Page 3 of 4

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Wed Apr 25, 2012 13:47
by cane
Thanks for your comments. I will a look at Dante.

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Thu Jun 21, 2012 4:53
by proper
1. Any updates about Dante?

2. By the way redsocks does also support UDP, and redsocks is imho much more easy to configure.

3. I successfully managed to connect to http://check.torproject.org (and other http sites) using transparent proxying. Showed a jondo IP.

Brief setup:
- redsocks and jondoconsole were running under a linux user account redsocks, which was privileges to establish direct connections.
- iptables redirected all other users traffic to redsocks IP 127.0.0.1 port 12345
- redsocks redirected the traffic to IP 127.0.0.1 port 4001 proxy type http-relay
- proxy type http-connect did not work at all

Like said above, I could only access http sites. I couldn't access https sites. Redsocks output: "accepted, malformed request came, httpr_toss_http_firstline, dropping client".

Are you interested at all in allowing jondo free cascade to transparently proxy? It's a business decision.

If you are interested I can sketch down the setup more comprehensive (step by step instructions, complete configuration files, etc.)... And perhaps we were able to get https working as well.

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Thu Jun 21, 2012 20:51
by cane
Any updates about Dante?
No - sorry. I did not found the time for this.

I will try redsocks tomorrow and have a look. May be, it is a better solution than transocks_ev.

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Mon Dec 15, 2014 22:49
by proper
Any updates?

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Tue Dec 16, 2014 11:40
by sovereignpress
Redsocks is better than transocks_ev.

Redsocks supports UDP, but it is worthless, because Tor and JonDo do not support UDP. It will not work.

You can add UDP support to a SSH, and use a SSH as a SOCKS5 transparent proxy with UDP support.

You can use JonDo free cascades as a transparent proxy.

Also, I would add, that the transparent proxy configurations commonly cited on the web are wrong, and they all leak.

Even the JonDo transparent transocks_ev instructions cited on the web page leak.

Even the transparent proxy instructions for Tor (from what I recall) leak, and are known to leak.

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Tue Dec 16, 2014 18:09
by proper
sovereignpress wrote:Redsocks is better than transocks_ev.
You can use JonDo free cascades as a transparent proxy.
How?
Any instructions somewhere?

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Tue Dec 16, 2014 18:39
by sovereignpress
proper wrote:
sovereignpress wrote:Redsocks is better than transocks_ev.
You can use JonDo free cascades as a transparent proxy.
How?
Any instructions somewhere?
How is it better? Basically, it is a more advanced socksifier, it has better features, and it is easier to use.

In my opinion, Redsocks is the best socksifer available.

Instructions?

For what?

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Tue Dec 16, 2014 19:01
by proper
Before rehashing this... Have you read the whole thread?

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Tue Dec 16, 2014 19:20
by sovereignpress
proper wrote:Before rehashing this... Have you read the whole thread?
Yes, I have.

Redsocks is better than transocks_ev. It is also faster and easier to use.

But if you are looking for UDP support, you can forget it, whether you use Redsocks or Dante, because no proxy I am aware of supports UDP. The Tor network does not support UDP and neither does JonDo.

When Tor adds UDP support, then it will work.

JonDo can be used as a transparent proxy even without the premium services and with no leaks, with regular Debian, Ubuntu, et al.

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Tue Dec 16, 2014 19:33
by proper
Okay, agreed, so we're on the same page now. Let's ignore UDP for now.

Stricly speaking about JonDo free...
JonDo can be used as a transparent proxy even without the premium services and with no leaks, with regular Debian, Ubuntu, et al.
How?
Any instructions for this?
Did you actually succeed doing this?
Successfully connected to http sites?
Successfully connected to https sites?

I mean, you first use iptables to redirect all the systems traffic ("Trans data stream") to redsocks, and redsocks forwards it to JonDo's http port (default: 4001)? (Obviously, JonDo's traffic however must be allowed to connect the open internet. Be it run as as special user or on a gateway [vm] machine.) Right?

My conclusion a few years ago was...
redsocks can also accept "Trans data streams" and can forward them to https, socks4 and socks5 proxies. If you were to use a http proxy (no https, without connect-method, see proxy article), you could access only http sites, no https sites. Rather redsocks can convert UDP DNS queries to TCP DNS queries.
What do you think?