Tinyproxy

Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems. Designed from the ground up to be fast and yet small, it is an ideal solution for use cases such as embedded deployments where a full featured HTTP proxy is required, but the system resources for a larger proxy are unavailable.

Enable Transparent Proxy for Backfire 10.03

If a full featured HTTP proxy is required, the tinyproxy package is an ideal solution for you as a larger proxy might be unavailable in this environment.

  1. install software packages:
    opkg update
    opkg install tinyproxy luci-app-tinyproxy
    
  2. configure tinyproxy:
    uci set tinyproxy.@tinyproxy[0].enable=1
    uci commit
    /etc/init.d/tinyproxy enable
    /etc/init.d/tinyproxy restart
    
  3. configure transparent proxy redirection:
    uci add firewall redirect
    uci set firewall.@redirect[0].name='Transparent Proxy Redirect'
    uci set firewall.@redirect[0].src=lan
    uci set firewall.@redirect[0].proto=tcp
    uci set firewall.@redirect[0].dest_port=8888
    uci set firewall.@redirect[0].src_dport=80
    uci set firewall.@redirect[0].src_dip='!192.168.1.1'
    uci set firewall.@redirect[0].dest_ip=192.168.1.1
    uci commit firewall
    /etc/init.d/firewall restart
    

:!: Note that the firewall.@redirect[0].src_dip=!192.168.1.1 option is important, if you missed this option you may not connect to LuCI. I can't find this option in the LuCI "Network ⇒ Firewall ⇒ Traffic Redirection" page, so be careful if you're using LuCI.

Note also that by default tinyproxy does not allow connections from other hosts so you will need to enable this. One way is to comment out the "Allow" line from the config.

Notes on Attitude Adjustment 12.09 and maybe IPv6

If you're using Attitude Adjustment 12.09 and maybe setup IPv6 on your OpenWrt box then this may be helpful. These notes only have a few hours of testing; second opinions, better advice welcomed:

  • The "Traffic Redirection" page can be found at Network ⇒ Firewall ⇒ Port Forwards on 12.09
  • The firewall.@redirect[0].src_dip=!192.168.1.1 LuCI option is called "External IP address" in 12.09 and you'll have to enter a –custom– value to enter the leading !
  • Add "::ffff:0:0/96" so the "Allowed Clients" conaints both "127.0.0.1" and "::ffff:0:0/96" . Find at Services ⇒ Tinyproxy ⇒ Configuration ⇒ Filtering and ACLs.

Some help with tinyproxy logging and log analysis here: http://www.farville.com/?p=314

Back to top

doc/howto/proxy.tinyproxy.txt · Last modified: 2014/02/15 19:11 by dttocs