1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A socks proxy server for Tomato

Discussion in 'Tomato Firmware' started by gabriel, Dec 8, 2007.

  1. gabriel

    gabriel Network Guru Member

    Hi All,

    In case of somebody needs it, in the attached file is a binary version of Srelay - a socks proxy server compiled for Tomato.
    How to use it:
    1. Enable jffs filesystem on your router
    2. Unzip the file "srelay" and copy it to /jffs directory on your router
    3. Execute:
    #cd /jffs
    #chown root:root ./srelay
    #chmod 755 ./srelay
    4. Trough the Tomato's UI add the following lines in Administration->Scripts-> Firewall

    /jffs/srelay -i :21 -a n -t
    iptables -I INPUT -i ppp0 -p tcp --dport 21 -j ACCEPT

    Now you will have a socks proxy listening on port 21. You can change the port on your choice. If you are not uising pppoe then the iptables line slightly differs.


    Here http://socks-relay.sourceforge.net/
    and here http://downloads.openwrt.org/people/nico/man/man8/srelay.8.html you can find more info for Srelay

    Enjoy!
     

    Attached Files:

  2. occamsrazor

    occamsrazor Network Guru Member

    Hi Gabriel,

    Could you explain to a relative newbie how and what you would use this for?

    I currently run a squid web proxy on a local machine that I can access remotely via OpenVPN. Just wonder how this differs. Obviously it's nicer if I can achieve a similar thing running on the router.

    My main desire is when I am travelling away from home, to have the ability to route all my internet traffic via a proxy on my home connection...

    Also, assume you have installed and tried this.... it works OK?

    Regards,

    Ben

    EDIT: Also, how is this different from creating an SSH tunnel to the router? Or is it complementary to that?

    EDIT2: (added at later date as reminder) This is how to copy the file via OS X Terminal:

    scp /LOCALPATH/srelay root@ROUTERIP:/jffs/srelay
     
  3. u3gyxap

    u3gyxap Network Guru Member

    And one more thing to keep in mind:
    iptables -I INPUT -i ppp0 -p tcp --dport 21 -j ACCEPT
    That is for PPPoE or pptp connection to the internet. In case of Static IP or DHCP - it should be:
    iptables -I INPUT -i vlan1 -p tcp --dport 21 -j ACCEPT
     
  4. gabriel

    gabriel Network Guru Member

    First of all I have to add that the attached version is compailed for WRT54G or WRT54GL.

    It does exactly that thing. The idea is that the router is always on, so it can handle the proxy task instead of using internal PC for that. SRELAY is relatively smaller than SQUID and it is non caching socks proxy which represents the connections as they are made from the router itself. And it works for all ports, not only for “http†for example.

    Imagine you have a laptop with mobile GPRS card, and you are using Firefox. If your router has a public IP address that is well known to you then you can setup Firefox to use the Socks server on your router – just enter IP address or hostname and the port where server is listening in Firefox’s network settings. Then if you go to http://192.168.1.1 you will see your tomato’s UI. In the same way you can configure BitCommet, Skype and many other software. Then all they will work as you are using them at home, over the home connection, but you are on your Laptop with GPRS connection.

    Maybe I just give you a very stupid explanation, but I hope you get it.

    I found the sources in the Internet and I compiled them for my router (WRT54G). Of course I’ve tested it (almost for a year) and it works fine. The day before yesterday when I posted here I just found that I can share it with you. :smile:

    Yes, you can use SQUID on your local PC, or even better you can compile it for WRT. You can use the Tomato’s build in SSH support to create SSH tunnel via Putty for example, but it is relatively slow and it requires to have Putty or similar software on the client side. You can use SRELAY which is relatively small and fast and does exactly what socks server (version 4) is supposed to do. In this case you will not need to have any running PC on your local network in order to “reuse†your internet connection from outside. I’ve never tested socks ver. 5 functionalities of Srelay and even I’m afraid that they are not working in this version of Srelay.


    And at the end, while reviewing this post I have impression that I'm advertising Srelay. That's not the case for sure. It is NOT my development. I found it somewere and I adopted it for my needs. I don't defend the possition that Srelay is the best pice of softwere for the described task, but just tried to explaine somehow what is it. Better ask google for Srelay to get more information and if you like it then simply use it :smile:
     
    mmosoll likes this.
  5. occamsrazor

    occamsrazor Network Guru Member

    Thanks very much for the detailed explanation Gabriel...

    After reading your post I played around a bit SSH tunnels... I enabled the SSH daemon and made a remote SSH connection with Bitvise Tunnelier (similar to Putty I believe). Tunnelier also allows you to create a SOCKS proxy from the client which I then used to proxy http connections (how does it do that? does the SSH server have a SOCKS proxy built-in already???)

    I am also using the OpenVPN version of Tomato, and already had that setup with a squid proxy on one of my local machines.

    So, if I'm correct, there are a few ways of proxying traffic i.e.

    1. OpenVPN with squid server on local machine.
    2. SSH tunnel with SOCKS proxy using Putty/Tunnelier.
    3. SRelay SOCKS proxy on router with no SSH tunnel.

    I am now wondering what the advantages and disadvantages of each of the methods are...

    I guess the SOCKS proxy alone is easier to administer needing no client software, but assume it is also less secure as not encrypted (correct?)

    Does SRelay have any form of authentication, otherwise how do you stop other people using your proxy?

    Many thanks for your help....

    Ben
     
  6. gabriel

    gabriel Network Guru Member

    I think SSH tunel is the most secure, but it is at least twice slower than srelay.

    In my case, in order to have some security I use the following line in the Firewall script:

    iptables -I INPUT -i ppp0 -s XXX.XXX.XXX.XXX/24 -p tcp --dport 21 -j ACCEPT

    where XXX.XXX.XXX.XXX is the IP address of the network, from where I usualy use the proxy. The network itself is trusted for me, so I don't mind if anybody else from this network is using my proxy. All other clients outside of that network are restricted and can not use it. You can restrict the access to single IP for example, if you always have a static IP on the client side.
    In SOCKS V5 specification there is some authentication method, but as I said in the previous post I'm afraid srelay does not support V5 version of the protocol fully. By the way, looking at "Connection Settings" of Firefox you will see there is no place to enter user name and password. So, maybe Firefox doesn't support SOCKS 5 too. And the same is with Internet Explorer.


    Anyway you can play with iptables and can restirct the access to your proxy to the necessery extend. If it is not enoug - use SSH. :smile:

    And one more idea - You can use OpenVPN and SRelay together on the router. In this way you'll have the exepcted security and you'll not use an internal PC for proxy. Just the firewall script should be:

    /jffs/srelay -i 192.168.1.1:21 -a n -t
    iptables -I INPUT -i ppp0 -s 192.168.1.0/24 -p tcp --dport 21 -j ACCEPT

    allowing only internal (and VPN) connections to reach the srelay.

    Then you have to connect VPN on your client PC and then you can put
    192.168.1.1:21 as a socks proxy. Everything should work in that way!

    I just don't know if you would have enough space for both OpenVPN and SRelay on your router.
     
  7. ggmm1985

    ggmm1985 LI Guru Member

    I have a problem on my Tomato (v1.13.1252) when run the srelay

    when i put the srelay to my router,and use the command "./srelay.bin -i 192.168.1.200:21 -a n -t ", it throw an error:

    /usr/local/etc/srelay.conf: line 0: no valid entries found. using default.

    and then , I type "./srelay.bin -i 192.168.1.200:21 -a n -t " again

    it throw :
    no server socket prepared, exitting...
    cannot init server socket(-i)


    what does it mean?
     
  8. occamsrazor

    occamsrazor Network Guru Member

    Thanks again Gabriel... what you say makes sense. I don't have a static remote IP, so couldn't use that form of security you mention.
    The OpenVPN + SRelay solution seems to be a nice one to me, I will try to give it a try soon, when I find time. I wonder if it also would suffer the speed loss that you say SSH suffers...
    I'm using a Buffalo WHR-G54S router, wonder if the compile will work with that... we'll see.
    Thanks again...
    Ben
     
  9. gabriel

    gabriel Network Guru Member

    The first message is just warning. Don't worry! The srelay have started successfully and has opened the port 21 for listening.

    The second atempt throws an error which means that the port 21 can not be opened because there is already listener on it (the srelay is already started).
    The same message will throw if you use a port number which is already in use by some service in your tomato.

    If you type:
    #ps
    you will see that srelay is runing and is listening for incoming connections in your case on 192.168.1.200:21 address. That's what you have to put in the Firefox, for example.
     
  10. ggmm1985

    ggmm1985 LI Guru Member

    Thanks Gabriel! :p
     
  11. occamsrazor

    occamsrazor Network Guru Member

    Hi Gabriel,

    I've installed sRelay on my Buffalo WHR-G54s router but am having some problems...

    When I do the "# ps" command it confirms sRelay is running as it says this:

    173 nobody 60 S /jffs/srelay -i 192.168.0.1:2223 -a n -t

    In my firewall script I have:

    /jffs/srelay -i 192.168.0.1:2223 -a n -t
    iptables -I INPUT -i ppp0 -s 192.168.0.0/24 -p tcp --dport 2223 -j ACCEPT

    (192.168.0.1 is my router, I chose a non-standard port 2223 to avoid conflicts)

    I am currently physically connected to the router (not OpenVPN).

    When I enter the proxy info into Firefox - server 192.168.0.1 port 2223 with either socks v4 or v5 - pages won't load at all.

    Any ideas?

    Thanks for your help,

    Ben
     
  12. gabriel

    gabriel Network Guru Member

    Hi Ben,

    If srealy starts sucessfully on your hardware we may hope it will work properly :smile:

    I think your setup is somehow wrong! First, the line:

    /jffs/srelay -i 192.168.0.1:2223 -a n -t

    starts srelay and it listens for incomming connections on local side (i.e. LAN/WLAN). It means you will be able to use the proxy only from your local network, which makes no sense.

    The line:

    iptables -I INPUT -i ppp0 -s 192.168.0.0/24 -p tcp --dport 2223 -j ACCEPT

    allows incomming packets on ppp0 interface, which is the WAN side, so in your case it allows connection from WAN, but I'm affraid nothing with source address in the range 192.168.0.0/24 will come from outside - there are only real IP addresses unless your ISP is buggy, so nothing will rich your srelay server.

    Anyway, if you want to test it from your local network and if your router address is 192.168.0.1 then try this:

    /jffs/srelay -i 192.168.0.1:2223 -a n -t
    iptables -I INPUT -i br0 -s 192.168.0.0/24 -p tcp --dport 2223 -j ACCEPT

    and use 192.168.0.1:2223 Socks 5 in Firefox settings.

    Instead of stated above, you may try the lines:

    /jffs/srelay -i :2223 -a n -t
    iptables -I INPUT -s 192.168.0.0/24 -p tcp --dport 2223 -j ACCEPT

    This should work for your local network. In order to have WAN access you need to change the address range in iptables or to remove the range together with the -s key. The last option is dangerous - you router will be hacked very soon in that way!! So, for WAN access:

    /jffs/srelay -i :2223 -a n -t
    iptables -I INPUT -s xxx.xxx.0.0/24 -p tcp --dport 2223 -j ACCEPT

    where xxx.xxx.0.0 is the real IP address of your trusted external network from where clients will connect.


    Best regards,

    Gabriel
     
  13. occamsrazor

    occamsrazor Network Guru Member

    Gabriel,

    How do you know all this?!?
    Thanks!!

    I'd copied the firewall script from what you suggested in a previous post, but I think my needs are somewhat unusual. Perhaps it's best if I just describe what I'm looking for:

    a) I want remote proxy access *only* when I am connected via OpenVPN.

    b) I don't have a single trusted WAN address range (using internet cafes), but when connected via OpenVPN my remote computer gets given an address in the range 192.168.0.0/24

    c) Proxy access for "actual" local network (ethernet and wireless) would be useful to allow, so that I can ensure all is working OK from home, but not essential if that makes the config super-complicated

    Whilst the router gives the remote OpenVPN computer a 192.168.0.0/24 address, I don't think it "sees" it as coming from the ppp0 interface, I think it may see the OpenVPN connections as a different interface entirely. Which actually might make things simpler as perhaps we could allow proxying only for the ethernet, wireless, and OpenVPN interfaces without needing to do any address range restrictions, and then block it for all non-VPN WAN traffic

    In the bandwidth monitor page it lists the following interfaces:

    WAN (ppp0)
    WL (eth1)
    br0
    eth0
    tap0
    vlan0
    vlan1

    Does this make sense?

    Thanks again for your help,

    Ben
     
  14. gabriel

    gabriel Network Guru Member

    Hi,

    I don't have any experience with OpenVPN, but I think the lines bellow will serve you for both VPN and Local (LAN/WLAN) connections:

    /jffs/srelay -i :2223 -a n -t
    iptables -I INPUT -s 192.168.0.0/24 -p tcp --dport 2223 -j ACCEPT

    You don't need to change the srelay line above. It will listen on all available interfaces. The iptables line will allow your local clients to connect (presuming that noting with IP 192.168.x.x will come from your WAN interface). With big probability this will work for VPN clients too, since OpenVPN is runing on your router. Somebody with more experience in OpenVPN can help here. The idea is that the iptables should be configured in a way, that everiting comming from your local clients or your VPN cliens on tcp:2223 is accepted and will be passed to srelay.


    BR,
    Gabriel
     
  15. occamsrazor

    occamsrazor Network Guru Member

    Thanks Gabriel...

    That all seems to be working now, at least from home (haven't been outside to try it yet).
    I'm using the Firefox extension FoxyProxy to handle the proxy info, and the only problem I've found is that when I click the "use Socks proxy for DNS lookups" it's unable to resolve the addresses, leading me to think that sRelay isn't proxying DNS lookups properly.

    I'll keep experimenting....

    Cheers,

    Ben
     
  16. batmodem

    batmodem LI Guru Member

    Found a simple solution...

    Hi All,

    I read this thread looking to do what it says in the title so I started looking into OpenVPN and SRelay but I was getting nervous and thinking I was going to spend a long time this weekend doing it but I found this page for mistake. I never tought it would be so simple, no vpn, no firewall config, nothing! I'm using a WRTG54L with Tomato and it works great.

    Check it out.

    http://lifehacker.com/software/ssh/...ng-session-with-an-ssh-socks-proxy-237227.php

    I added some aditional options to the ssh client to use blowfish instead of 3des as the encription protocol because is supposed to be faster and using port 443 so it looks like a https connection. So it looks like this:

    ssh -ND 9999 -c blowfish -p 443 root@mylovelyrouter.com

    Cheers,

    Andrés

    P.S. I'm using a dyndns to give my router a name.
     
  17. occamsrazor

    occamsrazor Network Guru Member

    Hi,

    I've had the sRelay + OpenVPN combination working quite nicely for a while now, but want to upgrade my version of the Tomato firmware from v1.11.1218 to the latest 1.16, which I understand will erase the jffs space. So what's the best way to do it?

    Do I just need to copy the firewall script, upgrade Tomato, re-install sRelay in the JFFS space, and then re-enter the firewall script?

    Thanks,

    Ben
     
  18. occamsrazor

    occamsrazor Network Guru Member

    I jumped in and upgraded the Tomato firmware and all's working, so I'll answer my own question.

    Doing the following worked.....

    1. Backed up config
    2. Cleared NVRAM, erased the JFFS partition.
    3. Disabled JFFS
    4. Upgraded to the latest firmware.
    5. Restored the config
    6. Enabled and formatted the JFFS partition
    6. Re-installed sRelay to JFFS

    All the scripts are saved in the backup config, so it wasn't necessary to re-enter them.
     
  19. kramed

    kramed LI Guru Member

    Very cool. I wonder if there is a similar tool that could also be used that is still maintained. Srelay was last released in 2003.
     
  20. hackmiester

    hackmiester Guest

    May I ask how you built this? I can't seem to get a cross compiler up that will build things for Tomato.
     
  21. leepa

    leepa Addicted to LI Member

    Thanks Gabriel...

    Finally I managed to make it work on my router.
    It seems that if you want to use this proxy from Firefox 3 (I did not test other versions), you need to set it as socks version 4. Using v5 does not work...

    Also, according to manual page provided, using "-a n" switch is not necessary:
     
  22. bhlonewolf

    bhlonewolf LI Guru Member

    Just to point out you can use openvpn without squid for proxying traffic -- was there some particular reason you were using squid also? (just wondering if there's some functionality it offers)
     
  23. occamsrazor

    occamsrazor Network Guru Member

    It was just because I also had an existing squid server on my machine that I was counting it as an option. The difference between Squid and sRelay is that sRelay is just a proxy, whereas squid is a CACHING proxy, which in theory may or may not be useful depending on your circumstances.
    In the end I set it up with just the sRelay and OpenVPN combo (both in the router). sRelay is set to allow only internal (and VPN) connections to reach the srelay, all connections that do not come from a local IP address get blocked.
    So I OpenVPN into the router giving my remote machine a local IP address, then connect to sRelay via the router's local IP address, using it as a SOCKS proxy. I use the QuickProxy extension for Firefox 3 to switch proxying on/off as I wish.
    All in all it works fine....
     
  24. occamsrazor

    occamsrazor Network Guru Member

    PingTunnel

    I'm posting this here because:

    a) Gabriel seems to know a lot about this sort of stuff, and
    b) People interested in sRelay might be interested in this.

    I was just reading about PingTunnel. It seems like it might be useful. It's designed to "tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies". The reason this might be useful is if you are on a wireless network that gives you an IP address but doesn't allow any traffic except pings (i.e. lots of internet cafes, hotels, etc that require you to login through a web interface), you could use this to tunnel to your home router, and presumably using sRelay, to the outside world.

    http://www.cs.uit.no/~daniels/PingTunnel/
    http://freshmeat.net/projects/ptunnel/
    http://dries.studentenweb.org/apt/packages/ptunnel/info.html
    http://dag.wieers.com/packages/ptunnel/

    So my question is do you think this could be run on Tomato?

    Regards,

    Ben
     
  25. bodbod

    bodbod Addicted to LI Member

    Hi Gabriel,

    I have some issues on making srelay working via the wan, I have a router WRT54GL running under tomato 1.14 with SD mod. the mmc is formated and works fine. my connection is under protocol ppoe.
    I have therefore copied your file in the mmc folder via telnet and entered the following commands :

    iptables -I INPUT -i ppp0 -p tcp --dport 21 -j ACCEPT ->via telnet
    /jffs/srelay -i :21 -a n -t ->via telnet

    this is not working when i am trying to connect to it as a socks5 (in firefox or msn)
    on another computer (from the wan if we simplify the story)

    I have ofcourse tested in Lan first with the other commands and it works fine for firefox, not for msn... dont know why it can t connect to it...)

    can somebody help me on that please ?
     
  26. mstombs

    mstombs Network Guru Member

    I would try using a different port - port 21 is the ftp port, and there are ftp nat helpers etc possibly interfering (the ftp nat helper can de disabled in the tomato web gui)
     
  27. rhester72

    rhester72 Network Guru Member

    I'm not Gabriel, but I suppose it could:

    http://multics.dynalias.com/tomato/ptunnel.gz

    Rodney
     
  28. bodbod

    bodbod Addicted to LI Member

    Thx for your advice but I already tried another port before (which was not in use) and I had the same issue.
     
  29. Aquafire

    Aquafire LI Guru Member

    Is it only me or there is something with the attached Srelay.zip file.

    I am trying to setup a router based proxy on my Linksys WRTSL54GS router running Tomato Firmware v1.27.8742 ND USB Ext.

    I am trying to download the attached ZIP file from this thread to start my experiment. But whenever I download this ZIP file (~53KB) and try to UnZip/UnRAR it on my PC (to be able to transfer the unzipped files/folders to the JFFS folder on the router), I always get an error message that the RAR file is not vaild (Unexpected end of ZIP/RAR file).

    Can someone please check and post the correct working and compiled version of this file for tomato.

    I also tried download the source TAR files from the SourceForge homepage, but since I am a total zero in Linux , I dont know how to compile these files for tomato.

    I would appreciate if someone can help.

    Thanks.​
     
  30. rhester72

    rhester72 Network Guru Member

  31. Aquafire

    Aquafire LI Guru Member

    Hello All,

    I have managed to install the Srelay via Optware packages and now its running on a given port 2223. However as I read in this thread for enabling access from the internal LAN I need to use the "Br0" switch in the IPTABLES command line. I have used it and it is not working in Firefox (Socks 4/5) or Internet Explorer. However with the default "ppp0" switch it is working from the internet, or at least it seems so.

    So i just wanted to ask :

    1. Is there a way to enable the access for the proxy from both the interfaces i.e, LAN and WAN.

    2. Is there any option for logfile generation, so I can see what/when/how much traffic is being served. Not the syslog , which is highly technical. Just plain log file with URL names and time/dates.

    Thanks for your support.
     
  32. rhester72

    rhester72 Network Guru Member

    Code:
    iptables -I INPUT 1 -p tcp --dport 2223 -j ACCEPT
    in Scripts/Firewall should allow remote access. You may need a corresponding port forward.

    srelay already supports logging each connection to syslog, as you've seen - it should be a simple matter to pull out the relevant information but it will *NOT* include the URL (the relay is layer 3, not layer 7, and thus has no knowledge of "URLs").

    Rodney
     
  33. Aquafire

    Aquafire LI Guru Member

    Hello All,

    I have installed the Srelay compiled version in the /opt/bin directory of my Linksys WRTSL54GS running Tomato Firmware v1.27.8742 ND USB Ext. The router is directly connected via the WAN port to a DSL modem (which is in bridge mode). The DynDNS services gives and refreshed the domain name assigned to my router. So whenever I type its domain name (without any port) I arrive at the main page of my router settings.

    I have the following lines in the scripts->firewall section.

    I can see via various online services that port 2223 is now open on my router. I can also check it by running the "ps" command in the telnet connection to the router, and I can see the "srelay" service is up and running.

    However when i try to access/use this proxy server on port 2223 from my workplace, there is no response and a blank web error page is shown. I have tried pinging my domain name which is working fine. I have tried entering my domain_name:port in IE ver 7 and Firefox ver3.xx with SOCKS 4 & 5, however there is no luck.

    Can someone guide me what could be wrong and why am I unable to use the srelay proxy server installed. I have setup no rules in port fowarding section (if needed what rule needs to be setup).

    Thanks.
     
  34. rhester72

    rhester72 Network Guru Member

    You do understand that srelay is a SOCKS proxy and not a HTTP proxy, correct?

    Rodney
     
  35. Aquafire

    Aquafire LI Guru Member

    Well,

    I guess I am confused, I think i dont totally understand the difference between a SOCKS proxy and an HTTP proxy.

    What I was trying to do however is to have an HTTP proxy up and running. So if I am being wrong over here, then please guide me an easy way to install an HTTP/Mail proxy server .

    Reading from the description I thought that srelay would do the same job.

    Thanks.
     
  36. nhelder

    nhelder Addicted to LI Member

    I appear to be in a very similar boat as Aquafire - I'm running Tomato 1.28 and have copied the binary at the start of this thread to /jffs on the router and currently have the following under Administration -> Scripts -> Firewall:

    Code:
    /jffs/srelay -i :21 -a n -t
    iptables -I INPUT -p tcp --dport 21 -j ACCEPT
    (This is for testing purposes; once things are working I'll limit it to a single interface and restrict the IPs that are able to access it.)

    Also similar to Aquafire, while this is a SOCKS proxy and not an HTTP proxy, in lieu of finding any HTTP proxy binaries for Tomato, my plans are to use this proxy primarily for HTTP traffic.

    However, it doesn't seem to be working - I've tested with Firefox both locally (using the router's IP) and remotely (using my dyndns IP), and in all cases I receive the standard "page cannot be displayed" message.

    Does anyone have any suggestions as to what might be wrong or what steps I might take to troubleshoot things further?

    Also, I notice that this version of srelay was compiled in 2007, circa Tomato 1.13. Can anyone verify that it actually works under Tomato 1.28?

    Thanks in advance for any help you can offer,

    - Nathan
     
  37. rhester72

    rhester72 Network Guru Member

    What sort of log output are you getting from srelay? (The default binary is *very* chatty...)

    Rodney
     
  38. nhelder

    nhelder Addicted to LI Member

    Sorry, I'm a bit of a beginner when it comes to srelay (and running custom code within a router in general).

    Should I be initializing srelay with some sort of output redirection to a log file on a CIFS mount? Or is there an easier way to monitor this output?

    Thanks again,

    - Nathan
     
  39. marbss

    marbss Network Guru Member

    i'm a newbie at this stuff. trying to get around a firewall. Has anyone been able to get srelay working in conjunction with http://www.socksproxychecker.com/sockscap.html apparently this app works for applications that don't have a socks option.

    is there any reason this would not work?

    also I can't seem to find out how to enable the JFFS option in my version of Tomato. I'm running Tomato/MLPPP 1.27-mp3alpha7. Can anyone point me in the right direction. Router is a Buffalo WBR2-G54.

    ---

    What I'm trying to accomplish: Currently there is a firewall that I want to get around. I use TWS from Interactive Brokers and the firewall blocks communication on the ports that it uses.

    I would ideally like to somehow use my router and home internet connection to get around this problem. I know I can setup an HTTP proxy at home - but it seems like a slower solution.

    Thanks,
     
  40. gijs73

    gijs73 LI Guru Member

  41. jbcdidgosir

    jbcdidgosir Serious Server Member

    Would you please tell me how to change the port from 21 to 8080? The file "srelay" doesn't contain any ASCII character.
     
  42. maurer

    maurer LI Guru Member

    /jffs/srelay -i :8080 -a n -t
    iptables -I INPUT -i ppp0 -p tcp --dport 8080 -j ACCEPT
     
  43. pbenj

    pbenj Reformed Router Member

    Would it be possible to use this in a similar fashion to the Anonybox? See the project here: http://gschoppe.com/blog/the-anonybox-how-to/

    Basically, the router maintains an "always on" connection to your VPN in the background and also runs a SOCKS proxy, so that certain programs can be run through the VPN selectively by configuring their proxy settings to point to your router.
     
  44. JoeKamel

    JoeKamel Serious Server Member

    I was trying what pbenj was thinking and no luck. I've gotten srelay to start, and I thought I had it set up properly but nope. For now I was just checking if I could route over the VPN - I was going to deal with the DNS stuff later. So I tried two things.


    First idea was route to an unused address, that I could script to go over the VPN as part of route-up.

    Code:
    #  mysrelay.conf
    #  $Id: srelay.conf,v 1.5 2009/12/09 04:07:53 bulkstream Exp $
    #
    # this line is comment.
    # destination                port range            next-hop/port
    any                    any                10.10.10.1
    I verified that the route was in, however it still was showing my ISP IP as opposed to the VPN IP when checking. So I tried to send it over the proxy given by my VPN provider:

    Code:
    #  mysrelay.conf
    #  $Id: srelay.conf,v 1.5 2009/12/09 04:07:53 bulkstream Exp $
    #
    # this line is comment.
    # destination                port range            next-hop/port
    any                    any                proxy-nl.privateinternetaccess.com:1090
    Code:
    # PIA Proxy Auth info
    # next-hop server                username        password
    proxy-nl.privateinternetaccess.com        xxxxxxxx        xxxxxxx
    Still no good. Any suggestions?
     
  45. Lion7

    Lion7 Reformed Router Member

    Please give access for downloading file from first post.
     
  46. Toxic

    Toxic Administrator Staff Member

    please try to be part of the community and add some posts.
     
  47. Tomaz1

    Tomaz1 New Member Member

    I have compiled this SOCKS proxy (srelay) for ARM Linksis EA6700 for AdvancedTomato. You can try it here.
     
  48. roberthuang

    roberthuang Connected Client Member

  49. kthaddock

    kthaddock Network Guru Member

  50. roberthuang

    roberthuang Connected Client Member

    You can open the your link to see the introduction page. However if you want to download the app, you click on the "try it here", you will get 404 Not Found page.
     
  51. kthaddock

    kthaddock Network Guru Member

    removed
     
    Last edited: Apr 13, 2016
  52. Tomaz1

    Tomaz1 New Member Member

    I have corrected link, now it should work. Also attaching here.
     

    Attached Files:

Share This Page