D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: dustfinger on November 23, 2011, 05:08:35 AM
-
Hi,
Goal: To forward requests over port 80 from my LAN to an external server on a specific port, that is I would like to forward all requests over http to an external proxy.
I know that this can be done with IP-Tables, but I would like to do the same thing with my D-Link. I have looked at Advanced --> Routing, but that seems to be specifically for inbound requests. I want to do this for outbound requests. Does anyone know if this can be achieved with the D-Link DIR-655?
Sincerely,
dustfinger.
-
I don't think you can do that on this router. But to say for sure, I would need to know a bit more of what your doing. Would you be routing a specific IP from your intranet to the proxy? Or are you trying to route all traffic. If so, how would you handle DNS?
-
Thank you for your reply,
I want to route HTTP traffic on port 80 from all computers in my LAN to to a specific proxy server. I know that I could configure each client browser, but my requirements are such that I need to find a solution at the router level. With IP-Tables I believe that this can be done with the following rules:
* iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 -j DNAT --to squid-box:3128
* iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT --to iptables-box
* iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT
I am not sure how to accomplish this with the DIR-655 and I am beginning to think that it is not possible. Is this something that is not possible to do with most consumer routers today, or is this just a feature that the DIR-655 does not have?
Sincerely,
dustfinger.
-
There is no command line interface to the 655 not sure about other consumer models, but I would doubt that many of them have command line interfaces either.
-
Thank you for your response davevt31! It is not important to me if the DIR-655 supports a command line interface. I only used the IP-TABLE rules to illustrate that some routers do support what I would like to do. I am simply looking for a way to do port-forwarding to external servers. The key goal is to forward all requests from my LAN over port 80 to an external http proxy server.
Sincerely,
dustfinger.
-
Too bad there is no way to console into the router and have direct access to iptables, it would be nice.
-
Yea, I think your looking for a Cisco type proffesional router. I still don't understand exactly what your trying to do, but I am about 95% sure you can't do it.
-
He's trying to setup a transparent proxy senario from what I gather in which all web traffic gets redirected to a proxy server without having to configure web browsers on client machines to do so, although I'm not sure of his reason use a server outside of the LAN.
-
Hi nicknml,
You are correct, I am trying to setup a transparent proxy scenario where the proxy server is running in a remote environment. The reason is not really that important, but basically they want to use a centralized remote proxy for a number of separate networks. One of the routers being used is the DIR-655. I believe that if I could configure the router to do port forwarding to an external IP, then I would satisfy the requirements for the transparent proxy. I don't think that it is going to be possible though :( Not with the DIR-655 at least.
Is it a common feature for routers to be able to perform port forwarding to external IP addresses, or do most consumer grade routers suffer from the same limitations as the DIR-655?
Sincerely,
dustfinger.
-
You would be better off to setup an inexpensive Linux box to act as a router (a distro such as CentOS works well). The only downsides are that it would consume more power and requires more space than a small router appliance. You can then setup the DIR-655 as an AP if you want wireless connectivity.
If you want an inexpensive PC check this one out:
Fujitsu PRIMERGY TX100 S2 Tower Server System (http://www.newegg.com/Product/Product.aspx?Item=N82E16859115004&Tpk=59-115-004&cm_sp=Cat_Servers-_-Fujitsu/123111-_-http%3a%2f%2fpromotions.newegg.com%2fFujitsu%2f123111%2f696x288.jpg)
You would also of course need a second NIC.
-
He's trying to setup a transparent proxy senario from what I gather in which all web traffic gets redirected to a proxy server without having to configure web browsers on client machines to do so, although I'm not sure of his reason use a server outside of the LAN.
Perhaps I mispoke, I knew what he was doing, I was trying to figure out why. I agree with you that he is probably not going to get the job done with a off the shelf router. Here is something that may be handy (http://www.dd-wrt.com/wiki/index.php/Squid_Transparent_Proxy). Good luck on your endeavors.
-
Hi,
Thank you once again for all of the helpful feedback. Is it a limitation of the DIR-655 that I cannot do port forwarding to an external IP, or is this a very common limitation amongst noncommercial routers?
Sincerely,
dustfinger
-
Hi,
Thank you once again for all of the helpful feedback. Is it a limitation of the DIR-655 that I cannot do port forwarding to an external IP, or is this a very common limitation amongst noncommercial routers?
Sincerely,
dustfinger
It's a common limitation for most consumer routers (unless you install a third-party firmware like dd-wrt but not all routers are supported and installing third-party firmware voids most warranties.)
-
It sounds like he has the technical knowledge to do it, based on his previous post, but I think he might want to go with a business class device if for no better reason but hardware. If your setting this up for a school or library (most common reason for a http proxy yes?) and you have 15-20 computers hooked up to it, your at the limit (and perhaps past) this devices capability. You might see crashes and random drops as resources max out. So either way, if you do manage to get it to work, keep a eye on it.