[Privoxy-users] Privoxy on router firmwares poses a huge security risk
richard lucassen
mailinglists at lucassen.org
Wed Jan 1 20:22:36 UTC 2020
On Tue, 31 Dec 2019 16:45:47 -0500
Lee <ler762 at gmail.com> wrote:
> What the OP needs to do is figure out how to do pbr on traffic coming
> from privoxy so that traffic not for the internal network goes out via
> the vpn. But I don't know if it's possible to have a pbr rule that
> applies only to packets coming from one specific service on the router
> :(
I don't know if this resolves OP's problem, but using "iptables" you can
force privoxy to use a different outgoing ip, assuming that privoxy runs
as user "privoxy". E.g. a router has ip 192.168.1.1 on outgoing
interface eth0, just add an extra ip:
ip address add 192.168.1.2/32 dev eth0
then:
iptables -t nat -A POSTROUTING -o eth0 -m owner --uid-owner privoxy \
-j SNAT --to-source 192.168.1.2
after that, force traffic from 192.168.1.2 to use e.g. table 10:
ip rule add from 192.168.1.2 lookup 10
Disclaimer: not tested, just my 2 cts.
R.
--
richard lucassen
http://contact.xaq.nl/
More information about the Privoxy-users
mailing list