How to route .i2p requests?

nelgin · May 26, 2025, 1:16am

Hi all,

The only other post I found on this subject didn't help much so here's what I'm trying to do.

I have an i2pd proxy running on my lan port 4444. Originally I set my browser up using a proxy plugin to redirect .i2p address to the proxy. However this doesn't work well if using a linux command line, or for other people who may want to access the network.

From what I found, I ended up with this config

dhcp

config domain
        option name 'i2p'
        option ip '127.0.0.1'

firewall

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name '.i2p to i2pd'
        list proto 'tcp'
        option src 'lan'
        option src_dport '80'
        option dest_ip '127.0.0.1'
        option dest_port '4444'
        option extra '-m string --string ".i2p" --algo bm'

First issue, it seems extra is no longer supported since someone decided it was a good idea to switch to nftables that doesn't support this sort of configuration, from what I can tell anyway.

I feel I'm pretty close but just not getting it.

So bottom line is, I want all my devices to be able to access .i2p addresses without the need for any reconfiguration (extra proxy on the router) and the router to be able to access .i2p addresses too, but still be able to access LUCI on port 80 on the router.

I'm open to suggestions at this point.

brada4 · May 26, 2025, 4:50am

Thats after 10 years of no forwarding to loopback in Linux?
Does i2p provide faux net and dns zone like transparent tor?

nelgin · May 26, 2025, 5:06am

I just realized the browser i was testing with also had proxy setup.

No i don't think i2p works like that. Maybe I'm not that familiar with tor.

brada4 · May 26, 2025, 5:58am

similar to this, at least /i2p/127.0.0.1#12345 seems applicable

_bernd · May 26, 2025, 8:05am

I stoped here reading.
Nftables is the official netfilter projects from the Linux Kernel and it is the official successor. It reached it's useable state over 10 years ago. Only because of compatibility reasons so that old grumpy dudes and clueless teens are not whining all day long the project did a really smooth and long transition phase.
Of course Linux programmers have no clue what they are doing.
Maybe next time you read the documentation first and don't jump do wrong conclusions and start with insults against people you don't know and have no idea what they are doing.
Have a good day.

nelgin · May 26, 2025, 8:55am

Eesh, looks a little complicated for something so simple sounding. This would have been done in 10 minutes with iptables, I'm pretty sure. Oh well.

The next thing I looked at was using nginx. I'm more of an Apache person so not familiar with nginx to really delve into it. It seems luci is getting in the way. I have removed the redirection on port 80 and configured .i2p requests to be forwarded to 192.168.168.254 port 4444 however it always redirects the url to http://reg.i2p/cgi-bin/luci/

I guess this is all done in /etc/nginx/conf.d/luci.locations and I don't really want to mess with this, assuming it'll get overwritten at some point during an update?

Am I going down the wrong path here?