I build router and I want to redirect all traffic via transparent proxy at 127.0.0.1:9040.
traffic via Internet and LAN is redirect correctly, but I can't to force redirect connection under this proxy using IPFW NAT. (Proxy was checked using FireFox)
This is my config:
1. ifconfig, Wlan0 = internet interface, ue0 = LAN interface.
2. /etc/rc.conf
3. /etc/natd.conf
4. /etc/ipfw/ipfw.rules
I tried add into /etc/natd.conf
But despite attempts I can't correctly configure it. At the end does not have to be IPFW and NATD, may be any firewall or whatever other software. Anyone?
IPFW logs: (connection to google.com)
https://pastebin.com/7H29qrx6
edit: Ifconfig from LAN.
traffic via Internet and LAN is redirect correctly, but I can't to force redirect connection under this proxy using IPFW NAT. (Proxy was checked using FireFox)
This is my config:
1. ifconfig, Wlan0 = internet interface, ue0 = LAN interface.
Code:
root@komputer:/home/komputer # ifconfig -a
em0: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
ether e4:11:5b:27:2b:fd
hwaddr e4:11:5b:27:2b:fd
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 24:77:03:22:26:0c
hwaddr 24:77:03:22:26:0c
inet 192.168.43.112 netmask 0xffffff00 broadcast 192.168.43.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet MCS mode 11ng
status: associated
ssid internet channel 6 (2437 MHz 11g ht/20) bssid 64:db:43:49:78:81
regdomain FCC country US authmode WPA2/802.11i privacy ON
deftxkey UNDEF AES-CCM 2:128-bit txpower 30 bmiss 10 scanvalid 60
protmode CTS ampdulimit 64k -amsdutx amsdurx shortgi -stbc wme
roaming MANUAL
groups: wlan
ue0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:e0:4c:53:44:58
hwaddr 00:e0:4c:53:44:58
inet 10.1.1.1 netmask 0xffffff00 broadcast 10.1.1.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
2. /etc/rc.conf
Code:
#ROUTER
ifconfig_ue0="inet 10.1.1.1 netmask 255.255.255.0"
wlans_iwn0="wlan0"
ifconfig_wlan0="WPA DHCP"
dnsmasq_enable="YES"
gateway_enable="YES"
ipdivert_load="YES"
natd_enable="YES"
natd_flags="-f /etc/natd.conf"
dhcpd_enable="YES"
dhcpd_ifaces="ue0"
dhcpd_conf="/usr/local/etc/dhcpd.conf"
3. /etc/natd.conf
Code:
interface wlan0
4. /etc/ipfw/ipfw.rules
Code:
ipfw -q -f flush
ipfw -q add divert natd log all from any to any via lo0
ipfw -q add divert natd log all from any to any via ue0
ipfw -q add divert natd log all from any to any via wlan0
ipfw -q add allow all from any to any
I tried add into /etc/natd.conf
-proxy_only
and -proxy_rule 127.0.0.1:9040
follow via natd() https://www.freebsd.org/cgi/man.cgi?natd but then connection was brake. I suspect as it should be two instances in /etc/natd.conf once for Wlan0 (global network) second for ue0 (LAN) and at ue0 should be used -proxy_only
and -proxy_rule 127.0.0.1:9040
command. Like this:
Code:
log
deny_incoming
verbose
instance default
interface sis0
port 1000
redirect_port tcp 10.0.0.2:122 122
instance sis2
interface sis2
port 2000
redirect_port tcp 10.0.0.2:122 122
globalport 3000
IPFW logs: (connection to google.com)
https://pastebin.com/7H29qrx6
edit: Ifconfig from LAN.
Code:
mint mint # ifconfig -a
enp8s0 Link encap:Ethernet HWaddr 00:19:99:7c:f2:77
inet addr:10.1.1.145 Bcast:10.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::7c57:2d39:28a3:ee24/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12090 errors:0 dropped:0 overruns:0 frame:0
TX packets:11211 errors:0 dropped:0 overruns:0 carrier:0
collisions:13 txqueuelen:1000
RX bytes:9241335 (9.2 MB) TX bytes:1140643 (1.1 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:51142 errors:0 dropped:0 overruns:0 frame:0
TX packets:51142 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3572290 (3.5 MB) TX bytes:3572290 (3.5 MB)