OpenWrt - iptables proxy configuration.

Simple script that redirects http traffic to a proxy server by using iptables.
Redirection only affects lan clients (not the router).
Tested on Kamikaze 8.09.2 configured in sta mode (as wireless client).
If it doesn't work on your OpenWrt version try to replace PREROUTING with prerouting_rule,POSROUTING with postrouting_rule and FORWARD with forwarding_rule.
Also change the LAN variable to your LAN interface - br-lan in my case.


#!/bin/sh

LAN=br-lan
LANIP=$(ifconfig $LAN | awk '/dr:/{gsub(/.*:/,"",$2);print $2}')
INTERNAL_NETWORK=$(echo $LANIP | sed 's/[0-9]*$//g')'0/24'
PROXYIP=$2
PROXYPORT=$3

ConfigProxyOn() {
  echo "HTTP proxy enabled - $PROXYIP:$PROXYPORT"
  iptables -t nat -A PREROUTING -i $LAN -s ! $PROXYIP -p tcp --dport 80 -j DNAT --to $PROXYIP:$PROXYPORT
  iptables -t nat -A POSTROUTING -o $LAN -s $INTERNAL_NETWORK -d $PROXYIP -j SNAT --to $LANIP
  iptables -A FORWARD -s $INTERNAL_NETWORK -d $PROXYIP -i $LAN -o $LAN -p tcp --dport $PROXYPORT -j ACCEPT
}

ConfigProxyOff() {
  iptables -t nat -D PREROUTING -i $LAN -s ! $PROXYIP -p tcp --dport 80 -j DNAT --to $PROXYIP:$PROXYPORT
  iptables -t nat -D POSTROUTING -o $LAN -s $INTERNAL_NETWORK -d $PROXYIP -j SNAT --to $LANIP
  iptables -D FORWARD -s $INTERNAL_NETWORK -d $PROXYIP -i $LAN -o $LAN -p tcp --dport $PROXYPORT -j ACCEPT
}

GetStatus() {
  iptables -t nat -L PREROUTING
  iptables -t nat -L POSTROUTING
  iptables -L FORWARD
}
case "$1" in
       on)
         ConfigProxyOn
       ;;
       off)
         ConfigProxyOff
       ;;
       status)
         GetStatus
       ;;
       *)
echo "Usage: "
echo " Turn on http proxy - proxy.sh on "
echo " Turn off http proxy - proxy.sh off "
echo " Current status - proxy.sh status"
echo
exit 1
esac

0 comments:

Post a Comment