Problem
I followed the instructions on PolarProxys website, but could not get any traffic to pass through (not from the same computer nor a remote one).
Steps to reproduce
Commands run on Ubuntu 20.04 (in order):
mkdir ~/PolarProxy
cd ~/PolarProxy/
curl | tar -xzf -
sudo ./PolarProxy -v -p 443,80 -x /usr/local/share/polarproxy.cer --certhttp 10080 -w ../polarproxy.pcap
sudo iptables -A FORWARD -i eth1 -d 192.168.1.55 -p tcp --dport 10443 -m state --state NEW -j ACCEPT
sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to 192.168.1.55:10443
sudo iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -I FORWARD 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
./PolarProxy -p 10443,80,443 --certhttp 10080 -w - | sudo wireshark -k -i -Result
PolarProxy starts as expected and when accessing the certificate starts to download. The problem is that all other requests fail when setting 192.168.1.55:10443 as a proxy server or adding it to the hosts file (tested on Windows 10). Also the Wireshark window opened by PolarProxy does not display any requests at all, which I would assume it should.
Other info
Ubuntu Local IP-address: 192.168.1.55
Ubuntu network interface: wlan0
Windows Local IP-address: 192.168.1.199
Windows network interface: wlan0
1 Answer
PolarProxy is a transparent proxy, which means that it should not be configured as a "proxy server" in the browser or operating system. Instead, make sure that PolarProxy is configured as the Default Gateway on the Windows PC (check with "ipconfig" command), or forward all TLS traffic from your default gateway/firewall to the PolarProxy IP. Adding static host entries pointing to the PolarProxy IP in the hosts file, as you mentioned, can also work but some browsers might ignore these entries.
The PolarProxy installation instructions show three different types of routing options. Please make sure you choose the right one for your setup.
Routing Option #1: PolarProxy installed on the gateway/firewall
If your Ubuntu PC's IP (192.168.1.55) is configured as the Default Gateway on the Windows PC, then please apply these iptables rules to the Ubuntu machine:
sudo iptables -A INPUT -i eth1 -p tcp --dport 10443 -m state --state NEW -j ACCEPT
sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to 10443Routing Option #2: PolarProxy installed on a separate machine
If your Ubuntu PC is not the default gateway on your "wlan0" network, then you need to apply these iptables rules on your router/firewall (not on the Ubuntu PC):
sudo iptables -A FORWARD -i eth1 -d 192.168.1.55 -p tcp --dport 10443 -m state --state NEW -j ACCEPT
sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to 192.168.1.55:10443
sudo iptables -t nat -A POSTROUTING -o eth1 -d 192.168.1.55 -p tcp --dport 10443 -j MASQUERADE Routing Option #3: PolarProxy on the client PC
Finally, if you want to proxy only local TLS traffic from your Ubuntu machine, which also runs PolarProxy, then use these iptables rule:
sudo iptables -t nat -A OUTPUT -m owner --uid 1000 -p tcp --dport 443 -j REDIRECT --to 10443 Stateful Connection Tracking
The "-m state" rules requires that you have a related or established rule configured. If you don't have that you can add it with:
sudo iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -I FORWARD 1 -m state --state RELATED,ESTABLISHED -j ACCEPTIf your gateway are using the conntrack module instead of state module then you can just change "-m state --state" to "-m conntrack --ctstate".
Avoid running PolarProxy as root
I also noticed that you start PolarProxy on TCP 443 in the provided example command. PolarProxy is designed to allow it to run without root privileges. This is why we set it to listen to TCP port 10443 in our examples. Please make sure you start PolarProxy with "-p 10443,80,443" in order to be compliant with the iptables rules in the instructions.
Disclaimer: This answer was posted by the developer and maintainer of PolarProxy.
6
