2017-08-31 11:03:34 +08:00
## 9. Transparent Proxy without dnsmasq
2017-08-31 11:45:01 +08:00
PC Client -> Gateway with glider running(linux box) -> Upstream Forwarders -> Internet
#### In this mode, glider will act as the following roles:
2017-08-31 11:03:34 +08:00
1. A transparent proxy server
2. A dns forwarding server
3. A ipset manager
2017-08-31 11:30:27 +08:00
2017-08-31 11:03:34 +08:00
so you don't need any dns server in your network.
2018-01-24 12:46:02 +08:00
#### Create a ipset manually
```bash
ipset create glider hash:net
```
2017-08-31 11:03:34 +08:00
#### Glider Configuration
##### glider.conf
```bash
verbose=True
2017-08-31 11:30:27 +08:00
2017-08-31 11:03:34 +08:00
# as a redir proxy
listen=redir://:1081
2017-08-31 11:30:27 +08:00
2017-08-31 11:03:34 +08:00
# as a dns forwarding server
dns=:53
dnsserver=8.8.8.8:53
2019-03-21 21:10:00 +08:00
dnsserver=8.8.4.4:53
2017-08-31 11:30:27 +08:00
2017-08-31 11:03:34 +08:00
# specify rule files
rules-dir=rules.d
```
##### office.rule
```bash
# add your forwarders
forward=http://forwarder1:8080,socks5://forwarder2:1080
forward=http://1.1.1.1:8080
strategy=rr
2020-11-29 21:59:20 +08:00
check=http://www.msftconnecttest.com/connecttest.txt#expect=200
2017-08-31 11:30:27 +08:00
2017-08-31 11:03:34 +08:00
# specify a different dns server(if need)
dnsserver=208.67.222.222:53
2018-11-28 23:28:32 +08:00
# as a ipset manager
ipset=glider
2017-08-31 11:03:34 +08:00
# specify destinations
2017-08-31 11:30:27 +08:00
include=office.list
2017-08-31 11:03:34 +08:00
domain=example1.com
domain=example2.com
# matches ip
ip=1.1.1.1
ip=2.2.2.2
# matches a ip net
cidr=192.168.100.0/24
cidr=172.16.100.0/24
```
2017-08-31 11:30:27 +08:00
##### office.list
```bash
# destinations list
domain=mycompany.com
domain=mycompany1.com
ip=4.4.4.4
ip=5.5.5.5
2018-07-26 22:47:27 +08:00
cidr=172.16.101.0/24
cidr=172.16.102.0/24
2017-08-31 11:30:27 +08:00
```
2018-07-05 20:44:19 +08:00
#### Configure iptables on your linux gateway
2017-08-31 11:03:34 +08:00
```bash
iptables -t nat -I PREROUTING -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
2019-03-21 21:10:00 +08:00
iptables -t nat -I OUTPUT -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
```
#### Server DNS settings
Set server's nameserver to glider:
```bash
echo nameserver 127.0.0.1 > /etc/resolv.conf
2017-08-31 11:03:34 +08:00
```
2023-03-07 18:39:49 +08:00
#### Client settings
Use the linux server's ip as your gateway.
2019-03-21 21:10:00 +08:00
Use the linux server's ip as your dns server.
2017-08-31 11:30:27 +08:00
2017-09-03 01:18:01 +08:00
#### When client requesting to access http://example1.com (in office.rule), the whole process:
2017-09-04 00:42:20 +08:00
DNS Resolving:
2020-09-24 18:50:04 +08:00
1. client sends a udp dns request to linux server, and glider will receive the request(as it listens on the default dns port :53)
2018-08-04 16:39:53 +08:00
2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be chosen)
2020-09-24 18:50:04 +08:00
3. glider uses the forwarder in office.rule to ask 208.67.222.222:53 for the resolve answers(dns over proxy).
4. glider updates it's office rule config, adds the resolved ip address to it.
2023-03-07 18:39:49 +08:00
5. glider adds the resolved ip into ipset "glider", and returns the dns answer to client.
2017-09-04 00:21:12 +08:00
Destination Accessing:
2019-03-21 21:10:00 +08:00
1. client sends http request to the resolved ip of example1.com.
2. linux gateway server will get the request.
2023-03-07 18:39:49 +08:00
3. iptables matches the ip in ipset "glider" and redirect this request to :1081(glider)
2019-03-21 21:10:00 +08:00
4. glider finds the ip in office rule, and then choose a forwarder in office.rule to complete the request.
