How to set up routing of https to proxy server on client

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












There are are lot of excellent answers to this question which involve setting iptables routes on the router. However I need to set up the iptables routes on the client.



I'm working on an embedded system. This is connected to the internet using ppp and a GPRS modem. The system runs an application that makes https requests via libcurl.



I now need to route those https requests through a transparent https proxy server hosted somewhere on the internet. I've set up an https proxy with squid and ssl_bump, and I've verified that it's all working as expected.



There are various ways of routing the https requests through the proxy e.g. I can rebuild the application and configure libcurl to use the proxy server via CURLOPT_PROXY. But I'm wondering if it might be simpler and more flexible to set up a route to forward everything sent to the HTTPS port to the proxy.



The closest question I've seen is How do I configure a transparent proxy where the proxy server is remote? but this requires the route to contain the IP address of the client. As this is a GPRS connection which will come and go, the IP address will be unknown and will change from time to time.







share|improve this question



















  • I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
    – A.B
    Jun 23 at 8:40














up vote
1
down vote

favorite












There are are lot of excellent answers to this question which involve setting iptables routes on the router. However I need to set up the iptables routes on the client.



I'm working on an embedded system. This is connected to the internet using ppp and a GPRS modem. The system runs an application that makes https requests via libcurl.



I now need to route those https requests through a transparent https proxy server hosted somewhere on the internet. I've set up an https proxy with squid and ssl_bump, and I've verified that it's all working as expected.



There are various ways of routing the https requests through the proxy e.g. I can rebuild the application and configure libcurl to use the proxy server via CURLOPT_PROXY. But I'm wondering if it might be simpler and more flexible to set up a route to forward everything sent to the HTTPS port to the proxy.



The closest question I've seen is How do I configure a transparent proxy where the proxy server is remote? but this requires the route to contain the IP address of the client. As this is a GPRS connection which will come and go, the IP address will be unknown and will change from time to time.







share|improve this question



















  • I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
    – A.B
    Jun 23 at 8:40












up vote
1
down vote

favorite









up vote
1
down vote

favorite











There are are lot of excellent answers to this question which involve setting iptables routes on the router. However I need to set up the iptables routes on the client.



I'm working on an embedded system. This is connected to the internet using ppp and a GPRS modem. The system runs an application that makes https requests via libcurl.



I now need to route those https requests through a transparent https proxy server hosted somewhere on the internet. I've set up an https proxy with squid and ssl_bump, and I've verified that it's all working as expected.



There are various ways of routing the https requests through the proxy e.g. I can rebuild the application and configure libcurl to use the proxy server via CURLOPT_PROXY. But I'm wondering if it might be simpler and more flexible to set up a route to forward everything sent to the HTTPS port to the proxy.



The closest question I've seen is How do I configure a transparent proxy where the proxy server is remote? but this requires the route to contain the IP address of the client. As this is a GPRS connection which will come and go, the IP address will be unknown and will change from time to time.







share|improve this question











There are are lot of excellent answers to this question which involve setting iptables routes on the router. However I need to set up the iptables routes on the client.



I'm working on an embedded system. This is connected to the internet using ppp and a GPRS modem. The system runs an application that makes https requests via libcurl.



I now need to route those https requests through a transparent https proxy server hosted somewhere on the internet. I've set up an https proxy with squid and ssl_bump, and I've verified that it's all working as expected.



There are various ways of routing the https requests through the proxy e.g. I can rebuild the application and configure libcurl to use the proxy server via CURLOPT_PROXY. But I'm wondering if it might be simpler and more flexible to set up a route to forward everything sent to the HTTPS port to the proxy.



The closest question I've seen is How do I configure a transparent proxy where the proxy server is remote? but this requires the route to contain the IP address of the client. As this is a GPRS connection which will come and go, the IP address will be unknown and will change from time to time.









share|improve this question










share|improve this question




share|improve this question









asked Jun 21 at 21:38









Simon Elliott

1062




1062











  • I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
    – A.B
    Jun 23 at 8:40
















  • I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
    – A.B
    Jun 23 at 8:40















I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
– A.B
Jun 23 at 8:40




I don't know about possible ssl complications. To route a specific port elsewhere, it involves identifying the traffic (usually with iptables -j MARK and/or CONNMARK) and selecting an alternate route (ip rule fwmark + ip route table) for the identified traffic. While this works fine for incoming or routed traffic, for locally initiated outgoing traffic usually the wrong source ip gets chosen so it has also to be nated. So this is a bit messy and there are corner cases with udp. If you can avoid this, you should.
– A.B
Jun 23 at 8:40










1 Answer
1






active

oldest

votes

















up vote
1
down vote













libcurl respect environnement variables http_proxy https_proxy



So this is very simple :



export http_proxy=http://yourproxy.example.com:3128/
export https_proxy=http://yourproxy.example.com:3128/
./my-application-exe


source:
https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html






share|improve this answer





















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451196%2fhow-to-set-up-routing-of-https-to-proxy-server-on-client%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote













    libcurl respect environnement variables http_proxy https_proxy



    So this is very simple :



    export http_proxy=http://yourproxy.example.com:3128/
    export https_proxy=http://yourproxy.example.com:3128/
    ./my-application-exe


    source:
    https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html






    share|improve this answer

























      up vote
      1
      down vote













      libcurl respect environnement variables http_proxy https_proxy



      So this is very simple :



      export http_proxy=http://yourproxy.example.com:3128/
      export https_proxy=http://yourproxy.example.com:3128/
      ./my-application-exe


      source:
      https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html






      share|improve this answer























        up vote
        1
        down vote










        up vote
        1
        down vote









        libcurl respect environnement variables http_proxy https_proxy



        So this is very simple :



        export http_proxy=http://yourproxy.example.com:3128/
        export https_proxy=http://yourproxy.example.com:3128/
        ./my-application-exe


        source:
        https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html






        share|improve this answer













        libcurl respect environnement variables http_proxy https_proxy



        So this is very simple :



        export http_proxy=http://yourproxy.example.com:3128/
        export https_proxy=http://yourproxy.example.com:3128/
        ./my-application-exe


        source:
        https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html







        share|improve this answer













        share|improve this answer



        share|improve this answer











        answered Jun 24 at 4:20









        EchoMike444

        3942




        3942






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451196%2fhow-to-set-up-routing-of-https-to-proxy-server-on-client%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?