2017-08-31 11:03:34 +08:00
## 9. Transparent Proxy without dnsmasq
2017-08-31 11:45:01 +08:00
PC Client -> Gateway with glider running(linux box) -> Upstream Forwarders -> Internet
#### In this mode, glider will act as the following roles:
2017-08-31 11:03:34 +08:00
1. A transparent proxy server
2. A dns forwarding server
3. A ipset manager
2017-08-31 11:30:27 +08:00
2017-08-31 11:03:34 +08:00
so you don't need any dns server in your network.
2018-01-24 12:46:02 +08:00
#### Create a ipset manually
```bash
ipset create glider hash:net
```
2017-08-31 11:03:34 +08:00
#### Glider Configuration
##### glider.conf
```bash
verbose=True
2017-08-31 11:30:27 +08:00
2017-08-31 11:03:34 +08:00
# as a redir proxy
listen=redir://:1081
2017-08-31 11:30:27 +08:00
2017-08-31 11:03:34 +08:00
# as a dns forwarding server
dns=:53
dnsserver=8.8.8.8:53
2017-08-31 11:30:27 +08:00
2017-08-31 11:03:34 +08:00
# specify rule files
rules-dir=rules.d
```
##### office.rule
```bash
# add your forwarders
forward=http://forwarder1:8080,socks5://forwarder2:1080
forward=http://1.1.1.1:8080
strategy=rr
checkwebsite=www.apple.com
checkduration=30
2017-08-31 11:30:27 +08:00
2017-08-31 11:03:34 +08:00
# specify a different dns server(if need)
dnsserver=208.67.222.222:53
2018-11-28 23:28:32 +08:00
# as a ipset manager
ipset=glider
2017-08-31 11:03:34 +08:00
# specify destinations
2017-08-31 11:30:27 +08:00
include=office.list
2017-08-31 11:03:34 +08:00
domain=example1.com
domain=example2.com
# matches ip
ip=1.1.1.1
ip=2.2.2.2
# matches a ip net
cidr=192.168.100.0/24
cidr=172.16.100.0/24
```
2017-08-31 11:30:27 +08:00
##### office.list
```bash
# destinations list
domain=mycompany.com
domain=mycompany1.com
ip=4.4.4.4
ip=5.5.5.5
2018-07-26 22:47:27 +08:00
cidr=172.16.101.0/24
cidr=172.16.102.0/24
2017-08-31 11:30:27 +08:00
```
2018-07-05 20:44:19 +08:00
#### Configure iptables on your linux gateway
2017-08-31 11:03:34 +08:00
```bash
iptables -t nat -I PREROUTING -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
2018-11-25 13:18:15 +08:00
#iptables -t nat -I OUTPUT -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081
2017-08-31 11:03:34 +08:00
```
2017-08-31 11:30:27 +08:00
#### Client DNS settings
2017-09-03 01:18:01 +08:00
use the linux server's ip as your dns server
2017-08-31 11:30:27 +08:00
2017-09-03 01:18:01 +08:00
#### When client requesting to access http://example1.com (in office.rule), the whole process:
2017-09-04 00:42:20 +08:00
DNS Resolving:
2017-09-04 00:21:12 +08:00
1. client sends a udp dns request to linux server, and glider will receive the request(as it listen on default dns port :53)
2018-08-04 16:39:53 +08:00
2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be chosen)
2017-09-04 00:21:12 +08:00
3. glider uses the forwarder in office.rule to ask 208.67.222.222:53 for the resolve answers
4. glider updates it's office rule config, add the resolved ip address to it
5. glider adds the resolved ip into ipset "glider", and return the dns answer to client
Destination Accessing:
1. client sends http request to the resolved ip of example1.com
2. linux gateway server will get the request
3. iptabes matches the ip in ipset "glider" and redirect this request to :1081(glider)
4. glider finds the ip in office rule, and then choose a forwarder in office.rule to complete the request
