[GH-ISSUE #45] 透明代理并设置上游代理无法使用 #20

New issue

Closed

opened 2026-02-27 23:15:04 +03:00 by kerem · 4 comments

kerem commented 2026-02-27 23:15:04 +03:00

Owner

Copy link

Originally created by @Totti0135 on GitHub (Mar 14, 2018).
Original GitHub issue: https://github.com/snail007/goproxy/issues/45

目的

在路由器上使用透明代理并让所有http及https请求都走上游代理。

操作步骤

1.使用命令proxy http --always -t tcp -p :33080 -T tcp -P "10.249.5.7:8001"开启代理
2.按照4.5手册中配置iptables

结果

设备连上路由器，访问https://www.baidu.com页面无法打开，控制台日志如下

2018/03/14 11:23:54 SNI:https://m.baidu.com:443
2018/03/14 11:23:54 use proxy : true, m.baidu.com:443
2018/03/14 11:23:54 conn 192.168.42.216:53850 - 10.249.5.7:8001 connected [m.baidu.com:443]
2018/03/14 11:23:54 conn 192.168.42.216:53850 - 10.249.5.7:8001 released [m.baidu.com:443]
2018/03/14 11:23:54 SNI:https://p41-keyvalueservice.icloud.com:443
2018/03/14 11:23:54 use proxy : true, p41-keyvalueservice.icloud.com:443
2018/03/14 11:23:54 conn 192.168.42.216:53851 - 10.249.5.7:8001 connected [p41-keyvalueservice.icloud.com:443]
2018/03/14 11:23:54 conn 192.168.42.216:53851 - 10.249.5.7:8001 released [p41-keyvalueservice.icloud.com:443]
2018/03/14 11:23:54 SNI:https://p41-keyvalueservice.icloud.com:443
2018/03/14 11:23:54 use proxy : true, p41-keyvalueservice.icloud.com:443
2018/03/14 11:23:54 conn 192.168.42.216:53852 - 10.249.5.7:8001 connected [p41-keyvalueservice.icloud.com:443]
2018/03/14 11:23:54 conn 192.168.42.216:53852 - 10.249.5.7:8001 released [p41-keyvalueservice.icloud.com:443]
2018/03/14 11:23:54 SNI:https://p41-keyvalueservice.icloud.com:443
2018/03/14 11:23:54 use proxy : true, p41-keyvalueservice.icloud.com:443
2018/03/14 11:23:54 conn 192.168.42.216:53853 - 10.249.5.7:8001 connected [p41-keyvalueservice.icloud.com:443]
2018/03/14 11:23:54 conn 192.168.42.216:53853 - 10.249.5.7:8001 released [p41-keyvalueservice.icloud.com:443]
2018/03/14 11:23:54 SNI:https://p41-keyvalueservice.icloud.com:443
2018/03/14 11:23:54 use proxy : true, p41-keyvalueservice.icloud.com:443
2018/03/14 11:23:54 conn 192.168.42.216:53854 - 10.249.5.7:8001 connected [p41-keyvalueservice.icloud.com:443]
2018/03/14 11:23:54 conn 192.168.42.216:53854 - 10.249.5.7:8001 released [p41-keyvalueservice.icloud.com:443]

另外，直接在浏览器中设置代理可以正常访问各网站。

Originally created by @Totti0135 on GitHub (Mar 14, 2018). Original GitHub issue: https://github.com/snail007/goproxy/issues/45 ## 目的 在路由器上使用透明代理并让所有http及https请求都走上游代理。 ## 操作步骤 1.使用命令`proxy http --always -t tcp -p :33080 -T tcp -P "10.249.5.7:8001"`开启代理 2.按照4.5手册中配置iptables ## 结果 设备连上路由器，访问https://www.baidu.com页面无法打开，控制台日志如下 ``` 2018/03/14 11:23:54 SNI:https://m.baidu.com:443 2018/03/14 11:23:54 use proxy : true, m.baidu.com:443 2018/03/14 11:23:54 conn 192.168.42.216:53850 - 10.249.5.7:8001 connected [m.baidu.com:443] 2018/03/14 11:23:54 conn 192.168.42.216:53850 - 10.249.5.7:8001 released [m.baidu.com:443] 2018/03/14 11:23:54 SNI:https://p41-keyvalueservice.icloud.com:443 2018/03/14 11:23:54 use proxy : true, p41-keyvalueservice.icloud.com:443 2018/03/14 11:23:54 conn 192.168.42.216:53851 - 10.249.5.7:8001 connected [p41-keyvalueservice.icloud.com:443] 2018/03/14 11:23:54 conn 192.168.42.216:53851 - 10.249.5.7:8001 released [p41-keyvalueservice.icloud.com:443] 2018/03/14 11:23:54 SNI:https://p41-keyvalueservice.icloud.com:443 2018/03/14 11:23:54 use proxy : true, p41-keyvalueservice.icloud.com:443 2018/03/14 11:23:54 conn 192.168.42.216:53852 - 10.249.5.7:8001 connected [p41-keyvalueservice.icloud.com:443] 2018/03/14 11:23:54 conn 192.168.42.216:53852 - 10.249.5.7:8001 released [p41-keyvalueservice.icloud.com:443] 2018/03/14 11:23:54 SNI:https://p41-keyvalueservice.icloud.com:443 2018/03/14 11:23:54 use proxy : true, p41-keyvalueservice.icloud.com:443 2018/03/14 11:23:54 conn 192.168.42.216:53853 - 10.249.5.7:8001 connected [p41-keyvalueservice.icloud.com:443] 2018/03/14 11:23:54 conn 192.168.42.216:53853 - 10.249.5.7:8001 released [p41-keyvalueservice.icloud.com:443] 2018/03/14 11:23:54 SNI:https://p41-keyvalueservice.icloud.com:443 2018/03/14 11:23:54 use proxy : true, p41-keyvalueservice.icloud.com:443 2018/03/14 11:23:54 conn 192.168.42.216:53854 - 10.249.5.7:8001 connected [p41-keyvalueservice.icloud.com:443] 2018/03/14 11:23:54 conn 192.168.42.216:53854 - 10.249.5.7:8001 released [p41-keyvalueservice.icloud.com:443] ``` 另外，直接在浏览器中设置代理可以正常访问各网站。

kerem closed this issue 2026-02-27 23:15:04 +03:00

kerem commented 2026-02-27 23:15:05 +03:00

Author

Owner

Copy link

@snail007 commented on GitHub (Mar 14, 2018):

iptables规则是什么

<!-- gh-comment-id:373022598 --> @snail007 commented on GitHub (Mar 14, 2018): iptables规则是什么

kerem commented 2026-02-27 23:15:05 +03:00

Author

Owner

Copy link

@Totti0135 commented on GitHub (Mar 14, 2018):

iptables按照如下设置的，没有别的规则

#上级proxy服务端服务器IP地址:
proxy_server_ip=10.249.5.7

#路由器运行proxy监听的端口:
proxy_local_port=33080

iptables -t nat -N PROXY

iptables -t nat -A PROXY -d $proxy_server_ip -j RETURN

iptables -t nat -A PROXY -d 0.0.0.0/8 -j RETURN
iptables -t nat -A PROXY -d 10.0.0.0/8 -j RETURN
iptables -t nat -A PROXY -d 127.0.0.0/8 -j RETURN
iptables -t nat -A PROXY -d 169.254.0.0/16 -j RETURN
iptables -t nat -A PROXY -d 172.16.0.0/12 -j RETURN
iptables -t nat -A PROXY -d 192.168.0.0/16 -j RETURN
iptables -t nat -A PROXY -d 224.0.0.0/4 -j RETURN
iptables -t nat -A PROXY -d 240.0.0.0/4 -j RETURN

iptables -t nat -A PROXY -p tcp --dport 80 -j REDIRECT --to-ports $proxy_local_port
iptables -t nat -A PROXY -p tcp --dport 443 -j REDIRECT --to-ports $proxy_local_port

iptables -t nat -A PREROUTING -p tcp -j PROXY

iptables -t nat -A OUTPUT -p tcp -j PROXY

<!-- gh-comment-id:373024406 --> @Totti0135 commented on GitHub (Mar 14, 2018): iptables按照如下设置的，没有别的规则 ``` #上级proxy服务端服务器IP地址: proxy_server_ip=10.249.5.7 #路由器运行proxy监听的端口: proxy_local_port=33080 iptables -t nat -N PROXY iptables -t nat -A PROXY -d $proxy_server_ip -j RETURN iptables -t nat -A PROXY -d 0.0.0.0/8 -j RETURN iptables -t nat -A PROXY -d 10.0.0.0/8 -j RETURN iptables -t nat -A PROXY -d 127.0.0.0/8 -j RETURN iptables -t nat -A PROXY -d 169.254.0.0/16 -j RETURN iptables -t nat -A PROXY -d 172.16.0.0/12 -j RETURN iptables -t nat -A PROXY -d 192.168.0.0/16 -j RETURN iptables -t nat -A PROXY -d 224.0.0.0/4 -j RETURN iptables -t nat -A PROXY -d 240.0.0.0/4 -j RETURN iptables -t nat -A PROXY -p tcp --dport 80 -j REDIRECT --to-ports $proxy_local_port iptables -t nat -A PROXY -p tcp --dport 443 -j REDIRECT --to-ports $proxy_local_port iptables -t nat -A PREROUTING -p tcp -j PROXY iptables -t nat -A OUTPUT -p tcp -j PROXY ```

kerem commented 2026-02-27 23:15:05 +03:00

Author

Owner

Copy link

@snail007 commented on GitHub (Apr 17, 2018):

我们进行了透明代理的测试，一切正常，写了教程，请参考：https://github.com/snail007/goproxy/wiki/%E9%80%8F%E6%98%8E%E4%BB%A3%E7%90%86

<!-- gh-comment-id:381935968 --> @snail007 commented on GitHub (Apr 17, 2018): 我们进行了透明代理的测试，一切正常，写了教程，请参考：https://github.com/snail007/goproxy/wiki/%E9%80%8F%E6%98%8E%E4%BB%A3%E7%90%86

kerem commented 2026-02-27 23:15:05 +03:00

Author

Owner

Copy link

@snail007 commented on GitHub (Apr 25, 2018):

done

<!-- gh-comment-id:384188993 --> @snail007 commented on GitHub (Apr 25, 2018): done

kerem referenced this issue 2026-02-27 23:17:08 +03:00

[PR #20] [MERGED] 修正文档参数 #480

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v15.2

v15.1

v15.0

Labels

Clear labels   

TODO

  

bug

  

duplicate

  

enhancement

  

good first issue

  

help wanted

  

helpful

  

invalid

  

need-confirm

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

TODO

bug

duplicate

enhancement

good first issue

help wanted

helpful

invalid

need-confirm

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/goproxy#20

No description provided.