OpenWrt with Squid proxy using 3G mobile device

Hi All,
I work since 3/4 days on a project and I need to configure an http proxy reachable from internet with the public IP of my box using a 3G mobile phone on the output.
Exemple: Anywhere on the web, witout using it, my IP is : 90.256.X.X, I set the proxy and it switch on the mobile public IP of my phone: 37.25.X.X.

So I install openwrt on a rarspberry, make the usb connection working for my phone.
Rasp01 is connected to ETH0 (My private lan at home) and USB0 (My mobile phone 3G)
I Install squid also on OpenWrt.
I Open the port 3128 on my box and redirect it to my Raspberry.

When I try the proxy from the local network every things work fine...I swtich to 3G mobile public IP adress, when I try to access It from the Internet using My home public IP, nothing work...
I Think it something like route or I don't know what...

Thanks to every body to read and Special thanks to answers :slight_smile:

When I use tcpdump on eth0, I see trames comming from internet, I think i's source routing issue ...

Most squid default configs have rules for allowed network ranges. For good reason.

Can you show us the relevant squid allow section of your config?

You should really use an ssh or other tunnel, port knock or manual allow for specific /32

1 Like

Your inquiry isn't quite clear, but aside from the localnet definitions raised by @anon50098793, you have to consider that most 3g/ 4g ISPs use CGNAT, making it impossible to access your local ressources from the outside - and even those that don't, are very likely silently filter many ports. Unless you're on a rather high-level business contract, it's not very likely that you'll be able to access your IP from the outside at all.

That aside, in today's "https-everywhere" world of the net, proxies have little remaining value for actually caching content (they can't cache any https/ ssl ressources, nor streamed content) - unless you're regularly accessing semi-static content over unencrypted protocols (http, ftp - something like package updates for linux distributions, and even those are increasingly pushing towards https, despite having their own mature authentication and verification methods in place), setting up a proxy likely won't actually improve your situation. Another issue to consider would be that content providers tend to actively check for open proxies, blacklisting your IP(-range) if they get a positive response, you might also end up with criminal- or civil liability cases if external entities hide behind your public IP for their own potentially nefarious purposes.

Depending on your use case, setting up a VPN into your home network (assuming your ISP doesn't filter away open ports/ doesn't use CGNAT) might be a better option.

1 Like

I understand.
Let's forget about 3/4G mobile device.
Imagine that openwrt has 2 WANs network. I come from first wan and want to gt IP of the Second WAN when squid answer.
Is that possible for you ? 2 Ethernet cables link to one openwrt router with 2 WANs / squid proxy
3128 port redirect to private IP on WAN 01 and getting return of IP adress of WAN 02 when proxy set ?

Hello Wally, I totally undestand your issue as I having the same one.

I have a WAN connection with a router where I configured port forwarding so I forward the traffic that comes from Internet to the LAN port of the proxy and the proxy works over 3g connection.

I'm able to make it work from the LAN but not from Internet.

Were you able to solve this issue?