Please help with IPTables rules to route all TCP & UDP traffic of a user through a SOCKS5 proxy

terente0081 · 09-22-2021, 08:53 PM

Hello everybody, I have a SOCKS5 proxy running on localhost on port 37337, no user/pass, and I want to use iptables rules to route all TCP & UDP traffic of a user through it.
I got these rules from the Tor project, they're supposed to do exactly what I need but they don't work when applied; internet crashes.

iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner terry -m tcp -j REDIRECT --to-ports 37337
iptables -t nat -A OUTPUT ! -o lo -p udp -m owner --uid-owner terry -m udp -j REDIRECT --to-ports 37337
iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner terry -m tcp --dport 37337 -j ACCEPT
iptables -t filter -A OUTPUT -p udp -m owner --uid-owner terry -m udp --dport 37337 -j ACCEPT

User & port are correct. Please help?

Ser Olmy · 10-02-2021, 06:44 AM

SOCKS 5 cannot be used as a transparent proxying service on its own. The application has to be SOCKS-aware.

In other words, simply redirecting packets at the network layer isn't going to work. That's why tools like redsocks exist.

Turbocapitalist · 10-02-2021, 07:21 AM

For just TCP traffic, there is also proxychains4.

terente0081 · 10-03-2021, 07:37 AM

I have both redsocks & proxychains4 installed. So far I have managed to connect to the ssh and have it open socks5 port 37337 on localhost. It works if I configure it in Firefox.
Then, reading from another forum I got this redsocks config:

Code:

base {
 log_debug = on;
 log_info = on;
 log = "stderr";
 daemon = off;
 redirector = iptables;
}

redsocks {
	bind = "127.0.0.1:63015";
	relay = "127.0.0.1:37337";
	type = socks5; // known types: socks4, socks5, http-connect, http-relay
    
	}


redudp	{
	bind="127.0.0.1:10053";
			
	relay="127.0.0.1:37337";
	type=socks5
	}

And theses IP tables rules

Code:

sudo iptables -t nat -N REDSOCKS

sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 37337

sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDSOCKS
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDSOCKS

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDSOCKS
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDSOCKS

But it doesn't work.. I feel like I'm getting closer though.