using local dns to allow domain based transparent proxy
up vote
0
down vote
favorite
I am from iran and some websites are blocked for iranian ips (like nvidia and intel and so on).
there is this website that advertise that I can access those domains buy just changing my dns to theirs.
so I tried and I saw this:
me@laptop ~> drill devtalk.nvidia.com @94.232.174.194
devtalk.nvidia.com. 300 IN CNAME uk4.shecan.ir.
uk4.shecan.ir. 134 IN A 5.226.141.227
the shecan.ir the the the site that advertise that.
now legality of what their doign aside how this works?
do they just redirect traffic to those sites from a non-iranian ip (uk4.shecan.ir 5.226.141.227) so in effect it is just a proxy.
but they dont proxy all the domains just the blocked one.
I am asking this because I wanted to do this for my self on my router but whatever https transparent proxy that I tried cant differentiate between domains. Do they do this with ips?
so when I use their dns service they give me a dns answer and I connect to that I send my request to that but how do they diff between the domains?
do they use different IPs for all those blocked domains?
is that feasible?
can I do this on my own router?
basically I am trying to test this:
use my dnsmasq to give local IP for the blocked sites(blocked by my isp)
then use iptable on that lan machine to transparently proxy all the traffic via tor.
but my issue is does this work with me giving local destination for blocked domains?
I am doing all this so that I don't have to proxy all my traffic and just proxy the needed domains.
linux dns proxy
edited Dec 5 at 16:17
Romeo Ninov
5,02431627
asked Dec 5 at 16:06
user3111875
1
New contributor
user3111875 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
0
down vote
favorite
I am from iran and some websites are blocked for iranian ips (like nvidia and intel and so on).
there is this website that advertise that I can access those domains buy just changing my dns to theirs.
so I tried and I saw this:
me@laptop ~> drill devtalk.nvidia.com @94.232.174.194
devtalk.nvidia.com. 300 IN CNAME uk4.shecan.ir.
uk4.shecan.ir. 134 IN A 5.226.141.227
the shecan.ir the the the site that advertise that.
now legality of what their doign aside how this works?
do they just redirect traffic to those sites from a non-iranian ip (uk4.shecan.ir 5.226.141.227) so in effect it is just a proxy.
but they dont proxy all the domains just the blocked one.
I am asking this because I wanted to do this for my self on my router but whatever https transparent proxy that I tried cant differentiate between domains. Do they do this with ips?
so when I use their dns service they give me a dns answer and I connect to that I send my request to that but how do they diff between the domains?
do they use different IPs for all those blocked domains?
is that feasible?
can I do this on my own router?
basically I am trying to test this:
use my dnsmasq to give local IP for the blocked sites(blocked by my isp)
then use iptable on that lan machine to transparently proxy all the traffic via tor.
but my issue is does this work with me giving local destination for blocked domains?
I am doing all this so that I don't have to proxy all my traffic and just proxy the needed domains.
linux dns proxy
edited Dec 5 at 16:17
Romeo Ninov
5,02431627
asked Dec 5 at 16:06
user3111875
1
New contributor
user3111875 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am from iran and some websites are blocked for iranian ips (like nvidia and intel and so on).
there is this website that advertise that I can access those domains buy just changing my dns to theirs.
so I tried and I saw this:
me@laptop ~> drill devtalk.nvidia.com @94.232.174.194
devtalk.nvidia.com. 300 IN CNAME uk4.shecan.ir.
uk4.shecan.ir. 134 IN A 5.226.141.227
the shecan.ir the the the site that advertise that.
now legality of what their doign aside how this works?
do they just redirect traffic to those sites from a non-iranian ip (uk4.shecan.ir 5.226.141.227) so in effect it is just a proxy.
but they dont proxy all the domains just the blocked one.
I am asking this because I wanted to do this for my self on my router but whatever https transparent proxy that I tried cant differentiate between domains. Do they do this with ips?
so when I use their dns service they give me a dns answer and I connect to that I send my request to that but how do they diff between the domains?
do they use different IPs for all those blocked domains?
is that feasible?
can I do this on my own router?
basically I am trying to test this:
use my dnsmasq to give local IP for the blocked sites(blocked by my isp)
then use iptable on that lan machine to transparently proxy all the traffic via tor.
but my issue is does this work with me giving local destination for blocked domains?
I am doing all this so that I don't have to proxy all my traffic and just proxy the needed domains.
linux dns proxy
edited Dec 5 at 16:17
Romeo Ninov
5,02431627
asked Dec 5 at 16:06
user3111875
1
New contributor
user3111875 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I am from iran and some websites are blocked for iranian ips (like nvidia and intel and so on).
there is this website that advertise that I can access those domains buy just changing my dns to theirs.
so I tried and I saw this:
me@laptop ~> drill devtalk.nvidia.com @94.232.174.194
devtalk.nvidia.com. 300 IN CNAME uk4.shecan.ir.
uk4.shecan.ir. 134 IN A 5.226.141.227
the shecan.ir the the the site that advertise that.
now legality of what their doign aside how this works?
do they just redirect traffic to those sites from a non-iranian ip (uk4.shecan.ir 5.226.141.227) so in effect it is just a proxy.
but they dont proxy all the domains just the blocked one.
I am asking this because I wanted to do this for my self on my router but whatever https transparent proxy that I tried cant differentiate between domains. Do they do this with ips?
so when I use their dns service they give me a dns answer and I connect to that I send my request to that but how do they diff between the domains?
do they use different IPs for all those blocked domains?
is that feasible?
can I do this on my own router?
basically I am trying to test this:
use my dnsmasq to give local IP for the blocked sites(blocked by my isp)
then use iptable on that lan machine to transparently proxy all the traffic via tor.
but my issue is does this work with me giving local destination for blocked domains?
I am doing all this so that I don't have to proxy all my traffic and just proxy the needed domains.
linux dns proxy
linux dns proxy
edited Dec 5 at 16:17
Romeo Ninov
5,02431627
asked Dec 5 at 16:06
user3111875
1
New contributor
user3111875 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited Dec 5 at 16:17
Romeo Ninov
5,02431627
asked Dec 5 at 16:06
user3111875
1
New contributor
user3111875 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited Dec 5 at 16:17
Romeo Ninov
5,02431627
edited Dec 5 at 16:17
Romeo Ninov
5,02431627
edited Dec 5 at 16:17
Romeo Ninov
5,02431627
5,02431627
asked Dec 5 at 16:06
user3111875
1
New contributor
user3111875 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Dec 5 at 16:06
user3111875
1
asked Dec 5 at 16:06
user3111875
1
1
New contributor
user3111875 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
user3111875 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
user3111875 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Yes, you can do that on your own router. The dnsmasq running on your router uses the /etc/hosts file on the router, so you have to edit this file, enter the domains you want to re-route, and give them (different) IP addresses from the private range.
Then you need the iptables rules to DNAT them to their real address, and sent them out via the tor interface.
This will be a bit of a hassle to manage when IP addresses for domains change, because you'll have to update your configuration.
An alternative would be to use a different network namespace on your PC, start two browsers (one in the main namespace, one in the new namespace), wire up the namespace to use tor as a gateway, and in this way differentiate between traffic you want proxied, and traffic you can do directly.
answered 2 days ago
dirkt
16.4k21335
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
yesterday
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
16 hours ago
then how those guys in my example do it?
– user3111875
16 hours ago
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Yes, you can do that on your own router. The dnsmasq running on your router uses the /etc/hosts file on the router, so you have to edit this file, enter the domains you want to re-route, and give them (different) IP addresses from the private range.
Then you need the iptables rules to DNAT them to their real address, and sent them out via the tor interface.
This will be a bit of a hassle to manage when IP addresses for domains change, because you'll have to update your configuration.
An alternative would be to use a different network namespace on your PC, start two browsers (one in the main namespace, one in the new namespace), wire up the namespace to use tor as a gateway, and in this way differentiate between traffic you want proxied, and traffic you can do directly.
answered 2 days ago
dirkt
16.4k21335
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
yesterday
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
16 hours ago
then how those guys in my example do it?
– user3111875
16 hours ago
add a comment |
up vote
0
down vote
Yes, you can do that on your own router. The dnsmasq running on your router uses the /etc/hosts file on the router, so you have to edit this file, enter the domains you want to re-route, and give them (different) IP addresses from the private range.
Then you need the iptables rules to DNAT them to their real address, and sent them out via the tor interface.
This will be a bit of a hassle to manage when IP addresses for domains change, because you'll have to update your configuration.
An alternative would be to use a different network namespace on your PC, start two browsers (one in the main namespace, one in the new namespace), wire up the namespace to use tor as a gateway, and in this way differentiate between traffic you want proxied, and traffic you can do directly.
answered 2 days ago
dirkt
16.4k21335
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
yesterday
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
16 hours ago
then how those guys in my example do it?
– user3111875
16 hours ago
add a comment |
up vote
0
down vote
up vote
0
down vote
Yes, you can do that on your own router. The dnsmasq running on your router uses the /etc/hosts file on the router, so you have to edit this file, enter the domains you want to re-route, and give them (different) IP addresses from the private range.
Then you need the iptables rules to DNAT them to their real address, and sent them out via the tor interface.
This will be a bit of a hassle to manage when IP addresses for domains change, because you'll have to update your configuration.
An alternative would be to use a different network namespace on your PC, start two browsers (one in the main namespace, one in the new namespace), wire up the namespace to use tor as a gateway, and in this way differentiate between traffic you want proxied, and traffic you can do directly.
answered 2 days ago
dirkt
16.4k21335
Yes, you can do that on your own router. The dnsmasq running on your router uses the /etc/hosts file on the router, so you have to edit this file, enter the domains you want to re-route, and give them (different) IP addresses from the private range.
Then you need the iptables rules to DNAT them to their real address, and sent them out via the tor interface.
This will be a bit of a hassle to manage when IP addresses for domains change, because you'll have to update your configuration.
An alternative would be to use a different network namespace on your PC, start two browsers (one in the main namespace, one in the new namespace), wire up the namespace to use tor as a gateway, and in this way differentiate between traffic you want proxied, and traffic you can do directly.
answered 2 days ago
dirkt
16.4k21335
answered 2 days ago
dirkt
16.4k21335
answered 2 days ago
dirkt
16.4k21335
answered 2 days ago
dirkt
16.4k21335
16.4k21335
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
yesterday
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
16 hours ago
then how those guys in my example do it?
– user3111875
16 hours ago
add a comment |
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
yesterday
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
16 hours ago
then how those guys in my example do it?
– user3111875
16 hours ago
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
yesterday
what? I specifically dont want to use the real(actual) ip of the sites. I am trying to do transparent proxy only for some domains on router level and do that without using their actual ip becuase many sites share ips (like on cloudflare). I am aware about explisit proxy and transparent proxy for all connections (80 and 443)
– user3111875
yesterday
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
16 hours ago
Re-routing stuff on the domain level doesn't work, sorry. At least not without a customized DNS server, and I don't know any existing software for that. If all you care about is http/https, you can use an http/https proxy, that can work on the domain level.
– dirkt
16 hours ago
then how those guys in my example do it?
– user3111875
16 hours ago
then how those guys in my example do it?
– user3111875
16 hours ago
add a comment |
user3111875 is a new contributor. Be nice, and check out our Code of Conduct.
user3111875 is a new contributor. Be nice, and check out our Code of Conduct.
user3111875 is a new contributor. Be nice, and check out our Code of Conduct.
user3111875 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f486183%2fusing-local-dns-to-allow-domain-based-transparent-proxy%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
