using local dns to allow domain based transparent proxy
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I am from iran and some websites are blocked for iranian ips (like nvidia and intel and so on).
there is this website that advertise that I can access those domains buy just changing my dns to theirs.
so I tried and I saw this:
me@laptop ~> drill devtalk.nvidia.com @94.232.174.194
devtalk.nvidia.com. 300 IN CNAME uk4.shecan.ir.
uk4.shecan.ir. 134 IN A 5.226.141.227
the shecan.ir the the the site that advertise that.
now legality of what their doign aside how this works?
do they just redirect traffic to those sites from a non-iranian ip (uk4.shecan.ir 5.226.141.227) so in effect it is just a proxy.
but they dont proxy all the domains just the blocked one.
I am asking this because I wanted to do this for my self on my router but whatever https transparent proxy that I tried cant differentiate between domains. Do they do this with ips?
so when I use their dns service they give me a dns answer and I connect to that I send my request to that but how do they diff between the domains?
do they use different IPs for all those blocked domains?
is that feasible?
can I do this on my own router?
basically I am trying to test this:
use my dnsmasq to give local IP for the blocked sites(blocked by my isp)
then use iptable on that lan machine to transparently proxy all the traffic via tor.
but my issue is does this work with me giving local destination for blocked domains?
I am doing all this so that I don't have to proxy all my traffic and just proxy the needed domains.
linux dns proxy
add a comment |
up vote
0
down vote
favorite
I am from iran and some websites are blocked for iranian ips (like nvidia and intel and so on).
there is this website that advertise that I can access those domains buy just changing my dns to theirs.
so I tried and I saw this:
me@laptop ~> drill devtalk.nvidia.com @94.232.174.194
devtalk.nvidia.com. 300 IN CNAME uk4.shecan.ir.
uk4.shecan.ir. 134 IN A 5.226.141.227
the shecan.ir the the the site that advertise that.
now legality of what their doign aside how this works?
do they just redirect traffic to those sites from a non-iranian ip (uk4.shecan.ir 5.226.141.227) so in effect it is just a proxy.
but they dont proxy all the domains just the blocked one.
I am asking this because I wanted to do this for my self on my router but whatever https transparent proxy that I tried cant differentiate between domains. Do they do this with ips?
so when I use their dns service they give me a dns answer and I connect to that I send my request to that but how do they diff between the domains?
do they use different IPs for all those blocked domains?
is that feasible?
can I do this on my own router?
basically I am trying to test this:
use my dnsmasq to give local IP for the blocked sites(blocked by my isp)
then use iptable on that lan machine to transparently proxy all the traffic via tor.
but my issue is does this work with me giving local destination for blocked domains?
I am doing all this so that I don't have to proxy all my traffic and just proxy the needed domains.
linux dns proxy
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am from iran and some websites are blocked for iranian ips (like nvidia and intel and so on).
there is this website that advertise that I can access those domains buy just changing my dns to theirs.
so I tried and I saw this:
me@laptop ~> drill devtalk.nvidia.com @94.232.174.194
devtalk.nvidia.com. 300 IN CNAME uk4.shecan.ir.
uk4.shecan.ir. 134 IN A 5.226.141.227
the shecan.ir the the the site that advertise that.
now legality of what their doign aside how this works?
do they just redirect traffic to those sites from a non-iranian ip (uk4.shecan.ir 5.226.141.227) so in effect it is just a proxy.
but they dont proxy all the domains just the blocked one.
I am asking this because I wanted to do this for my self on my router but whatever https transparent proxy that I tried cant differentiate between domains. Do they do this with ips?
so when I use their dns service they give me a dns answer and I connect to that I send my request to that but how do they diff between the domains?
do they use different IPs for all those blocked domains?
is that feasible?
can I do this on my own router?
basically I am trying to test this:
use my dnsmasq to give local IP for the blocked sites(blocked by my isp)
then use iptable on that lan machine to transparently proxy all the traffic via tor.
but my issue is does this work with me giving local destination for blocked domains?
I am doing all this so that I don't have to proxy all my traffic and just proxy the needed domains.
linux dns proxy
I am from iran and some websites are blocked for iranian ips (like nvidia and intel and so on).
there is this website that advertise that I can access those domains buy just changing my dns to theirs.
so I tried and I saw this:
me@laptop ~> drill devtalk.nvidia.com @94.232.174.194
devtalk.nvidia.com. 300 IN CNAME uk4.shecan.ir.
uk4.shecan.ir. 134 IN A 5.226.141.227
the shecan.ir the the the site that advertise that.
now legality of what their doign aside how this works?
do they just redirect traffic to those sites from a non-iranian ip (uk4.shecan.ir 5.226.141.227) so in effect it is just a proxy.
but they dont proxy all the domains just the blocked one.
I am asking this because I wanted to do this for my self on my router but whatever https transparent proxy that I tried cant differentiate between domains. Do they do this with ips?
so when I use their dns service they give me a dns answer and I connect to that I send my request to that but how do they diff between the domains?
do they use different IPs for all those blocked domains?
is that feasible?
can I do this on my own router?
basically I am trying to test this:
use my dnsmasq to give local IP for the blocked sites(blocked by my isp)
then use iptable on that lan machine to transparently proxy all the traffic via tor.
but my issue is does this work with me giving local destination for blocked domains?
I am doing all this so that I don't have to proxy all my traffic and just proxy the needed domains.
linux dns proxy
linux dns proxy
edited Dec 5 at 16:17
Romeo Ninov
5,06231727
5,06231727
asked Dec 5 at 16:06
user3111875
1
1
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Yes, you can do that on your own router. The dnsmasq
running on your router uses the /etc/hosts
file on the router, so you have to edit this file, enter the domains you want to re-route, and give them (different) IP addresses from the private range.
Then you need the iptables
rules to DNAT them to their real address, and sent them out via the tor interface.
This will be a bit of a hassle to manage when IP addresses for domains change, because you'll have to update your configuration.
An alternative would be to use a different network namespace on your PC, start two browsers (one in the main namespace, one in the new namespace), wire up the namespace to use tor as a gateway, and in this way differentiate between traffic you want proxied, and traffic you can do directly.
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
Dec 7 at 21:48
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
Dec 8 at 8:24
then how those guys in my example do it?
– user3111875
Dec 8 at 8:50
As I wrote: with a customized DNS server. After all, you just "change your DNS to theirs", as you wrote in your question. And yes, you can write your own, too. Though that's probably not the variant with the least effort (unless someone has already written something like it, and made it open-source).
– dirkt
Dec 9 at 11:04
so just using dnsmasq to assign ip (local) to them is not enought?
– user3111875
Dec 9 at 12:39
|
show 1 more comment
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f486183%2fusing-local-dns-to-allow-domain-based-transparent-proxy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Yes, you can do that on your own router. The dnsmasq
running on your router uses the /etc/hosts
file on the router, so you have to edit this file, enter the domains you want to re-route, and give them (different) IP addresses from the private range.
Then you need the iptables
rules to DNAT them to their real address, and sent them out via the tor interface.
This will be a bit of a hassle to manage when IP addresses for domains change, because you'll have to update your configuration.
An alternative would be to use a different network namespace on your PC, start two browsers (one in the main namespace, one in the new namespace), wire up the namespace to use tor as a gateway, and in this way differentiate between traffic you want proxied, and traffic you can do directly.
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
Dec 7 at 21:48
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
Dec 8 at 8:24
then how those guys in my example do it?
– user3111875
Dec 8 at 8:50
As I wrote: with a customized DNS server. After all, you just "change your DNS to theirs", as you wrote in your question. And yes, you can write your own, too. Though that's probably not the variant with the least effort (unless someone has already written something like it, and made it open-source).
– dirkt
Dec 9 at 11:04
so just using dnsmasq to assign ip (local) to them is not enought?
– user3111875
Dec 9 at 12:39
|
show 1 more comment
up vote
0
down vote
Yes, you can do that on your own router. The dnsmasq
running on your router uses the /etc/hosts
file on the router, so you have to edit this file, enter the domains you want to re-route, and give them (different) IP addresses from the private range.
Then you need the iptables
rules to DNAT them to their real address, and sent them out via the tor interface.
This will be a bit of a hassle to manage when IP addresses for domains change, because you'll have to update your configuration.
An alternative would be to use a different network namespace on your PC, start two browsers (one in the main namespace, one in the new namespace), wire up the namespace to use tor as a gateway, and in this way differentiate between traffic you want proxied, and traffic you can do directly.
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
Dec 7 at 21:48
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
Dec 8 at 8:24
then how those guys in my example do it?
– user3111875
Dec 8 at 8:50
As I wrote: with a customized DNS server. After all, you just "change your DNS to theirs", as you wrote in your question. And yes, you can write your own, too. Though that's probably not the variant with the least effort (unless someone has already written something like it, and made it open-source).
– dirkt
Dec 9 at 11:04
so just using dnsmasq to assign ip (local) to them is not enought?
– user3111875
Dec 9 at 12:39
|
show 1 more comment
up vote
0
down vote
up vote
0
down vote
Yes, you can do that on your own router. The dnsmasq
running on your router uses the /etc/hosts
file on the router, so you have to edit this file, enter the domains you want to re-route, and give them (different) IP addresses from the private range.
Then you need the iptables
rules to DNAT them to their real address, and sent them out via the tor interface.
This will be a bit of a hassle to manage when IP addresses for domains change, because you'll have to update your configuration.
An alternative would be to use a different network namespace on your PC, start two browsers (one in the main namespace, one in the new namespace), wire up the namespace to use tor as a gateway, and in this way differentiate between traffic you want proxied, and traffic you can do directly.
Yes, you can do that on your own router. The dnsmasq
running on your router uses the /etc/hosts
file on the router, so you have to edit this file, enter the domains you want to re-route, and give them (different) IP addresses from the private range.
Then you need the iptables
rules to DNAT them to their real address, and sent them out via the tor interface.
This will be a bit of a hassle to manage when IP addresses for domains change, because you'll have to update your configuration.
An alternative would be to use a different network namespace on your PC, start two browsers (one in the main namespace, one in the new namespace), wire up the namespace to use tor as a gateway, and in this way differentiate between traffic you want proxied, and traffic you can do directly.
answered Dec 6 at 15:54
dirkt
16.4k21335
16.4k21335
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
Dec 7 at 21:48
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
Dec 8 at 8:24
then how those guys in my example do it?
– user3111875
Dec 8 at 8:50
As I wrote: with a customized DNS server. After all, you just "change your DNS to theirs", as you wrote in your question. And yes, you can write your own, too. Though that's probably not the variant with the least effort (unless someone has already written something like it, and made it open-source).
– dirkt
Dec 9 at 11:04
so just using dnsmasq to assign ip (local) to them is not enought?
– user3111875
Dec 9 at 12:39
|
show 1 more comment
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
Dec 7 at 21:48
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
Dec 8 at 8:24
then how those guys in my example do it?
– user3111875
Dec 8 at 8:50
As I wrote: with a customized DNS server. After all, you just "change your DNS to theirs", as you wrote in your question. And yes, you can write your own, too. Though that's probably not the variant with the least effort (unless someone has already written something like it, and made it open-source).
– dirkt
Dec 9 at 11:04
so just using dnsmasq to assign ip (local) to them is not enought?
– user3111875
Dec 9 at 12:39
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
Dec 7 at 21:48
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
Dec 7 at 21:48
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
Dec 8 at 8:24
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
Dec 8 at 8:24
then how those guys in my example do it?
– user3111875
Dec 8 at 8:50
then how those guys in my example do it?
– user3111875
Dec 8 at 8:50
As I wrote: with a customized DNS server. After all, you just "change your DNS to theirs", as you wrote in your question. And yes, you can write your own, too. Though that's probably not the variant with the least effort (unless someone has already written something like it, and made it open-source).
– dirkt
Dec 9 at 11:04
As I wrote: with a customized DNS server. After all, you just "change your DNS to theirs", as you wrote in your question. And yes, you can write your own, too. Though that's probably not the variant with the least effort (unless someone has already written something like it, and made it open-source).
– dirkt
Dec 9 at 11:04
so just using dnsmasq to assign ip (local) to them is not enought?
– user3111875
Dec 9 at 12:39
so just using dnsmasq to assign ip (local) to them is not enought?
– user3111875
Dec 9 at 12:39
|
show 1 more comment
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f486183%2fusing-local-dns-to-allow-domain-based-transparent-proxy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown