What's new

Looking to set up simple + cheap proxy server, advice?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DrVlikhell

New Around Here
Hi everybody! New to the forum, just signed up today because I've been pondering a project and this seems like the best place to ask for suggestions and advice.

So here's the situation, I have cable internet (Motorola modem, Asus AC68U router) and a 4G LTE hotspot (Coolpad Surf). I need to be able to have one web browser on my computer use the hotspot to access the internet, while the rest of the computer (and all other client devices) on the network use the cable internet. I'm currently doing this in a very convoluted manner with a TP-Link router acting as a client AP connecting wirelessly to the hotspot, the TP-Link is then connected via ethernet to a USB ethernet adapter on my computer, the USB adapter is passed through to a VM running Windows, and on the Windows VM I run a small proxy program which is accessible through the VMs virtual network adapter. This actually works flawlessly, but it's convoluted. I'd rather not have to run an entire Windows VM taking up some of my computers resources just to run a 380kb proxy program. I could use an old laptop or micro PC instead of a VM, but again, that's massive overkill for such a small proxy. The proxy doesn't have to do caching, or ad blocking, or anything special. It doesn't even need to authenticate since it's local only.

I have some strict limitations for this project, it must be low power (or else I'd just use an old PC) and it must be inexpensive. I've allotted only $15 to work something out. With the way finances and economies are currently, if I have to spend more than that... there are other areas where that money would be better spent. So $15 it is. Especially since the setup I have now costs zero to keep using as is.

I've come up with two options:
1, use a Raspberry Pi Zero W along with my USB ethernet adapter and run Linux on it with some kind of proxy software, perhaps Squid or Tinyproxy. I already have a suitable power supply, OTG adapter and SD card. A Pi Zero W would run about $15 including shipping. The down side is I know very, very little about Linux and I don't have a micro HDMI adapter, so the install and setup would have to be done headless.

2, use a router with DD-WRT or OpenWrt on it and Privoxy or something similar running directly on that router. There are many DD/OpenWrt friendly routers available on eBay or in thrift stores for $10 to $15, some of which even have 64MB or 128MB ROMs. The down side here is that I don't know if a router based proxy server will do what I want with the router in client AP mode. I can't have it acting as a DHCP server because it will interfere with my main Asus router, and I also can't have it serving up internet from the hotspot to other devices because that would quickly deplete the hotspots data.

I'm leaning towards trying to make it work with a router running as a proxy server, I just don't know if it's possible with the router functioning as a client AP, or which proxy to use... it looks like OpenWrt supports Privoxy, Squid, Tinyproxy and others, none of which I've used before. If you guys have any suggestions on how to make this work I'd love to hear it. Or if someone has an idea for a third option that fits within my limitations I'd love to hear that too. Thanks for reading this far!
 
Here's the thing.

Given your requirements, the biggest problem isn't actually the hardware, but the need to support two different environments on a single PC (at least for the purposes of cost effectiveness), and that pretty much leaves a VM as your only viable option, which of course you're already doing, and it's working flawlessly. OTOH, your proposals have a budget equivalent to a happy meal, you have little to no Linux experience, and you're not even sure if you sacrificed that happy meal for a used router whether it would work as well as your current setup.

I fail to see where any other solution would offer any significant benefit given all those conditions and requirements. But maybe some other members can come up w/ some better ideas.

Personally, I vote for staying exactly where you are!
 
If you mean supporting two different environments on a single PC as in using two different internet connections on a single PC while isolating them from each other... a proxy works perfectly for that since some browsers like Firefox have proxy settings built in and when configured to use a local proxy it will only access the internet via that proxy, while leaving every other piece of software on the computer free to access the internet via the default internet settings of the PC. That part is easy. Creating a proxy server that can connect to a WiFi hotspot is the issue, and is why I'm using the VM. It's a makeshift proxy server is all.

The benefit of setting up a separate proxy server device would be so I could free up the resources used by the VM, since the only purpose of the VM is to be a proxy server. It would speed up boot times, lower memory usage, and lower overall cpu usage on this PC. Not that the VM consumes a ton of resources, but it does consume some, enough that I can see it in a graph.

I may just leave it as is if I can't find a solution that will work for sure since I don't need to change the setup, but moving it to a stand alone device would make me happy.
 
Saw your recent post on dd-wrt forum.

I suppose you can make it work using dd-wrt in client mode w/ the Linksys EA2700. Just beware that client mode can be a bit sketchy on some firmware, esp. w/ FT (FreshTomato). Not sure about dd-wrt. And when it is sketchy, it either doesn't work at all, or may be limited to NO wireless security. That's just something you'll have to try out and see what happens.

You would have to have the LAN side of that router facing the private network, assign it an IP in that same network, and disable its DHCP server. Since I don't know if any proxy servers are available in the Linksys EA2700 builds, you may have to resort to Entware for it (e.g., privoxy). But the biggest limitation for that particular router is that it doesn't have a USB port (at least according to wikidevi), which means the installation of Entware can NOT be made persistent (not unless you get lucky and sufficient JFFS is available). You'd have to install Entware, and the privoxy packages and config files, into the ramdrive (/tmp) w/ every reboot. Plenty of RAM for those purposes, but just not ideal. I've done it myself many times, but usually for things I only needed temporarily, and in a pinch (e.g., tcpdump).

P.S. When using dd-wrt, install the latest builds from the following location (the dd-wrt database has long since stopped being updated).

ftp://ftp.dd-wrt.com/betas/
 
Last edited:
Saw your recent post on dd-wrt forum.

I suppose you can make it work using dd-wrt in client mode w/ the Linksys EA2700. Just beware that client mode can be a bit sketchy on some firmware, esp. w/ FT (FreshTomato). Not sure about dd-wrt. And when it is sketchy, it either doesn't work at all, or may be limited to NO wireless security. That's just something you'll have to try out and see what happens.

You would have to have the LAN side of that router facing the private network, assign it an IP in that same network, and disable its DHCP server. Since I don't know if any proxy servers are available in the Linksys EA2700 builds, you may have to resort to Entware for it (e.g., privoxy). But the biggest limitation for that particular router is that it doesn't have a USB port (at least according to wikidevi), which means the installation of Entware can NOT be made persistent (not unless you get lucky and sufficient JFFS is available). You'd have to install Entware, and the privoxy packages and config files, into the ramdrive (/tmp) w/ every reboot. Plenty of RAM for those purposes, but just not ideal. I've done it myself many times, but usually for things I only needed temporarily, and in a pinch (e.g., tcpdump).

P.S. When using dd-wrt, install the latest builds from the following location (the dd-wrt database has long since stopped being updated).

ftp://ftp.dd-wrt.com/betas/
Thank you very much for that information. Those kinds of issues are exactly what I'm trying to avoid by asking questions ahead of time. You're right that the EA2700 does not have a USB port. Not having a persistent proxy install would be a deal breaker. How can I tell which routers have a proxy server available in their builds, or have the ability to have one installed locally/permanently? Should I look for routers with 128MB flash? I'd prefer to have the proxy installed directly on the router and not on a USB flash drive if possible.

I've also been looking at maybe an Asus N66U which has two USB ports but only 32MB flash, or a D-Link DIR-860L which has 1 USB port but 128MB flash.
 
I could swear I've seen Privoxy built into some build, but I just can't recall where, or whether it was dd-wrt or tomato. I'm using a fairly powerful router right now, the ASUS RT-AC68U, and I find that most of the time it has just about every feature any firmware makes available, and yet I can't find Privoxy (or any other web proxy) for it using either dd-wrt or tomato.

If I can dig out that information, I'll let you know. But I just don't have it at the moment.

Whatever router you choose, it's usually going to be better if it supports both dd-wrt and tomato (specifically, FreshTomato) if only because it gives you more options. And of course, the more flash, the big the builds, and the more likely you'll find the features you want. USB is a necessity if you're forced to use Entware and can't accept the ramdrive as a solution. But you also stated a $15 budget! That's going to be a big problem if your requirements are as I just described. Even a low-budget, 32MB flash, no USB, ASUS RT-N12 D1 will cost you $20-30 on eBay or Amazon!
 
I've seen forum posts where people talk about having Privoxy built into their DD-WRT build, but that's with random routers. I've never seen a list anywhere that talked about what builds have it. I've seen several threads on various forums talking about installing Privoxy or Tinyproxy on OpenWRT, but I think setting up OpenWRT is beyond my abilities. I saw somewhere that said you can install OpenWRT packages on DD-WRT, but I can't remember where that was now.

I too have an RT-AC68U as my main router, though I have it on stock firmware because I don't have it doing anything special and I find that the stock firmware for it is actually pretty good.

I can find an RT-N12 D1 for $17 on eBay right now... but I can get a newer/bigger RT-N66U for $20, though that only has 32MB flash. My target budget is $15 or less, but I might increase it to $20 if I can for sure get it all up and working the way I want. However, for $15 I could get a Raspberry Pi Zero W and have many different options to get a proxy server working on that, which may or may not be more difficult than getting a proxy working on a router. Still, I'm open to learning so maybe that's the better choice.
 
IIRC now, I think it might have been Kong builds that supported Privoxy. Besides BS (Brainslayer), Kong was another dd-wrt developer who managed his own releases, but has long since stopped. And afaik, his repository isn't available (I think it was mirrored for a time, but perhaps not anymore). Besides, he only supported a subset of routers, usually the bigger, more powerful one. So the issue is probably moot.

As far a the Pi Zero, it's my understanding this is the least featured Pi option. I don't use Pi's at all, so I leave it to you to decide if it will meet your needs. But given you're starting from a basic Linux desktop, and your Linux skills are marginal, having to take that desktop environment and transform it into a client mode router, while probably doable, is probably best to avoid. Not unless you're just in it for the learning experience.

I'm just looking for what will work and require the least effort. The RT-N12 D1 doesn't have USB, so that's not really helpful. I was just using it as an example of how even the most basic of routers is going to put you closer to $20 or more. I will say that given the choice of ARM vs. the older MIPS routers, the latter is more likely to NOT have client mode issues, at least in my experience. And many of these routers come in multiple releases, some of which may or may NOT be compatible w/ third-party firmware. In the case of the RT-N66U, it appears to come in both MIPS and ARM (C1?) versions. At least based on what I see in wikidevi.
 
Both of the RT-N66U versions run Broadcom CPUs and I don't know how to tell a MIPS from an ARM on those or any other routers. The issue of WiFi stability in client mode is rather concerning since this really needs to be 99.999% stable. The TP-Link router I have in my convoluted setup now is 100% stable in client mode, but acting as an AP client is part of its intended use case from the factory. I suppose as a worst case scenario I could continue using that router along with a new router running a proxy and just use ethernet on the new router, but I really wanted to lower the complexity of this setup. I'd also still end up with double NAT that way.

The Pi Zero has the same power and specifications as the original Pi model A, just in a smaller and cheaper package. The Pi Zero W is the same but also has Bluetooth and WiFi. Since I only want whatever device I pick to run a proxy server, I don't actually need a Pi to do any routing other than what the proxy server does. The Pi would just have to connect to both WiFi and ethernet networks and run a proxy that's bound to WiFi and listens on ethernet. Since people use the Pi Zero as a VPN server, I assume it should be sufficiently powerful to run a basic proxy server, and sufficiently stable as well.

It seems that finding a router that meets all of the qualifications is getting harder, (cheap, usb, large flash, supported builds, stable as a client) and finding that exact model and hardware revision on eBay (and for a good price) is another difficult task since half of eBay sellers don't show the label. The $20 RT-N66U doesn't show what version it is, and all the rest are more expensive. So perhaps I'll give the Pi Zero a shot. At the very least it will be a learning experience. Also I've already done it in Windows, that's my setup now, so I just have to replicate it in Linux, on a single board computer.

Thanks for the help in deciding which route to go. (pun not intended)
 
Similar threads
Thread starter Title Forum Replies Date
P Wireguard - set peer IP from LAN IP range? Other LAN and WAN 1

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top