Transparent Proxy Server

Started by shunt010

Transparent Proxy Server   21 June 2006, 01:41

I'm playing at the moment with the beta version of the bandwidth manager.

I can't seem to get the transparent proxy option to work.

I'm testing it on a local connection, by trapping all port 80 traffic. That's working, because simply leaving it at that allows me to slow down the internet.

I've then set up a proxy server that forwards onto another proxy server on a non-standard port. That works too (Jana proxy server going to another proxy on port 8080). I can test that by pointing firefox straight at my local proxy.

When I turn on the port 80 capture, to redirect all traffic to my local port 3128 (jana), it then stops and doesn't work.

When I also test is by forwarding port 80 onto a HTTP server on port 70 locally, in theory all web pages should turn into my local web host. But that also doesn't work.

Any help?!?

Re: Transparent Proxy Server   21 June 2006, 01:56

Having played with it some more, it doesn't even seem to be opening up the local port that I've specified.

I've tried it with a simple VB program listening port 1234.

Telnetting in connects the port, then the port goes disconnected once I disconnect (not back to listening).

When I set the port forwarding onto local port 1234 (after put the winsock back to listening), I try to load up a web-page.

The port stays listening (no connection attempts made), and firefox sits there like a lemon, saying "attempting to connect", as if the server isn't responding.

Ideas?
SoftPerfect Support forum - Andrew avatar image

Re: Transparent Proxy Server   21 June 2006, 02:02

Are you using the bridging feature? Also please post your full ruleset here (export it to a .XML file, then compress into ZIP and attach to your message). The feature you are trying to use has been tested for a short time, so unexpected behaviour can occur, but we are interested to discover and fix any problems asap.

Re: Transparent Proxy Server   21 June 2006, 02:07

Attached is my file for you to look through.
Attachments:
open | download – port80_redirect.zip (609 bytes)

Re: Transparent Proxy Server   21 June 2006, 02:34

Out of interest, can anyone recommend a better proxy server than Jana? I want one that will cache files, and supports a decent number of simultaneous connections.

Jana only supports 30 connections, and although it "caches" files, every time you visit the site it insists on downloading the file in full anyway, so it doesn't really work at all.


Also, on the port 80 redirect, would it be possible to make it so the port 80 redirect is standard as part of the rule? Otherwise I would need 2 rules for every client, and the bandwidth throttling would be all wrong, and nothing really would work properly, but if you could, when you select "process through the following mapping", select which port(s) the mapping should work for, or perhaps even set that in the mapping rule, that would be better, otherwise you need one rule for port 80 redirect, and another rule for all other ports to work, with the problem that users could get 512k on other ports and 512k into the proxy, which isn't at all ideal.

Anyone help me out here?
SoftPerfect Support forum - Andrew avatar image

Re: Transparent Proxy Server   21 June 2006, 02:53

I understood what's wrong (due to the bandwidth manager internals). Ports mapping and redirection works only for incoming connections to the host to simplify the internal architecture and avoid dead loops.

For example, if the bandwidth manager would process all local and external connections, and you make a rule like yours to port 80, there can be a dead loop. The bandwidth manager catches a connection local to port 80, redirects it to the proxy and then the proxy tries to connect to port 80. We've got an infinite loop.

To test the mapping feature, you need at least two computers (or a real and virtual VMWare). Let your computer to be a server (A) and another computer to be a client (B). The server is conneced to the Internet via modem or something else. The client B is connected to the server A. With the bandwidth manager you can catch its HTTP queries once they arrive to the server and redirect to the proxy port.

As a proxy, I'd recommend Squid. It is free and powerful software but configurable with text config files. If you aren't afraid of them, probably it'd the best choice smile

I got your idea regarding two separate rules and it sounds right. I'll keep you posted regarding it.

Re: Transparent Proxy Server   21 June 2006, 02:57

Right, now that makes sense.

Would it be possible to over-ride the "protection" feature anyway so I can test it out, so if I get a loop it's my lookout (which is why I'm using Jana to forward onto another external proxy not on port 80, so I don't get the loop).

If it's protected like that as well, does that mean it's not possible to run a local web server and get the pages to end up at the local server?
SoftPerfect Support forum - Andrew avatar image

Re: Transparent Proxy Server   21 June 2006, 04:14

Protection is not the only reason. In this way the bandwidth manager internals are slightly simpler, so it is not possible implement it now. What you could do is to use a virtual machine like VMWare (btw, VMWare player is free). If installed, it should use 'bridged networking' options. Once this is done, you can test by connecting from inside of the virtual machine.

It is possible to run the web-server locally with a simple trick. First you add a rule like this:
Rule #1: Local server
 Protocol: TCP/UDP
 Direction: Both
 Rate: Unlimited
 Source: 192.168.0.0 - 192.168.0.255
 Destination: local host

Rule #2: Redirect linked with the mapping
 Protocol: TCP/UDP
 Direction: Both
 Rate: Unlimited
 Source: 192.168.0.0 - 192.168.0.255
 Destination: Any IP address
In this way, the first rule permits the local users to access to the local server without applying the mapping. Similarly, the second rule applies when the first rule does not trigger, and uses the mapping.

Sometimes you can get the answer faster if you try the forum search and/or have a look at the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 **    **  **     **  **    **  **      **  ******** 
  **  **   **     **  **   **   **  **  **  **       
   ****    **     **  **  **    **  **  **  **       
    **     **     **  *****     **  **  **  ******   
    **      **   **   **  **    **  **  **  **       
    **       ** **    **   **   **  **  **  **       
    **        ***     **    **   ***  ***   ******** 

Message: