Page 4 of 4

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Tue Dec 16, 2014 21:12
by sovereignpress
I have been using this setup for about a year. HTTP and HTTPS work perfect.
proper wrote:I mean, you first use iptables to redirect all the systems traffic ("Trans data stream") to redsocks, and redsocks forwards it to JonDo's http port (default: 4001)? (Obviously, JonDo's traffic however must be allowed to connect the open internet. Be it run as as special user or on a gateway [vm] machine.) Right?
No need for Virtual Machine.

In my diagram, it is Redsocks that intercepts a given port and forwards it to a transport.

The same setup applies to SSH, Tor, JonDo, et al.

No leaks whatsoever.

You can even anonymize Bittorent with no leaks.

To use JonDo free services with Redsocks, you have to use the http-connect protocol, not SOCKS.

Remember, the free services do not support SOCKS, so in Redsocks you cannot use SOCKS. Use http-connect. For the premium services, you should use SOCKS5.

For performance reasons, the free services are not recommend, as it is slow.

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Tue Dec 16, 2014 23:07
by proper
sovereignpress wrote:No leaks whatsoever.
Hard to say without any iptables to compare with.
To use JonDo free services with Redsocks, you have to use the http-connect protocol, not SOCKS.

Remember, the free services do not support SOCKS, so in Redsocks you cannot use SOCKS. Use http-connect. For the premium services, you should use SOCKS5.
Indeed. Just remembered. JonDo free also supports http-connect.

But with JonDo free, you will be only able to connect to ports 80 and 443? An inherited limitatiation by JonDo free?

How do you resolve DNS? Using a public DNS server?

Because to my research a few years ago ([general, any proxy] see https://www.whonix.org/wiki/Dev/Inspira ... ing_Method) it was not possible without using a public DNS server.

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Posted: Tue Aug 16, 2016 13:25
by heddha
Could someone tell me why it's important to configure iptables for a different user than the one JonDo runs on?