy. Prepare to be hijacked if your proxy faces the interweb!
/usr/lib/squid/redirect.pl looks like this:

#!/usr/bin/perl
$|=1;
$count = 0;
$pid = $$;
while (<>) {
        chomp $_;
        if ($_ =~ /(.*\.jpg)/i) {
                $url = $1;
                system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.jpg", "$url");
                system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.jpg");
                print "http://127.0.0.1:8080/images/$pid-$count.jpg\n";
        }
        elsif ($_ =~ /(.*\.gif)/i) {
                $url = $1;
                system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.gif", "$url");
                system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.gif");
                print "http://127.0.0.1:8080/images/$pid-$count.gif\n";

        }
        else {
                print "$_\n";;
        }
        $count++;
}

Make sure to add executable permissions to that

alex@navy $ sudo chmod +x /usr/lib/squid/redirect.pl

And your /var/www directory has to have the right permissions. For me, dhttpd (The web server) is running as www-data:www-data and Squid (the proxy) is running as proxy:proxy. For some reason, it's only working when I chmod the directories 777, so I did this to make everything cool:

alex@navy $ sudo usermod -G proxy www-data
alex@navy $ sudo usermod -G www-data proxy
alex@navy $ sudo chown -R www-data:www-data /var/www
alex@navy $ sudo chmod -R 1777 /var/www

Now you need to make sure the web server is only listening to port 8080 (or whatever you chose in your redirect.pl script). For me, I had to change /etc/default/dhttpd to have OPTIONS="-p8080".

And then (re)start the services to load the new configurations.

# /etc/init.d/dhttpd restart
# /etc/init.d/squid restart

So you need to write an IPTABLES rule for your router to forward all packets coming in on the wireless interface with a destination port of 80 to a computer elsewhere on the LAN which has this imagemagick+squid+dhttpd+perl crap running on it. If you get the rules wrong, you might be completely barred from the router. Yes, I am barred from my router at the moment. That means reflashing it.

Warning!
/var/www/images will fill up quickly with the modified images. I set up a cron job to delete everything at ten-minute intervals. (Or 6 times an hour...)

#min    hour   day      mon     wkday   command
*       */6    *        *       *       rm /var/www/images/*

You might think "what if I delete something being downloaded!?". Linux refuses to suck. Deleting only unlinks the inode, but the process reading it will not notice.

I'm not going to cross-compile ImageMagick and ALL the dependancies just for the school project. But I might later... when I have spare minutes.

(Last edited by Lord_Alex on 4 Dec 2006, 11:25)

make sure you install the packages... I just loaded all the iptables packages with

ipkg install kmod-iptables-extra iptables-extra iptables-utils

Now we want to take all packets from the LAN (which is the bridge - br0) that match a destination port of tcp/80 and hurl them at whatever box is running the Squid server. Logically, if your Squid server is ALSO on the lan interface then it's packets will be rerouted back to itself. So put your Squid on the WAN side of your router, or use a rule to exclude it. (-i br0 -s ! suidproxyIP -p tcp)
Put this code at the end of /etc/firewall.user

### Transparant Proxy
## -- Connections to internet:80 are routed through proxy:80
iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 80 -j DNAT --to squidproxyIP:80
iptables        -A forwarding_rule -i br0 -p tcp --dport 80 -j ACCEPT

Hopefully this helps somebody out there screw around with their interweb

Feel free to question me about anything relating to this project.

-Alex

I am setting this up at home, and am having some squid problems. I have it such that the wireless is available, but once I try to run it through squid, I get some problems.

I have an Ubuntu box with two NICs, eth0 (192.168.2.107) goes to the internet, and eth1 (192.168.5.1) goes to the wireless router. I want to flip all the images on the eth1 traffic.

I do this to set up my iptables:

---------------------------------------------------------------
#clear all
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

#set up NAT
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

#sent to Squid proxy
iptables --table nat --append PREROUTING --in-interface eth1 -p tcp --dport 80 -j DNAT --to 192.168.2.107:80
---------------------------------------------------------------

Everything works fine up until that last line (Namely, I can connect via wireless and browse the web, unflipped). Once I enter that line, I start seeing squid errors on the wireless clients:

------------------------------------------------------
ERROR
The requested URL could not be retrieved

While trying to process the request:

GET / HTTP/1.1
Host: 192.168.2.107
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: testing=1; sid=9228a96093acf06258d85d007c1c4495

The following error was encountered:

    * Invalid Request

Some aspect of the HTTP Request is invalid. Possible problems:

    * Missing or unknown request method
    * Missing URL
    * Missing HTTP Identifier (HTTP/1.0)
    * Request is too large
    * Content-Length missing for POST or PUT requests
    * Illegal character in hostname; underscores are not allowed

Your cache administrator is webmaster.
Generated Sun, 14 Jan 2007 03:47:33 GMT by ubuntu (squid/2.6.STABLE1)
-----------------------------------------------------------

I put some debug statements in the redirect.pl, and as far as I can tell, it runs, but never gets into the while loop.

My squid access.log looks like this:

1168736881.462      1 192.168.5.2 TCP_DENIED/400 1672 GET error:invalid-request - NONE/- text/html

Any ideas?