T
T
trenikiVshtaniki2021-02-25 16:47:09
iptables
trenikiVshtaniki, 2021-02-25 16:47:09

How to wrap subnet traffic in redsocks through ufw?

I set up strongswan vpn, it became necessary to send traffic (all) coming from clients to redsocks, but I can’t figure out how to correctly change the ufw rules for this:

*nat
-A POSTROUTING -s 10.10.10.0/24 -o eth0 -m policy --pol ipsec --dir out -j ACCEPT
-A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE
COMMIT

*mangle
-A FORWARD --match policy --pol ipsec --dir in -s 10.10.10.0/24 -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
COMMIT

после *filter
-A ufw-before-forward --match policy --pol ipsec --dir in --proto esp -s 10.10.10.0/24 -j ACCEPT
-A ufw-before-forward --match policy --pol ipsec --dir out --proto esp -d 10.10.10.0/24 -j ACCEPT

As I understand it, you need to change the network traffic 10.10.10.0/24 to redsox, but how to do it in this case?

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question