Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-22-2012, 06:53 AM
|
#1
|
LQ Newbie
Registered: Jan 2012
Posts: 18
Rep:
|
Tunnel all traffic - The easiest way
Hello to everybody
It an old issue I know and I know also that there is tons of solutions to that on linux systems. But I don't find a single webpage that explains what to do to resolve it because I am newbie.
I have a socks proxy running on localhost or the following ip "a.b.c.d", this proxy is running on port number "P". I would like to tunnel all TCP and UDP as well "if possible" through this proxy.
The proxy didn't require any username or password to use it, and for more info my username is supposed to be "USER" and my hostname is "MACHINE".
I have seem people using proxychain but as I seed, I want all the machine traffic passes through the socks proxy and it is irritating tipping proxychain for each application I want to run, so I am seeking mush more comfortable way to do that.
Thank you
|
|
|
Click here to see the post LQ members have rated as the most helpful post in this thread.
|
01-22-2012, 10:37 AM
|
#2
|
LQ Newbie
Registered: Jan 2012
Posts: 1
Rep:
|
Have you tried searching on Google
|
|
|
01-22-2012, 03:40 PM
|
#3
|
LQ Newbie
Registered: Jan 2012
Posts: 18
Original Poster
Rep:
|
I have searched but I am not able to understand what to do exactly some are using special software and others ssh but I want to clear that the "USER" and "MACHINE" I mention above are not the proxy username and password because it didn't require it at all but those are the username hostname of my linux box that appear in my console when I run it as USER@MACHINE.
|
|
|
01-22-2012, 07:09 PM
|
#4
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by speigel205
I have a socks proxy running on localhost or the following ip "a.b.c.d", this proxy is running on port number "P". I would like to tunnel all TCP and UDP as well "if possible" through this proxy.
|
See the example iptables rules in Transparently Routing Traffic Through Tor.
Quote:
Originally Posted by speigel205
I have seem people using proxychain but as I seed, I want all the machine traffic passes through the socks proxy and it is irritating tipping proxychain for each application I want to run
|
If you're seeding torrents (if that's what you mean with "seeding") there's a few things you could do. First of all run your torrent application from an unprivileged user account as this makes it easier to confine configuration and traffic. In your Desktop Environment (if you run any) set the SOCKS proxy variables and in your shell set the socks_proxy and SOCKS_PROXY (yes both as some applications don't adhere to or parse upper case variable names) to ensure traffic hits the proxy. Configure all network-capable applications and configure their SOCKS proxy settings. Special care needs to be taken with applications that don't understand SOCKS proxies as their traffic needs to be routed through Polipo (HTTP), proxychains, tsocks, socksify or whatever else you chose to use. To avoid having to call the proxy application manually some libraries can be preloaded. Search their documentation for any lines with "LD_PRELOAD" to find out if they support that. Create shortcuts and aliases that prefix the command to run. Use the above iptables rules and set the "-m owner --uid-owner" to the name of the unprivileged user and don't forget to create a "-j LOG" rule right before the "-j DROP" rule to catch traffic leaks. Be aware only SOCKS5 proxies support UDP, AFAIK proxychains does not. Finally note Bittorrent generates about one per cent TCP (tracker connections) and ninety nine per cent UDP so routing huge amounts of UDP traffic over slow networks will kill performance.
|
|
1 members found this post helpful.
|
01-23-2012, 09:51 AM
|
#5
|
LQ Newbie
Registered: Jan 2012
Posts: 18
Original Poster
Rep:
|
Hey their, thank you for your post. Sorry for my bad english I mean "I have seen people using proxychain but as I said". I am not using Tor for that, I can create a socks proxy on localhost port 5678 for example, to use it for example in firefox I go to its settings and in Manual Proxy Configuration I set Socks Host to localhost and port to 5678 and then choose between socks v4 or v5. After that I can navigate normally. But If I can tunnel all traffic into this socks on localhost:5678 it would be better. In ubuntu for example there is a GUI for network proxy so I have an option to apply system wide but it affects only the known protocols which are http, https and ftp but didn't affects others that is why I need an application to redirect all the traffic through localhost:5678.
|
|
|
01-24-2012, 09:26 AM
|
#6
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by speigel205
I am not using Tor
|
You're not reading what I said. I said " See the example iptables rules".
Quote:
Originally Posted by speigel205
If I can tunnel all traffic into this socks on localhost:5678 it would be better. In ubuntu for example there is a GUI for network proxy so I have an option to apply system wide but it affects only the known protocols which are http, https and ftp but didn't affects others that is why I need an application to redirect all the traffic through localhost:5678.
|
So exactly which traffic passes (as in "-j LOG") the firewall rules and measures I wrote about?
|
|
1 members found this post helpful.
|
01-24-2012, 11:42 AM
|
#7
|
LQ Newbie
Registered: Jan 2012
Posts: 18
Original Poster
Rep:
|
I will try the iptables and see what will happens but just if those commands will not break my system if I fail to get it to work i have read that iptables didn't remain and return to its default after reboot, so i will probably try that and see what will happen.
Code:
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner anonymous -m tcp -j REDIRECT --to-ports 9040
iptables -t nat -A OUTPUT ! -o lo -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53
iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --dport 9040 -j ACCEPT
iptables -t filter -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT ! -o lo -m owner --uid-owner anonymous -j DROP
any idea how to addapt that script for my case ? especially the udp port what to put instead ?
regards
|
|
|
01-24-2012, 12:27 PM
|
#8
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by speigel205
I will try the iptables and see what will happens but just if those commands will not break my system
|
Understanding it probably helps: http://www.frozentux.net/documents/iptables-tutorial/
Quote:
Originally Posted by speigel205
if I fail to get it to work i have read that iptables didn't remain and return to its default after reboot, so i will probably try that and see what will happen.
|
As long as you or the firewall init script doesn't save the rules on reboot.
Quote:
Originally Posted by speigel205
any idea how to addapt that script for my case ? especially the udp port what to put instead ?
|
Code:
# Redirect TCP for user USER to port P:
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner USER -m tcp -j REDIRECT --to-ports P
# Redirect UDP, asserting user USER has access to a SOCKS5 proxy:
iptables -t nat -A OUTPUT ! -o lo -p udp -m owner --uid-owner USER -m tcp -j REDIRECT --to-ports P
# Log whatever else tries to escape:
iptables -t nat -A OUTPUT ! -o lo -j LOG --log-prefix "NAT-not-P "
# Ensure nothing else gets redirected:
iptables -t nat -A OUTPUT ! -o lo -j DROP
# Allow TCP:
iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner USER -m tcp --dport P -j ACCEPT
# Allow UDP:
iptables -t filter -A OUTPUT -p udp -m owner --uid-owner USER -m udp --dport P -j ACCEPT
# Log everything:
iptables -t filter -A OUTPUT ! -o lo -j LOG --log-prefix "OUTPUT-not-P "
# ...and drop it:
iptables -t filter -A OUTPUT ! -o lo -m owner --uid-owner USER -j DROP
|
|
2 members found this post helpful.
|
01-24-2012, 02:52 PM
|
#9
|
LQ Newbie
Registered: Jan 2012
Posts: 18
Original Poster
Rep:
|
Thank you very mush for your kind help, thread marked as solved.
|
|
|
01-25-2012, 03:59 PM
|
#10
|
LQ Newbie
Registered: Jan 2012
Posts: 18
Original Poster
Rep:
|
Back again, I want to test for a transparent proxy "if possible of course" or a random socks one so if the ip is a.b.c.d then what is the appropriate command ? the socks 4 didn't support udp so I may try a socks 5 instead.
|
|
|
06-08-2014, 11:22 AM
|
#11
|
Member
Registered: Dec 2013
Location: Spain is pain!
Distribution: linux mint 17 cinnamon 32-bit
Posts: 30
Rep:
|
Hi, I'm using a http proxy with authentication. How would the iptables commands work out for me?
|
|
|
All times are GMT -5. The time now is 05:23 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|