redsocks
redsocks copied to clipboard
semigodking
UDP socks5 transparent proxy
Hello! Can somebody please help me with transparent UDP proxy configuration:
I have remote service UDP service I want to reach via socks5 proxy.
here are my redudp part of my redsocks.conf and routing/iptables configuration please tell me what is wrong with it
redudp {
local_ip = 127.0.0.1; //localhost
local_port = 42424; //port I will route traffic to
ip = 192.168.1.189; //socks5 host
port = 1080; //socks5 port
type = socks5; //its socks5 server
//login = rc4-md5; //not used
//password = "your_passwd"; //not used
udp_timeout = 20;
dest_ip = example.com; //service I want to reach host
dest_port = 48484; //service I want to reach port
}
ip rule add fwmark 0x01/0x01 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N REDSOCKS2
iptables -t mangle -A REDSOCKS2 -p udp --dport 48484 -j TPROXY --on-port 42424 --tproxy-mark 0x01/0x01
iptables -t mangle -A PREROUTING -j REDSOCKS2
In that case nothing happened. If I add the next rule:
iptables -t nat -A OUTPUT -p udp --dport 42424 -j DNAT --to 192.168.1.189:1080
I can see UDP associate on my socks5 server but nothing on the other end of the client.
It seems you should use OUTPUT chain in mangle table.
iptables -t mangle -A OUTPUT -j REDSOCKS2
no, it doesn't work. In my dmesg I see:
x_tables: ip_tables: TPROXY target: used from hooks PREROUTING/OUTPUT, but only usable from PREROUTING
you should mark your connections (-j mark 1) in the OUPUT chain to make it go through your local routing table and enter the PREROUTING chain and TPROXY target. Typically OUPUT connections won't enter the PREROUTING chain and there should be no TPROXY target in the OUPUT chain.
