How to configure redsocks and iptables on Linux so that only native DNS from SOCKS5 is displayed in DNS?

F

fipini94282022-03-20 13:54:14

linux

fipini9428, 2022-03-20 13:54:14

Hello. I ask for help from network specialists. On Windows, there is a Proxifier program with the "Resolve hostnames through proxy" setting. When it is enabled and DNS check on https://browserleaks.com/dns gives out only native DNS from the proxy:

I am trying to configure also on a router with OpenWrt firmware.
redsocks.conf:

spoiler

base {
        log_debug = on;
        log_info = on;
        log = "syslog:local7";
        daemon = on;
        redirector = iptables;
}
redsocks {
        local_ip = 0.0.0.0; local_port = 12345;
        ip = xxx.xxx.xxx.xxx; port = xxxx; - SOCKS5
        type = socks5;
}
redudp {
        local_ip = 0.0.0.0; local_port = 10053;
        ip = xxx.xxx.xxx.xxx; port = xxxx; - SOCKS5
        dest_ip = 1.1.1.1; dest_port = 53;
        udp_timeout = 30;
        udp_timeout_stream = 180;
}
dnstc {
        local_ip = 127.0.0.1;
        local_port = 5300;
}

Tried three options:
1. redsocks and DNS redirect to redudp port 10053 (in redudp DNS cloudflare settings)

spoiler

iptables -t nat -D REDSOCKS
iptables -t nat -D REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -D REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -D REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -D REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -D REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -D REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -D REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -D REDSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -D REDSOCKS -d 123.8.141.173 -j RETURN
iptables -t nat -D REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -D PREROUTING -p tcp -j REDSOCKS
iptables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 10053
iptables -t nat -D OUTPUT -p tcp -j REDSOCKS
iptables -t nat -D OUTPUT -p udp -j REDSOCKS

Bottom line: DNS cloudflare and DNS proxy are displayed:

2. redsocks and DNS redirect to pdnsd server port 1111 (in pdnsd DNS google settings)

spoiler

iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 1111
iptables -t nat -N REDSOCKS
iptables -t nat -N REDSOCKS_FILTER
iptables -t nat -I REDSOCKS_FILTER -o lo -j RETURN
iptables -t nat -A REDSOCKS_FILTER -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS_FILTER -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS_FILTER -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS_FILTER -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS_FILTER -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS_FILTER -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS_FILTER -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS_FILTER -d 240.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS_FILTER -d 123.8.141.173 -j RETURN
iptables -t nat -A REDSOCKS_FILTER -j REDSOCKS
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port 12345
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS_FILTER
iptables -t nat -A PREROUTING -p tcp -j REDSOCKS_FILTER

Bottom line: google DNS and DNS proxy are displayed

Please tell me what to register or install so that only native DNS are displayed as in the first picture?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

L

leohab75, 2022-03-28
@leohab75

I'm certainly not an expert, but first you need to install the cloudflared client and add to /etc/redsocks.conf

spoiler

base {
log_debug = off;
log_info = off;
//log = "file:/var/log/redsocks.log";
daemon = on;
redirector = iptables;
}
redsocks {
local_ip = 0.0.0.0; //здесь крутится сам
local_port = 8123; //redsocks
ip = 127.0.0.1; //здесь, какой-то прокси
port = 2323; //на этом порту
//Если есть авторизация
//login = "";
//password = "";
type = socks5;
}
dnstc {
local_ip = 127.0.0.1;
local_port = 5153;
}

I have snowflake/tor on 127.0.0.1:2323 and if you configure cloudflared-proxy to 127.0.0.1:53 (according to the instructions), then in the redsox rules set it to 127.0.0.1:5153 iptables -t nat -A REDSOCKS - p tcp --dport 53 -j REDIRECT --to-ports 5153

spoiler

#!/bin/bash
IPTABLES="iptables"
REDSOCKS="redsocks"
REDSOCKSCFG="/etc/redsocks.conf"
if [ "$1" = "start" ]; then
echo '(Re)starting redsocks...'
pkill -U $USER redsocks 2>/dev/null
sleep 1
$REDSOCKS -c $REDSOCKSCFG
iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
#cloudflared
iptables -t nat -A REDSOCKS -p tcp --dport 53 -j REDIRECT --to-ports 5153
iptables -t nat -A REDSOCKS -p udp --dport 53 -j REDIRECT --to-ports 5153
#all tcp/udp to REDSOCKS
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 8123
iptables -t nat -A REDSOCKS -p udp -j REDIRECT --to-ports 8123
#for web standart
#iptables -t nat -A REDSOCKS -p tcp --dport 80 -j REDIRECT --to-ports 8123
#iptables -t nat -A REDSOCKS -p tcp --dport 8080 -j REDIRECT --to-ports 8123
#iptables -t nat -A REDSOCKS -p tcp --dport 443 -j REDIRECT --to-ports 8123
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDSOCKS
echo IPtables reconfigured.
exit 0;
elif [ "$1" = "stop" ]; then
$IPTABLES -t nat -F
$IPTABLES -t nat -X
killall redsocks
exit 0;
echo All be back
else
exit 1;
fi

and you will be happy
in general, I have been dripping on this for a week)) here is the result Yes, I wanted to upload it to github, but there is a limit of 100mb .. so, if you wish, you are welcome. There is really a test version, but you will understand where to dig ..