How to set up routing of https to proxy server on client
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
There are are lot of excellent answers to this question which involve setting iptables routes on the router. However I need to set up the iptables routes on the client.
I'm working on an embedded system. This is connected to the internet using ppp and a GPRS modem. The system runs an application that makes https requests via libcurl.
I now need to route those https requests through a transparent https proxy server hosted somewhere on the internet. I've set up an https proxy with squid and ssl_bump, and I've verified that it's all working as expected.
There are various ways of routing the https requests through the proxy e.g. I can rebuild the application and configure libcurl to use the proxy server via CURLOPT_PROXY. But I'm wondering if it might be simpler and more flexible to set up a route to forward everything sent to the HTTPS port to the proxy.
The closest question I've seen is How do I configure a transparent proxy where the proxy server is remote? but this requires the route to contain the IP address of the client. As this is a GPRS connection which will come and go, the IP address will be unknown and will change from time to time.
iptables proxy ppp
add a comment |Â
up vote
1
down vote
favorite
There are are lot of excellent answers to this question which involve setting iptables routes on the router. However I need to set up the iptables routes on the client.
I'm working on an embedded system. This is connected to the internet using ppp and a GPRS modem. The system runs an application that makes https requests via libcurl.
I now need to route those https requests through a transparent https proxy server hosted somewhere on the internet. I've set up an https proxy with squid and ssl_bump, and I've verified that it's all working as expected.
There are various ways of routing the https requests through the proxy e.g. I can rebuild the application and configure libcurl to use the proxy server via CURLOPT_PROXY. But I'm wondering if it might be simpler and more flexible to set up a route to forward everything sent to the HTTPS port to the proxy.
The closest question I've seen is How do I configure a transparent proxy where the proxy server is remote? but this requires the route to contain the IP address of the client. As this is a GPRS connection which will come and go, the IP address will be unknown and will change from time to time.
iptables proxy ppp
I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
â A.B
Jun 23 at 8:40
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
There are are lot of excellent answers to this question which involve setting iptables routes on the router. However I need to set up the iptables routes on the client.
I'm working on an embedded system. This is connected to the internet using ppp and a GPRS modem. The system runs an application that makes https requests via libcurl.
I now need to route those https requests through a transparent https proxy server hosted somewhere on the internet. I've set up an https proxy with squid and ssl_bump, and I've verified that it's all working as expected.
There are various ways of routing the https requests through the proxy e.g. I can rebuild the application and configure libcurl to use the proxy server via CURLOPT_PROXY. But I'm wondering if it might be simpler and more flexible to set up a route to forward everything sent to the HTTPS port to the proxy.
The closest question I've seen is How do I configure a transparent proxy where the proxy server is remote? but this requires the route to contain the IP address of the client. As this is a GPRS connection which will come and go, the IP address will be unknown and will change from time to time.
iptables proxy ppp
There are are lot of excellent answers to this question which involve setting iptables routes on the router. However I need to set up the iptables routes on the client.
I'm working on an embedded system. This is connected to the internet using ppp and a GPRS modem. The system runs an application that makes https requests via libcurl.
I now need to route those https requests through a transparent https proxy server hosted somewhere on the internet. I've set up an https proxy with squid and ssl_bump, and I've verified that it's all working as expected.
There are various ways of routing the https requests through the proxy e.g. I can rebuild the application and configure libcurl to use the proxy server via CURLOPT_PROXY. But I'm wondering if it might be simpler and more flexible to set up a route to forward everything sent to the HTTPS port to the proxy.
The closest question I've seen is How do I configure a transparent proxy where the proxy server is remote? but this requires the route to contain the IP address of the client. As this is a GPRS connection which will come and go, the IP address will be unknown and will change from time to time.
iptables proxy ppp
asked Jun 21 at 21:38
Simon Elliott
1062
1062
I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
â A.B
Jun 23 at 8:40
add a comment |Â
I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
â A.B
Jun 23 at 8:40
I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
â A.B
Jun 23 at 8:40
I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
â A.B
Jun 23 at 8:40
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
libcurl respect environnement variables http_proxy https_proxy
So this is very simple :
export http_proxy=http://yourproxy.example.com:3128/
export https_proxy=http://yourproxy.example.com:3128/
./my-application-exe
source:
https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
libcurl respect environnement variables http_proxy https_proxy
So this is very simple :
export http_proxy=http://yourproxy.example.com:3128/
export https_proxy=http://yourproxy.example.com:3128/
./my-application-exe
source:
https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html
add a comment |Â
up vote
1
down vote
libcurl respect environnement variables http_proxy https_proxy
So this is very simple :
export http_proxy=http://yourproxy.example.com:3128/
export https_proxy=http://yourproxy.example.com:3128/
./my-application-exe
source:
https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html
add a comment |Â
up vote
1
down vote
up vote
1
down vote
libcurl respect environnement variables http_proxy https_proxy
So this is very simple :
export http_proxy=http://yourproxy.example.com:3128/
export https_proxy=http://yourproxy.example.com:3128/
./my-application-exe
source:
https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html
libcurl respect environnement variables http_proxy https_proxy
So this is very simple :
export http_proxy=http://yourproxy.example.com:3128/
export https_proxy=http://yourproxy.example.com:3128/
./my-application-exe
source:
https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html
answered Jun 24 at 4:20
EchoMike444
3942
3942
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451196%2fhow-to-set-up-routing-of-https-to-proxy-server-on-client%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
â A.B
Jun 23 at 8:40