?

Log in

No account? Create an account
LogJam and Proxy - LogJam [entries|archive|friends|userinfo]
LogJam

[ website | LogJam ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

LogJam and Proxy [Feb. 7th, 2006|05:52 pm]
LogJam
logjam
[anupamsr]
[Current Mood |confusedconfused]

Hi,

I am using LogJam on Gentoo. So basically it is configured with this option:
./configure --prefix=/usr --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --with-gtk --without-gtkhtml --with-gtkspell --without-librsvg --with-sqlite3 --without-xmms --build=i686-pc-linux-gnu

When I start LogJam it gives me a windows in which I can give my login and password but there is no place to specify the proxy. I am using a transparent proxy which requires no authentication. These are my environment variables:
$ env | grep http
http_proxy=http://localhost:3128
https_proxy=http://localhost:3128
LinkReply

Comments:
(Deleted comment)
From: anupamsr
2006-02-09 12:53 pm (UTC)

Arigaato!

Thanks it worked!!
(Reply) (Parent) (Thread)
From: node
2006-02-09 03:53 pm (UTC)
By definition, if it's a transparent proxy, you don't need to provide its address/port info.
(Reply) (Thread)
[User Picture]From: giantlaser
2006-02-09 11:26 pm (UTC)
Correct. To make it a transparent proxy, use iptables to redirect your own traffic bound for ports 80 (HTTP) and 443 (HTTPS) to your local port 3128.

Assuming your proxy software runs as a different uid than you, set a rule like so:

iptables -t nat -A OUTPUT -m owner ! --uid-owner 99 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

Replace "99" with the uid the proxy runs as. Be careful with this - if you don't include the "-m owner ! --uid-owner 99", you will create a loop in iptables for all port-80-bound traffic. This -m owner rule excludes the proxy's traffic but catches everyone else's.

Create a second rule for --dport 443 to catch HTTPS.

Finally, you will need to put these in an /etc/init.d/ script or something that runs as root at boot time, or the changes will be lost on restart.

If you totally bork routing or your firewall, here is your "help, save me!" command:

iptables -F
(Reply) (Parent) (Thread)
From: anupamsr
2006-02-10 05:37 pm (UTC)

yeah!

I do use iptables. I used this tutorial to set it up:
http://www.tldp.org/HOWTO/TransparentProxy.html

But when I do netstat | grep 3128 I see my original proxy as well as localhost. Until now I have been able to use my local proxy only for those applications that use http_proxy variable.
(Reply) (Parent) (Thread)
From: evan
2006-02-09 04:35 pm (UTC)
Hm, should probably use those env vars where appropriate...
(Reply) (Thread)
[User Picture]From: gaal
2006-02-09 10:36 pm (UTC)
I think one of our networking backends already does.
(Reply) (Parent) (Thread)
From: evan
2006-02-09 11:47 pm (UTC)
Feh on multiple networking backends! I should remove 'em all! ;)

It would be so much nicer to just require GNOME sometimes...
(Reply) (Parent) (Thread)