I want to use Charles proxy on all traffic that comes from iOS devices connected to my shared network, without configuring any proxy server settings on devices.
I have created a shared ethernet connection over Wi-Fi on a Mac machine.
I have connected the devices I want to monitor to the shared Wi-Fi.
Charles proxy works fine, but I can only see requests from the Mac, and not from the devices connected to the shared Wi-Fi. If I add manual proxy config on devices, it works fine.
Is there a way to redirect all traffic that goes through the shared Wi-Fi to the proxy server?
Related
I have a local home network (my router) I have a raspberry pi setup as a web server. I do not want the web server to be access from devices outside my home network. I only want local devices to connect to the web server. I belief I am able to do this like (raspberrypi.local). Do I have to port forward on the router for local devices to connect to the pi or is port forwarding used for external devices outside the network
Port forwarding is used to access internal network ports from outside.
What I'm trying to achieve is:
Connect to a VPN as client and route all my internal network's traffic over the VPN.
Run a VPN server, so that people from outside can connect to my internal network and get routed over the a.m. VPN client.
I'm trying to achieve that with a router running dd-wrt (netgear D6200), and / or a raspberry pi.
Can someone tell me if this can be achieved, and if, direct me to what would be a possible solution?
(I'm not looking for a tutorial, just a direction)
Thanks!
This thread probably does not belong here.
Consider using OpenWRT instead of dd-wrt. OpenWRT gives you a usable build system and easier to customize and build. I am not advocating OpenWRT. This can be a stop gap measure.
You can setup a OpenVPN server and OpenVPN client using the standard
documentation available on OpenWRT Wiki and also OpenVPN site.
Add to OpenVPN server.conf the following directive redirect-gateway def1. This will push the default gateway to clients connecting to OpenVPN server. Further, make sure you are using a unique network IP pool for VPN clients and does not clash with the remove VPN server.
Make sure you are masquerading the VPN traffic (Clients of local VPN server) before forwarding to remove VPN server. This can be tricky as this interface does not exist at boot time. It needs to be configured using up and down scripts
Make sure you are allowing traffic (clients of local VPN Server) on VPN interface to be forwarded in your firewall rules
Before setting up the OpenVPN server, make sure
The remove VPN server is pushing the default gateway to your VPN
client
You have setup the firewall correctly
You are able to reach the cloud through the Remote VPN Server. Checking with some site like www.whatismyip.com will help
Yes this is possible with dd-wrt on Netgear.
There is no need of Raspberry (unless you meant to run the remote VPN server on it).
Configure and run VPN server on dd-wrt - and try connectivity by connecting clients. Both tun/tap should work in general (with VPN client running). I tested with tun.
Configure and run VPN client on dd-wrt and try connecting to your VPN server. By default, the router should start directing all traffic (for its own LAN clients) via the VPN server.
So far so good.
The problem comes when you want dd-wrt's VPN clients (and not just LAN clients) to take the same route. With a VPN client running on dd-wrt, dd-wrt's own VPN clients will not be able to connect to the VPN server running on dd-wrt as such. To make it work, see below.
This is only possible via PBR - i.e. you run VPN client on dd-wrt, but take the router itself off this client, and route only specific clients through this VPN client running on dd-wrt.
With some tweaks using subnet masks, it is possible to include all your LAN and VPN IPs in the PBR policy so that everything (except the router itself) routes through the remote VPN server.
The key is to include dd-wrt's VPN clients' virtual IPs in the PBR. While configuring VPN server on dd-wrt, there is a field for specifying the clients' network and netmask.
If you use this network IP and netmask in client process's PBR policy, your (dd-wrt's) VPN clients will be able to connect to the VPN server running on dd-wrt, and will in turn be routed through the remote VPN server to which dd-wrt is connected as a client.
I want to hide our internal LAN IP's(static IPs) behind squid proxy. I have done configuration, now all the traffic are going through squid proxy only. What I assume that after I configure squid no one from outside of our LAN could not able to remote desktop to any local LAN systems, but it is not working as I thought of. I am able to do remote desktop from out side after I configure Proxy server LAN but I shouldn't. what would be the problem, should I do something else with squid? or squid can't do what I want? If not is there any other technology could satisfy my requirement?
My requirement is No one should do remote desktop from outside to our LAN's system. If someone want to do remote desktop to our LAN's system they should be connected over secure connection. we are thinking about LDAP to make secure connection. other then secure connection nothing should be allow.
I hope that am able to explain what I want.
Additional info:
I am using Mikrotik router(final gateway) for our LAN.
Traffic are pass over proxy server which is also connected in our LAN.
In our network a proxy server is used to give all the clients, which are all Windows XP computers, access to the internet. Now, we want setup a Wireless LAN to allow people to connect their own mobile phones, computers, etc. to the internet. However if we simply connect a wireless access point to our network everyone has to configure the proxy server on their devices.
What can I do, that the WLAN router can act as a gateway to the internet using the proxy server?
You can NAT all the traffic destined to port 80 to a proxy machine. This is a so called forced or intercepting proxy.
For example, if you have a RouterOS router, you would simply add a rule
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses=<proxy IP address>
If you proxy other protocols apart from HTTP, you would do the same for them changing the port.
Many proxy solutions can run in intercepting mode (such that you have a machine with two network interfaces that filter all the traffic that is coming through). See this tutorial for setting it up with Squid.
Otherwise, if you already have a proxy server you can use the solution above by placing a router or a server running the routing software between the access point and your network, for example Vyatta or Mikrotik RouterOS (commercial but pretty powerful), some open-source/freeware router/firewall distribution (pfSense, Openwall, m0n0wall, ...) or even a vanilla OpenBSD (with pf firewall) / Linux (with iptables) to achieve the desired effect.
Once you get the straight through routing in place it should be pretty straightforward to setup proxy NAT asnoted above.
You should consider applying this setting on the router that your access-point connects to for it may save you the trouble of setting up a new machine.
This is my application setup.
I have written an application (in Qt ) which will run on a linux computer (Ubuntu). The application accepts requests from web app and sends them to a serial device that is connected to the computer. Also application will send back the response to web app as well. This linux computer is connected to internet via wifi router.
Now my question is, Is there a way (other than port forwarding in wifi router) that I can achieve this functionality. Using port forwarding I can ask the router to forward the requests coming for a particular port to my computer at a particular port and my application would be listening for that. But for that I would have to configure the router and I don't want to do that. Is there a way I can do that automatically?
Thanks,
DPatel
Your issue is traversing non-routable NAT addresses.
UPNP is an option: http://en.wikipedia.org/wiki/Universal_Plug_and_Play
It will automatically configure port forwarding.
There is a library out there called STUNT for this as well:
http://nutss.gforge.cis.cornell.edu/stunt.php