Configuration proxy transparent par script perl

De Wiki de Romain RUDIGER
Aller à : navigation, rechercher


regles iptables

# Generated by iptables-save v1.3.8 on Wed Oct 22 13:02:49 2008
*nat
:PREROUTING ACCEPT [12:752]
:POSTROUTING ACCEPT [4:286]
:OUTPUT ACCEPT [3:201]
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "DNAT dns vers dns.polytech.univ-nantes.prive" -j DNAT --to-destination 172.19.0.4:53 
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "DNAT dns vers dns.polytech.univ-nantes.prive" -j DNAT --to-destination 172.19.0.4:53 
-A PREROUTING -p tcp -m multiport --dports 80,443 -m comment --comment "DNAT http/https vers proxy local (port tcp 3130)" -j REDIRECT --to-ports 3130 
-A POSTROUTING -o eth0 -p udp -m udp --dport 53 -j MASQUERADE 
-A POSTROUTING -o eth0 -p tcp -m tcp --dport 53 -j MASQUERADE 
-A POSTROUTING -o eth0 -p tcp -m tcp --dport 80 -j MASQUERADE 
-A POSTROUTING -o eth0 -p tcp -m tcp --dport 443 -j MASQUERADE 
-A POSTROUTING -o eth0 -p tcp -m tcp --dport 3128 -j MASQUERADE 
COMMIT
# Completed on Wed Oct 22 13:02:49 2008
# Generated by iptables-save v1.3.8 on Wed Oct 22 13:02:49 2008
*filter
:INPUT ACCEPT [420:87782]
:FORWARD ACCEPT [823:484061]
:OUTPUT ACCEPT [467:419795]
-A OUTPUT -s 1.2.3.1 -o eth0 -j DROP 
-A OUTPUT -s 10.0.0.0/255.255.255.0 -o eth0 -j DROP 
-A OUTPUT -s 169.0.0.0/255.255.255.252 -o eth0 -j DROP 
-A OUTPUT -s 192.168.2.0/255.255.255.0 -o eth0 -j DROP 
COMMIT
# Completed on Wed Oct 22 13:02:49 2008

le tunnel ip :

ip tunnel add ipip0 mode ipip remote 169.0.0.1 local 66.0.0.1
ip link set ipip0 up
ip addr add 1.2.3.2 peer 1.2.3.1 dev ipip0

script perl par Rémi LEHN en écoute sur la boucle local port tcp 3130 :

#!/usr/bin/perl
#

use HTTP::Daemon;
use HTTP::Status;
use LWP::UserAgent;
use URI;

my $ua = LWP::UserAgent->new;
$ua->timeout(10);
$ENV{'http_proxy'} = 'http://172.19.1.12:3128/';
$ENV{'HTTP_PROXY'} = $ENV{'http_proxy'};
$ua->env_proxy;

my $d = HTTP::Daemon->new(LocalPort => 3130) || die;

print "Please contact me at: <URL:", $d->url, ">\n";

while (my $c = $d->accept) {
    if(!(my $pid = fork)) {
      while (my $req = $c->get_request) {

          my $uri = new URI($req->uri);
          unless(length($uri->scheme) > 0) {
            $req->uri('http://'.$req->header('Host').$req->uri);
          }

          warn "--- Requête : ---\n".$req->as_string."-----\n";

          my $res = $ua->request($req);

          warn "--- Réponse : --- ".$res->status_line." ---\n\n";
        
          $c->send_response($res);
      }
      exit(0);
    }
    $c->close;
    undef($c);
}