I’m looking to try some hands-on experience setting up proxies. However, the proxy I want to setup is a bit unique. My end goal is to be able to do the following:
- Connect a Raspberry Pi to a network using Ethernet or Wi-Fi
- Automatically have the Raspberry Pi (as soon as it is powered on and connected) send its own public IP address (and other relevant proxy information, where applicable) to a home server (and periodically retry sending this information if the server is down)
- Be able to proxy my connection from a separate network through the Raspberry Pi (by simply entering in the IP address and port as a normal proxy) so that my public IP address will now show up as that of the network the Raspberry Pi is connected to
I want to avoid configuring port forwarding for networks the Raspberry Pi is connected to. I can configure port forwarding for the network my home server is connected to, but if possible I would like to avoid that as well (for convenience and security).
I also want to avoid using a third party service (e.g. Linode) to manage the proxy for me. I want the Raspberry Pi to do all the work here, ideally using open source software such as Privoxy or Squid. I want this to be an HTTP proxy. If possible, I would like to encrypt the proxy connection.
I’m not sure if any of this would be possible without port forwarding. Maybe some sort of reverse proxy would help with this. Like with most things, I understand how a proxy such as this could have the potential for misuse. I’m making this post for educational purposes only, so that I can better my understanding of proxies and network security.
Any guides or videos on how to set this up are greatly appreciated. I found a few, but none quite capture what I’m describing here. Most don’t talk about using this across separate networks, only local networks.
Thank you!
I think you may have misunderstood. I’ll try to clarify a bit:
I have a Raspberry Pi, which I’ll connect to, say, a friend’s network called “FriendNet”
I have a computer at home (which I’ll just call my “home computer”) connected to my home network called “HomeNet”
I also have a server connected to HomeNet, which is always active. Let’s call it my “home server”
I would like to proxy my home computer’s connection through the Raspberry Pi, so that my IP address will show up as the public IP address for FriendNet (i.e. tunneling my connection through FriendNet using the Raspberry Pi).
The Raspberry Pi will automatically send the proxy details to my home server, so that I can get the network details of the Raspberry Pi to connect my home computer to it without needing to figure it out manually. That would probably be achieved with a basic Python script.
I’m not trying to setup a home VPN server, but rather use an external network as a non-permanent proxy.
So, you want the traffic to go other way around. Traffic from the HomeNet should go to the internet via FriendNet, right? In that case, if you want the raspberry box to act as a proxy (or vpn) server, you need to forward relevant ports on the FriendNet to your raspberry pi so that your HomeComputer can connect to the raspberry box.
Or you can set up a VPN and route traffic trough that to the other way. Tunnels work both ways, so it’s possible to set up a route/http proxy/whatever trough the VPN tunnel to the internet, even if the raspberry box is the client from VPN server point of view.
I don’t immediately see the benefit of tunneling your traffic trough the FriendNet to the internet, unless you’re trying to bypass some IP block of something other potentially malicious or at least something being on the gray area. But anyways, you need a method for your proxy client to connect to the proxy server. And in generic consumer space, that needs firewall rules and/or port forwarding (altough both are firewall rules, strictly speaking) so that your proxy server on raspberry box is visible to the internet in the first place.
Once your proxy server is visible to the internet it’s just a matter of writing up few scripts for the server box to send a message to the client end that my public IP is <a.b.c.d> and change proxy client configuration accordingly, but you still need some kind of setup for the HomeNet to receive that, likely a dynds-service and maybe some port forwarding.
Again, I personally would set up something like that with a VPN tunnel from raspberry box to the HomeServer, but as I don’t really undestand what you’re going after with setup like this it’s impossible to suggest anything else.
To me it seems like he wants to be able to «bring along» his homenet services without exposing them on the internet.
Tip for OP is to explain wanted outcome, not process to get there. Its hard to do, but gives better results
Besides being able to learn about all of this, this would be the ideal outcome:
I wouldn’t want to make the friend set up port forwarding or configure the Raspberry Pi himself, I want to do as much as I can on my own. And, if that friend ever relocates his residence or changes his ISP, setting it up again should be as easy as him plugging in the Raspberry Pi to the new network and I reconfigure it from my end.
And then your friend is responsible for your actions on the internet. The end goal you described is so vague that at least I wouldn’t let your raspberry connect on my network.
There’s a ton of VPN services which give you the end result you want without potential liability or other issues for your friend. If you just want to tinker, this thread has quite a bit of information to get you started.
I have a feeling OP’s “friends” wont necessarily even be aware hes connected the device to their network. It sounds to me like he wants something he can hide places to take advantage of unsecured or public networks without having to sit there with his laptop doing whatever shady shit he has planned.
Then an exit node is what you want. You can set up with vpn like wireguard using port forward on your side. The raspberry would connect using static ip or dynamic dns.
You can get tailscale basic tier for free, and that will provide an easy to use solution