My setup:
- Router is a TP-Link C7 v5 running on an OpenWrt 19.07.8 custom image.
- An openssh server runs in it.
Question:
Could I turn my router into a Web browsing proxy for someone at public I.P. address 7.7.7.7 by the following steps.
Step 1. SSH into the router and run (where me
is a user account):
ssh -D 1080 me@localhost
Step 2. Put the following redirect rule in /etc/config/firewall
.
config redirect
option name 'WAN11080_LAN1080'
option target 'DNAT'
option src 'wan'
option src_ip '7.7.7.7'
option src_dport '11080'
list proto 'tcp udp'
option dest 'lan'
option dest_ip '192.168.0.1'
option dest_port '1080'
Step 3. Have the person set his SOCKS5 proxy setting to 1.1.1.1:11080
(where 1.1.1.1
represents my router's public IP address).
I have never filtered a redirect rule by source IP, but notice the following discrepancy.
- While
option src_ip '7.7.7.7'
refers to someone out there trying to use my router for a proxy,option src_dport '11080'
refers to a port on the router. Thus the meaning ofsrc
insrc_ip
andsrc_dport
are different. If this is right, we apparently don't have a filter by the source port used by the person out there on his own machine. - Notice that on the destination side we have no similar discrepancy. The meaning of
dest
indest_ip
anddest_port
are the same (i.e. my router in our example).
This post is a follow up this other post:
Thanks very much.