PageViews: 935 hits / 129 nets

Transparent Proxy by DeleGate

Yutaka Sato
May 16, 2008

DeleGate/9.8.2 supported a transparent proxying mode for any application protocol on TCP and UDP. [1] It is implemented using the SO_ORIGINAL_DST option of the socket API together with NAT by iptables.

              [x.x.x.x:a]        [y.y.y.y:b]        [x.x.x.x:a]
               /                  /                  /
  Client --------> Iptables --------> DeleGate --------> Server
 \_hostA_/         \_________hostX___________/          \_hostB_/
  SERVER=protocol://odst.-:-
  delegated -P8021 SERVER=ftp://odst.-:-
  ftp://x.x.x.x:21
  delegated -P8021 SERVER=ftp://x.x.x.x:21

Example: Forwading connections to a SOCKS server [2]

             [x.x.x.x:a]         [y.y.y.y:b]    SOCKS              [x.x.x.x:a]
              /                   /             /                   /
  Client --------> Iptables --------> DeleGate ====> DeleGate --------> Server
 \_hostA_/         \_________hostX___________/      \_hostY_/         \_hostB_/
The following example shows the outline of how to configure routing and proxying:
  hostA
    route add default gw hostX

  hostX
    iptables -t nat -N eth0-X
    iptables -t nat -F eth0-X
    iptables -t nat -A eth0-X -i eth0 -p tcp -d 0/0 --dport 21 -j REDIRECT --to 9999
    iptables -t nat -A PREROUTING -j eth0-X
    iptables -t nat -L eth0-X -n -v

    delegated -P9999 SERVER=tcprelay://odst.-:- SOCKS=hostY:1080

  hostY
    delegated -P1080 SERVER=socks