Any iptables experts here, I need something explained

Chris Green cl at isbd.net
Wed Oct 13 13:07:18 UTC 2021 

I have it all working again now! :-)  With help from here and other
places I have improved my understanding how all this works and was
thus able to sort it out.

This is so that when I am in France (or anywhere else away from the
UK) I can get WiFi only devices to appear as if they are connecting
from the UK.  Things like my library account for borrowing eBooks and
my doctor's repeat prescription ordering service are like this.


1 - Laptop as WiFi hotspot
==========================
First thing is to set up the laptop with a wired connection to the
internet so that it can become a Wireless AP (or 'hotspot'). This can
be done fairly easily using Network Manager to set the WiFi 'mode' to
'hotspot'.  It's easy to find tutorials that tell you how to do this.


2 - Configure Proxy
===================
Then we need to set up a proxy connection via a UK site.  I have
several ssh logins on UK servers so I simply use ssh to one of these:- 

    ssh -fTnN -D 1080 <name at site.co.uk>

This sets up a socks proxy that you can access on the local machine.
It can be used directly by, for example, Firefox by setting it to
'Manual Proxy' and putting host 127.0.0.1, port 1080 in the Socks5
settings.

My first problem was with this proxy, in Firefox you have to set
*only* the socks proxy entries under 'Manual Proxy', I had the
HTTP/HTTPS settings as well and this broke things (in Firefox). So,
clear out those settings and Firefox at least works through the proxy.


3 - Connect the WiFi hotspot to the proxy
=========================================
This is where my query about iptables came in.

There's a neat little utility called redsocks that can be set up to
'redirect any TCP connection to a SOCKS or HTTP proxy', this along
with the iptables bit connects from the WiFi hotspot clients to the
proxy and thus the WiFi client devices look as if they're in the UK.

I was confused by the 10.42.0.0 address range in iptables.  I *think*
it's just the address range that NetworkManager/Avahi gives to a
wireless connection if nothing else is involved.  I had added dnsmasq
to my system and thus the 10.42.0.0 subnet was being ignored, it had
no DHCP and no DNS.  Adding the required entries to /etc/dnsmasq.conf
to provide DHCP for clients and a DNS server for them has fixed
everything.

-- 
Chris Green

More information about the ubuntu-users mailing list