Setting up a proxy on the firmware Tomato

I will start, perhaps, with the main thing - for which, in fact, I personally need a proxy server. Our provider (I think, like all others) has internal resources, access to which is possible only from a computer connected to this provider. Earlier, I used the scheme: white IP at the computer, proxy server (CCProxy) and did not turn off the computer. The idea that a proxy server could be installed on a router for a long time, since Linux is on routers, the question was only in implementation. Squid is too heavy for this task, because I need a simple and practical solution, and just recently, I came across one program - srelay , which performs traffic forwarding through HTTP and SOCKS proxies.



So, now let's proceed to setting up the router, in my case it is NETGEAR WNR-3500L-RUS and Tomato firmware (modification of the firmware does not matter). This article is designed for advanced users and is considered. that a person already knows how to handle the command line, putty and knows what he is doing.



First, you need to make sure that the proxy always works and does not depend on the flash drives on anything else, that is, we will place the program in the memory of the router. , the program for the proxy is enough.



So, go to Administration / JFFS , turn on the Enable checkbox and click Format / Erase, wait a while, and click Save .

When the JFFS partition is formatted and mounted, you will have access to the / jffs folder, then put the srelay program here .

')

To download the program (the file is located by me on my Google site for convenience, already compiled from optware), run the following script in the Tools / System section:



wget "http://sites.google.com/site/denserru/Home/srelay/srelay?attredirects=0&d=1" -O "/jffs/srelay"

chmod +x /jffs/srelay



Now we have the srelay program in the jffs section, which is in the memory of the router, it remains to configure the ports, the autorun program and its parameters.

Program parameters can be seen by the command:



root@denser-router:/tmp/home/root# /jffs/srelay -h

srelay 0.4.6 2003/04/13 (Tomo.M)

usage: srelay [options]

options:

-c file config file

-ii/f listen interface IP[:PORT]

-m num max child/thread

-o min idle timeout minutes

-p file pid file

-a np auth methods n: no, p:pass

-u file srelay password file

-f run into foreground

-r resolve client name in log

-s force logging to syslog

-t disable threading

-b avoid BIND port restriction

-v show version and exit

-h show this help and exit





We will need the following ones:



/jffs/srelay -i :9999 -t -a pP@ssW0rD



Where 9999 is the port to be used for connection, use any other than the standard one. P @ ssW0rD replace with the password that will be used for authorization (note the letter p in front of the password), the username when accessing the proxy is root. Add this line to the Execute When Mounted field so that the program starts when the JFFS partition is initialized with the specified parameters, namely:

• work on HTTP, SOCKS4 and SOCKS5 protocols
• authorization on port 9999 user: root , password: P @ ssW0rD .

Approximately it should look like in the end:







Now, let's add a rule to the Firewall to open port 9999, to do this, switch to the Administration / Scripts section, the Firewall tab, and add the following through the line break:



iptables -I INPUT -p tcp --dport 9999 -j ACCEPT



It will look something like this:







Now we reboot the router and check the operation of the program using any available method, for example, a browser. I hope you find this instruction useful to me.



It was noticed that after a long work, the program could be closed, for these purposes I put the program monit , but this is the topic of another article.



Materials used:



1. Sources of the program itself - socks-relay.sourceforge.net

2. Essay on one of the users - www.linksysinfo.org/index.php?threads/a-socks-proxy-server-for-tomato.23898