How To: Redirect HTTP Traffic to Proxy Using iptables

Invisible Traffic

Proxy Madness

Using Squid or any other proxy for transparent caching/filtering of HTTP traffic has many benefits, being for logging purposes or the aforementioned use-cases, keeping every client configured can be a nuance. Networking equipment from Cisco and Juniper has the ability to redirect all passing HTTP traffic, in IOS and JunOS respectively, to the desired proxy.

A more cost-effective solution is to use a Linux box inline the client network and the “Internet”, redirecting HTTP traffic to a separate transparent proxy box, before it reaches the Internet.

Another, more realistic (…), use case. Is to use the transparent caching proxy server inline the VPN Server, VPN Client and the Internet. Example below.

VPN Client --> VPN Server --> Caching Transparent Proxy --> Internet

The benefit being that the VPN Server can resend cached content to the VPN Client, reducing latency for the server and the connection as a whole.

The Solution

Using the example above, traffic redirection using iptables most efficiently takes place on the VPN Server.

Below is the required configuration:
~# iptables -t nat -A PREROUTING -i [TUNNELIFACE] -p tcp -m tcp --dport 80 -j DNAT --to-destination [PROXYIP]:[PROXYPORT]

Working example:
~# iptables -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.17.13.37:3128

As an end note. For best results and lowest possible latency, the VPN Server and Caching Transparent Proxy should be on the same network, preferably on the same network switch.

Happy Caching!

GPIO Sensors Fun – Keyes DS18b20 1-Wire for the Raspberry Pi

Raspberry Pi GPIO

I’ve been using my Raspberry Pi as a replacement for another bulky server/heating element I used two years ago. Since then, the Credit Card sized hardware with it’s 8 Gigabyte SD-card, has endured the role of a NTP, DNS, OpenVPN, HTTP and SSH-terminal server. With no crashes or slowdowns (within expectable limits) to speak of, I recently tapped into it’s gracious GPIO.

With no previous electronics experience, I acquired the following:

  • Smallest breadboard I could find (tiny!)
  • Arduino-like color-coded hobby cables
  • Keyes DS18b20 1-Wire (“Classic” DS18b20 not available locally)
  • 4.7k Ohm resistor

I wired it all up according To This Diagram (Again, no experience)
Credit: www.projects.privateeyepi.com

Expectations were high, once booted up, modules loaded. The directory /sys/bus/w1/devices/ contained… Nothing.
After a quick browse through the Keyes DS18b20 Data sheet, I noticed that the Signal and Power pins was reversed in relation to the “Classic” sensor. A quick poweroff-pinchange-poweron-modprobe later fixed the issue. Luckily, nothing fried :)

End result:
Keyes DS18b20 Raspberry Pi

Google provided me with a perl -and shell script. I added RRDtool, Lighttpd, a Crontab entry and some HTML.

End result:
Room Temp

Building: Fun
Usefulness: Questionable (At least it detects “Window Open” events)

The Old Reader (RSS Reader) – Best Online RSS Alternative, after Google Reader Discontinuation

The Old Reader Logo

I personally check RSS-feeds every day and ever since Google Reader got discontinued a while back, I’ve found a viable alternative, The Old Reader. The service easily allowed me to import my old feeds through an OPML-file, and even gave me instructions how to export my Google Reader feeds.

The service does not (yet) offer any iPhone app, or Andriod equivalent that I know of. However, since it seems to be already optimized for mobile browsers, it is not an issue of mine. Simply create a iOS homescreen shortcut from Safari, and you’re done. Fancy web 2.0 HTML5 site-build adds a nice feel and the controls are what you would expect from an RSS reader.

Apart from the occasional slowdowns, site-downs (I hope you like cats) and internal conflicts within the site crew. I highly recommend it.

How To: Monitor NetCat File Upload Progress using PV

Netcat Logo

Using NetCat to upload files can sometimes be handy, however it would be awesome if you could track the upload ETA and not just stare patiently for a prompt. PV, or “Pipe Viewer”, is a handy little command that allows you to track the progress of any Unix pipe. Using it as an replacement for “cat” in the NetCat transfer, gives you a fancy progress-bar.

For example:

lazyclient@lazyclient-desktop:~$ nc -l 7000 > verybigfile.bin

Server side…

superitguy@pro-server:~$ pv verybigfile.bin | nc 3.1.33.7 7000
70.2MB 0:00:11 [5.95MB/s] [============================================================>] 100%

Fetch the latest binary @ pv’s project homepage: http://www.ivarch.com/programs/pv.shtml