Forward all traffic to a socks5 proxy port
Clash Royale CLAN TAG#URR8PPP
I followed this answer: Redirect all non-local traffic to a socks proxy
root@xxx:~# cat /proc/sys/net/ipv4/ip_forward
1
root@xxx:~# netstat -tapln | grep :4545 | grep LISTEN
tcp 0 0 127.0.0.1:4545 0.0.0.0:*
The port works fine when I connect the socks5 through curl:
root@xxx:~# curl -x socks5h://127.0.0.1:4545 ifconfig.co
1.2.3.4
When I run enable iptables rules, i see my computer's ip:
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 4545
root@xxx:~# curl ifconfig.co
9.8.7.6
However, 4545th port is a socks5 proxy. It should be working.
I couldn't figure out what is wrong there.
I tried to use FoxyProxy. It works fine. But I want to redirect all traffic through socks5proxy. How can i do it?
P.S.: I don't have any DROP/REJECT rule in iptables. I have only those 3 rules.
networking iptables ip port-forwarding iptables-redirect
asked Feb 19 at 15:53
user337738user337738
1
add a comment |
I followed this answer: Redirect all non-local traffic to a socks proxy
root@xxx:~# cat /proc/sys/net/ipv4/ip_forward
1
root@xxx:~# netstat -tapln | grep :4545 | grep LISTEN
tcp 0 0 127.0.0.1:4545 0.0.0.0:*
The port works fine when I connect the socks5 through curl:
root@xxx:~# curl -x socks5h://127.0.0.1:4545 ifconfig.co
1.2.3.4
When I run enable iptables rules, i see my computer's ip:
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 4545
root@xxx:~# curl ifconfig.co
9.8.7.6
However, 4545th port is a socks5 proxy. It should be working.
I couldn't figure out what is wrong there.
I tried to use FoxyProxy. It works fine. But I want to redirect all traffic through socks5proxy. How can i do it?
P.S.: I don't have any DROP/REJECT rule in iptables. I have only those 3 rules.
networking iptables ip port-forwarding iptables-redirect
asked Feb 19 at 15:53
user337738user337738
1
add a comment |
I followed this answer: Redirect all non-local traffic to a socks proxy
root@xxx:~# cat /proc/sys/net/ipv4/ip_forward
1
root@xxx:~# netstat -tapln | grep :4545 | grep LISTEN
tcp 0 0 127.0.0.1:4545 0.0.0.0:*
The port works fine when I connect the socks5 through curl:
root@xxx:~# curl -x socks5h://127.0.0.1:4545 ifconfig.co
1.2.3.4
When I run enable iptables rules, i see my computer's ip:
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 4545
root@xxx:~# curl ifconfig.co
9.8.7.6
However, 4545th port is a socks5 proxy. It should be working.
I couldn't figure out what is wrong there.
I tried to use FoxyProxy. It works fine. But I want to redirect all traffic through socks5proxy. How can i do it?
P.S.: I don't have any DROP/REJECT rule in iptables. I have only those 3 rules.
networking iptables ip port-forwarding iptables-redirect
asked Feb 19 at 15:53
user337738user337738
1
I followed this answer: Redirect all non-local traffic to a socks proxy
root@xxx:~# cat /proc/sys/net/ipv4/ip_forward
1
root@xxx:~# netstat -tapln | grep :4545 | grep LISTEN
tcp 0 0 127.0.0.1:4545 0.0.0.0:*
The port works fine when I connect the socks5 through curl:
root@xxx:~# curl -x socks5h://127.0.0.1:4545 ifconfig.co
1.2.3.4
When I run enable iptables rules, i see my computer's ip:
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 4545
root@xxx:~# curl ifconfig.co
9.8.7.6
However, 4545th port is a socks5 proxy. It should be working.
I couldn't figure out what is wrong there.
I tried to use FoxyProxy. It works fine. But I want to redirect all traffic through socks5proxy. How can i do it?
P.S.: I don't have any DROP/REJECT rule in iptables. I have only those 3 rules.
networking iptables ip port-forwarding iptables-redirect
networking iptables ip port-forwarding iptables-redirect
asked Feb 19 at 15:53
user337738user337738
1
asked Feb 19 at 15:53
user337738user337738
1
asked Feb 19 at 15:53
user337738user337738
1
asked Feb 19 at 15:53
user337738user337738
1
asked Feb 19 at 15:53
user337738user337738
1
1
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
First thing: the SOCKS proxy also has to be able to work in some kind of transparent mode (ie: it won't receive a request using the SOCKS protocol but has to handle it anyway using side band information from iptables' REDIRECT action). The Q/A you linked tells the same:
With these rules, the requests arrive to the port on which there must be "something" well configured to get working everything.
So don't expect this solution to do more than what you're asking: to have everything redirected to the SOCKS proxy.
What you're missing is that you're doing the test from the host running the iptables REDIRECT. That means it's not a router for the local outgoing traffic, so the PREROUTING chain is never called.
What you have to use instead (or in addition) is the nat/OUTPUT chain (but see the additional issue described later):
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 4545
If you tried this alone, there would be a loop: the SOCKS proxy (assuming it's really able to work transparently, see above) will now be redirected to itself and nothing will ever go out. The easiest way to avoid this is to have the proxy run with a dedicated user or group to make an exception. So let's assume the proxy is running as user ... proxy, replace above with this instead:
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy -j REDIRECT --to-ports 4545
And/or you can choose to also not redirect the root user for example by also adding this exception before (hence -I here) the previous line:
iptables -t nat -I OUTPUT -p tcp -m owner --uid-owner root -j RETURN
Final remark: REDIRECT has been obsoleted in favor of TPROXY, but its use is a bit more tricky and still requires (different) support from the transparent proxy.
answered Feb 19 at 21:48
A.BA.B
5,2021728
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501623%2fforward-all-traffic-to-a-socks5-proxy-port%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
First thing: the SOCKS proxy also has to be able to work in some kind of transparent mode (ie: it won't receive a request using the SOCKS protocol but has to handle it anyway using side band information from iptables' REDIRECT action). The Q/A you linked tells the same:
With these rules, the requests arrive to the port on which there must be "something" well configured to get working everything.
So don't expect this solution to do more than what you're asking: to have everything redirected to the SOCKS proxy.
What you're missing is that you're doing the test from the host running the iptables REDIRECT. That means it's not a router for the local outgoing traffic, so the PREROUTING chain is never called.
What you have to use instead (or in addition) is the nat/OUTPUT chain (but see the additional issue described later):
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 4545
If you tried this alone, there would be a loop: the SOCKS proxy (assuming it's really able to work transparently, see above) will now be redirected to itself and nothing will ever go out. The easiest way to avoid this is to have the proxy run with a dedicated user or group to make an exception. So let's assume the proxy is running as user ... proxy, replace above with this instead:
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy -j REDIRECT --to-ports 4545
And/or you can choose to also not redirect the root user for example by also adding this exception before (hence -I here) the previous line:
iptables -t nat -I OUTPUT -p tcp -m owner --uid-owner root -j RETURN
Final remark: REDIRECT has been obsoleted in favor of TPROXY, but its use is a bit more tricky and still requires (different) support from the transparent proxy.
answered Feb 19 at 21:48
A.BA.B
5,2021728
add a comment |
First thing: the SOCKS proxy also has to be able to work in some kind of transparent mode (ie: it won't receive a request using the SOCKS protocol but has to handle it anyway using side band information from iptables' REDIRECT action). The Q/A you linked tells the same:
With these rules, the requests arrive to the port on which there must be "something" well configured to get working everything.
So don't expect this solution to do more than what you're asking: to have everything redirected to the SOCKS proxy.
What you're missing is that you're doing the test from the host running the iptables REDIRECT. That means it's not a router for the local outgoing traffic, so the PREROUTING chain is never called.
What you have to use instead (or in addition) is the nat/OUTPUT chain (but see the additional issue described later):
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 4545
If you tried this alone, there would be a loop: the SOCKS proxy (assuming it's really able to work transparently, see above) will now be redirected to itself and nothing will ever go out. The easiest way to avoid this is to have the proxy run with a dedicated user or group to make an exception. So let's assume the proxy is running as user ... proxy, replace above with this instead:
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy -j REDIRECT --to-ports 4545
And/or you can choose to also not redirect the root user for example by also adding this exception before (hence -I here) the previous line:
iptables -t nat -I OUTPUT -p tcp -m owner --uid-owner root -j RETURN
Final remark: REDIRECT has been obsoleted in favor of TPROXY, but its use is a bit more tricky and still requires (different) support from the transparent proxy.
answered Feb 19 at 21:48
A.BA.B
5,2021728
add a comment |
First thing: the SOCKS proxy also has to be able to work in some kind of transparent mode (ie: it won't receive a request using the SOCKS protocol but has to handle it anyway using side band information from iptables' REDIRECT action). The Q/A you linked tells the same:
With these rules, the requests arrive to the port on which there must be "something" well configured to get working everything.
So don't expect this solution to do more than what you're asking: to have everything redirected to the SOCKS proxy.
What you're missing is that you're doing the test from the host running the iptables REDIRECT. That means it's not a router for the local outgoing traffic, so the PREROUTING chain is never called.
What you have to use instead (or in addition) is the nat/OUTPUT chain (but see the additional issue described later):
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 4545
If you tried this alone, there would be a loop: the SOCKS proxy (assuming it's really able to work transparently, see above) will now be redirected to itself and nothing will ever go out. The easiest way to avoid this is to have the proxy run with a dedicated user or group to make an exception. So let's assume the proxy is running as user ... proxy, replace above with this instead:
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy -j REDIRECT --to-ports 4545
And/or you can choose to also not redirect the root user for example by also adding this exception before (hence -I here) the previous line:
iptables -t nat -I OUTPUT -p tcp -m owner --uid-owner root -j RETURN
Final remark: REDIRECT has been obsoleted in favor of TPROXY, but its use is a bit more tricky and still requires (different) support from the transparent proxy.
answered Feb 19 at 21:48
A.BA.B
5,2021728
First thing: the SOCKS proxy also has to be able to work in some kind of transparent mode (ie: it won't receive a request using the SOCKS protocol but has to handle it anyway using side band information from iptables' REDIRECT action). The Q/A you linked tells the same:
With these rules, the requests arrive to the port on which there must be "something" well configured to get working everything.
So don't expect this solution to do more than what you're asking: to have everything redirected to the SOCKS proxy.
What you're missing is that you're doing the test from the host running the iptables REDIRECT. That means it's not a router for the local outgoing traffic, so the PREROUTING chain is never called.
What you have to use instead (or in addition) is the nat/OUTPUT chain (but see the additional issue described later):
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 4545
If you tried this alone, there would be a loop: the SOCKS proxy (assuming it's really able to work transparently, see above) will now be redirected to itself and nothing will ever go out. The easiest way to avoid this is to have the proxy run with a dedicated user or group to make an exception. So let's assume the proxy is running as user ... proxy, replace above with this instead:
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy -j REDIRECT --to-ports 4545
And/or you can choose to also not redirect the root user for example by also adding this exception before (hence -I here) the previous line:
iptables -t nat -I OUTPUT -p tcp -m owner --uid-owner root -j RETURN
Final remark: REDIRECT has been obsoleted in favor of TPROXY, but its use is a bit more tricky and still requires (different) support from the transparent proxy.
answered Feb 19 at 21:48
A.BA.B
5,2021728
edited Feb 19 at 21:53
answered Feb 19 at 21:48
A.BA.B
5,2021728
answered Feb 19 at 21:48
A.BA.B
5,2021728
answered Feb 19 at 21:48
A.BA.B
5,2021728
5,2021728
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501623%2fforward-all-traffic-to-a-socks5-proxy-port%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
