What package should i install for proxy

hlhp_beimei · July 26, 2023, 6:35am

How can I make OpenWRT filter traffic by local IP(or MAC address) and route it through a proxy (like Brightdata)? Which package should I use for this?

trendy · July 26, 2023, 7:39am

The preinstalled firewall can intercept packets and forward them to a different destination based on source IP or MAC.

eduperez · July 26, 2023, 8:31am

Looks like you need a "transparent proxy"; I bet you will find many guides, using that search term.

hlhp_beimei · July 26, 2023, 2:54pm

Does that mean that by simply editing the iptables/nftables, I can achieve the transparent proxy? And can I perform all these tasks using Network>Firewall>IP Sets?

reinerotto · July 26, 2023, 4:04pm

No. You can only redir the packets to the proxy, you want to use.
Which should work for http, at least. However, I very doubt, that your Brightdata can process your redirected https traffic.

trendy · July 26, 2023, 11:09pm

If the client is not aware of the https proxy then the intercepted connections will provoke man-in-the-middle-attack warnings and eventually they won't work or will be constantly annoying you about the certificate mismatch.

hlhp_beimei · July 27, 2023, 5:39pm

Thank you for all the help; it has been overwhelming for me.

I'll stick to using the proxy directly on my PC.

Torxgewinde · July 27, 2023, 6:10pm

I would recommend tinyproxy and if that is not enough you might look at squid. Tinyproxy is quite simple, which is an advantage. The Wiki has a bit of information: https://openwrt.org/docs/guide-user/services/proxy/tinyproxy

I recommend to NOT use tinyproxy to create a transparent proxy, but to configure your device-to-be-proxied and tell that device about the proxy.

hlhp_beimei · July 28, 2023, 12:08pm

thank you, i will check them out later.

Torxgewinde · July 28, 2023, 4:42pm

I am using Tinyproxy just as a filtering proxy. Your usecase seems to be covered if you specify an "upstream" proxy, so a second proxy to use.

Assuming you control the devices connected to your network, you can manually configure them to contact Tinyproxy. This setup allows Tinyproxy to send data to the upstream proxy for further processing.

To make sure users can't bypass the proxy easily, you should configure the firewall. It will block any traffic from the user devices you want to force to use the proxy when they try to access the internet directly.

Good luck with your setup!

hlhp_beimei · July 30, 2023, 3:07pm

thank you
i will check it up after doing more researches.

system · August 9, 2023, 3:08pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.