I've had some success with using the router as a HTTP(S) proxy server. How? Well, if you have a program (an HTTP(S) proxy in this case) running the router on, for example, port 5000, and you have Dropbear running on the router, you can do the following:

On a remote machine, set your browser to use "localhost:5000" as the HTTP and HTTPS proxy. Now anything the browser attempts to get will go to that machine's port 5000 instead of to, for example, www.cnn.com.

On the remote machine, run ssh this way:

ssh -L 5000:localhost:5000 admin@your-router-address

This sets up an encrypted "tunnel". The browser sends the request for www.cnn.com to local port 5000, the ssh client takes it, encrypts it, and sends it to the router, the ssh daemon (Dropbear) un-encrypts it and sends it to the router's port 5000 where the proxy fulfills the request to cnn.com and sends the page back though the tunnel to the browser. (see next message)

The router probably can't handle a lot of traffic, so this is probably a 1-user option, but it's handy if, for example, you need to use HTTP(S) from behind a firewall that only allows SSH out, or if you're in a place (school, job, country) that might be interested in your browsing habits.

I would advise setting up the firewall to only allow the ssh port (22) in from the Internet. If you're not careful you'll be offering proxy service to the world!

Obviously you can do this with other proxy programs (IMAP, POP, etc.,). I've only done it with HTTP(S). You need a proxy program that's small and doesn't cache (doesn't use disk for temporary storage, in other words). I've used two:


Internet Junkbuster (http://internet.junkbuster.com/)
micro_proxy (http://www.acme.com/software/micro_proxy/)


(see next message)

The micro_proxy proxy is designed to run from inetd, which isn't on the router. But you can compile BusyBox to give you an inetd daemon. This takes up more runtime RAM, though, so I prefer Junkbuster, which runs as a standalone daemon. Measured performance of the two is about the same (which surprised me - I thought the lack of inetd would give Junkbuster the edge).

I compiled them both with the Linksys toolchain, building them statically with uClibc.

I'd be interested in hearing from others' regarding proxy or other apps ported to the router.

(By the way - you can also compress the stream by using the -C option on the ssh client. Also, for PC users, the Putty terminal program can be used on the client side.)

Originally posted by RCR
The micro_proxy proxy is designed to run from inetd, which isn't on the router. But you can compile BusyBox to give you an inetd daemon. This takes up more runtime RAM, though, so I prefer Junkbuster, which runs as a standalone daemon. Measured performance of the two is about the same (which surprised me - I thought the lack of inetd would give Junkbuster the edge).

I compiled them both with the Linksys toolchain, building them statically with uClibc.

I'd be interested in hearing from others' regarding proxy or other apps ported to the router.

(By the way - you can also compress the stream by using the -C option on the ssh client. Also, for PC users, the Putty terminal program can be used on the client side.)

You can publish your builds somewhere ?

Many Thx

Bump...
Is it possible to publish the binary?

Argh, I'm in China atm and they are blocking sites here like hell, so a encrypted proxy @home would come very handy.

Eric,

Look for the wiki, the package Nylon is working for me, you can set a socks proxy on internet explorer. I'm doing this also using my SSH connection, if you want to encrypt

Here: http://wl500g.info/attachment.php?attachmentid=116

Erik, sorry for the long delay in answering, I haven't visited here in a while. My stuff is here (http://home.comcast.net/~rcrogers/wltools-10.tgz).

Let me know if you find it useful.

RCR, welcome back. :)

Hi RCR, thanks for your bins.
It seems to work just fine for me.

Only had to edit the paths in the ini file and it works

Has anyone gotten a SOCKS proxy working on the 500g? My solution works, but I understand (and could be wrong) that using SOCKS means that the DNS lookup is done on the proxy machine.