Proxify all the traffic of a wifi router

D

DerVenek

New Member
Joined
Aug 20, 2024
Messages
9
Reaction score
2
Credits
147
Hello, I don't know if it's possible to do so, but I need to do it this way, this is not an X, Y problem.

I need to redirect all the traffic from a router to go through a proxy server.

I know there is some routers that allows me to setup a VPN connection but this is not the case.

I need to know if it's possible this scenario.

In my head it looks like this: I will have the router I want to proxify every client request, connected to a network card my main server will have, this server must have another network card to it can actually send the requests but instead of sending them to the ISP directly, it sends it to my proxy server. So the server will act as a man in the middle redirecting all the router requests to the proxy server, using my ISP to connect to that proxy server.

Something like this:

Untitled.png

I have the neccesary equipment (I guess) but I have no clue on how to do it. Can somebody point me in the right direction or guide me to try to run it? I think this could be made with iptables but I don't have the knowledge to do it by myself and as you may guess, ChatGPT and all those models are kinda garbage when the scenario is a bit complex.

Thanks in advance if somebody actually wants to help me!
 


Idk if I fully understand the issue here but it sounds like you would just need to port forward 80 and 443 traffic to your reverse proxy IP to be managed. This would traffic all HTTP and HTTPS traffic to the proxy server.

Use NGNIX/Apache as your reverse proxy. You'll either need a dedicated machine or dedicated VM server to do so.

Or, as you'd mentioned a quality router that offers VPN server/client setup at the router level is a convenient option. For example my router enables me to set up various VPN server/client options by using my VPN user credentials and importing config files directly to the router. This then provides you with the option to toggle the VPN on for any/all devices you choose based on the VPN configuration.
 
You can tell your proxy server to run on a different subnet and perform Network Address Translation which will hide all of the host addresses behind it so all of the traffic looks like it is coming from the server instead. You can run something like OpenVPN on your server to send all traffic to a VPN entry node first. You can enforce this with nftables to provide a "kill switch" to make sure network traffic stops if the VPN connection fails. Your modem will have its own router inside of it. The traffic will be sent to your ISP first, for this is a necessity if you want to access the Internet, and then from there to the VPN entry node. After that your VPN will send the traffic to wherever it needs to go. You will need a configuration file for OpenVPN from your VPN provider. Be definition a "proxy" is not encrypted, but merely relays the traffic through another host. A VPN is an encrypted proxy.

Signed,

Matthew Campbell
 
Trenix25 said:
You can tell your proxy server to run on a different subnet and perform Network Address Translation which will hide all of the host addresses behind it so all of the traffic looks like it is coming from the server instead. You can run something like OpenVPN on your server to send all traffic to a VPN entry node first. You can enforce this with nftables to provide a "kill switch" to make sure network traffic stops if the VPN connection fails. Your modem will have its own router inside of it. The traffic will be sent to your ISP first, for this is a necessity if you want to access the Internet, and then from there to the VPN entry node. After that your VPN will send the traffic to wherever it needs to go. You will need a configuration file for OpenVPN from your VPN provider. Be definition a "proxy" is not encrypted, but merely relays the traffic through another host. A VPN is an encrypted proxy.

Signed,

Matthew Campbell
Click to expand...

Thank you Matthew, but I can't use a VPN.

The services I need to bypass will detect it very quickly, only transparent proxies are indetectable as per my tests.

Is there a way of doing this only with a proxy?
 
AlphaObeisance said:
Idk if I fully understand the issue here but it sounds like you would just need to port forward 80 and 443 traffic to your reverse proxy IP to be managed. This would traffic all HTTP and HTTPS traffic to the proxy server.

Use NGNIX/Apache as your reverse proxy. You'll either need a dedicated machine or dedicated VM server to do so.

Or, as you'd mentioned a quality router that offers VPN server/client setup at the router level is a convenient option. For example my router enables me to set up various VPN server/client options by using my VPN user credentials and importing config files directly to the router. This then provides you with the option to toggle the VPN on for any/all devices you choose based on the VPN configuration.
Click to expand...

As I said in my last comment, I can't use VPNs.

So, I'm seeking for alternatives.

I've worked a bit with nginx and reverse proxies, will try that option.
 
DerVenek said:
Thank you Matthew, but I can't use a VPN.

The services I need to bypass will detect it very quickly, only transparent proxies are indetectable as per my tests.

Is there a way of doing this only with a proxy?
Click to expand...
VPNs commonly use UDP. I use ProtonVPN with Secure Core with TCP instead. Unfortunately ProtonVPN will not work for you in your case because the traffic forwarded to the VPN entry node would need to originate on the server. Proton says this limit is imposed by ProtonVPN not the OpenVPN software which ProtonVPN uses. You might try a reverse tunnel with ssh. You could try Linode or Amazon AWS. I have used a secure reverse tunnel before to temporarily host a web site on my own Linux desktop at home, but have never used it as a VPN for outgoing traffic before. You'd need a remote VPN server that would work that way. A VPN is encrypted so your ISP shouldn't readily detect it, provided it uses TCP instead of UDP. It's probably the use of UDP that's causing this problem with your ISP. Either way you'll be a client reaching out to a remote server using TCP so your ISP will only "detect" it as a proxy if they see the server you are reaching out to as such. This could become obvious if all of your traffic was always going to or coming from the same place.

Signed,

Matthew Campbell
 
You must log in or register to reply here.

Similar threads

D
Redirect the traffic of all my home devices to a proxy server, is it possible?
Replies
3
Views
1K
damix9
damix9
N
Direct Unbound DNS-over-HTTPS (DoH) traffic through SSH tunneling
Replies
5
Views
1K
norainfallduckdog
N
F
How to redirect all traffic through a proxy without a loop?
Replies
2
Views
3K
vs2-free-users
vs2-free-users
D
By Passing IIS URL on a Proxy Linux server
Replies
5
Views
1K
Trenix25
Trenix25
D
A different question about Network Manager
Replies
5
Views
912
MikeRocor
MikeRocor


Members online

Total: 784 (members: 2, guests: 782)

Latest posts

Top