Answer the question
In order to leave comments, you need to log in
Setting up Iptables rules?
Good evening everyone. The problem is the following. Can't set up iptables rules for redsocks. TCP traffic is filtered, ip sock, but dns is still mine. To change them, you need to configure udp. I do not quite understand what and where to direct. Correct me if I'm wrong. As I understand it, you first need to direct traffic to "redudp", that is, 127.0.0.1:10053, then redirect it from this address to "dnstc", that is, 127.0.0.1:5300, and from there send it to the local address of the computer, where all udp traffic comes from, i.e. 127.0.0.1:53. The question is, am I right? And you can see an example of a command with udp filtering in my case. And if it is not correct, then explain what is wrong and suggest how to solve this problem. Thanks in advance. Redsocks.conf
base {
// debug: connection progress & client list on SIGUSR1
log_debug = on;
// info: start and end of client session
log_info = on;
/* possible `log' values are:
* stderr
* "file:/path/to/file"
* syslog:FACILITY facility is any of "daemon", "local0"..."local7"
*/
log = "file:/tmp/reddi.log";
// detach from console
daemon = on;
/* Change uid, gid and root directory, these options require root
* privilegies on startup.
* Note, your chroot may requre /etc/localtime if you write log to syslog.
* Log is opened before chroot & uid changing.
*/
user = redsocks;
group = redsocks;
// chroot = "/var/chroot";
/* possible `redirector' values are:
* iptables - for Linux
* ipf - for FreeBSD
* pf - for OpenBSD
* generic - some generic redirector that MAY work
*/
redirector = iptables;
}
redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 31330;
// `ip' and `port' are IP and tcp-port of proxy-server
// You can also use hostname instead of IP, only one (random)
// address of multihomed host will be used.
ip = 81.165.130.165;
port = 45554;
// known types: socks4, socks5, http-connect, http-relay
type = socks5;
// login = "foobar";
// password = "baz";
}
redudp {
// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
// packets that are sent as replies - and it should be fixed
// if we want NAT to work properly.
local_ip = 127.0.0.1;
local_port = 10053;
// `ip' and `port' of socks5 proxy server.
ip = 81.165.130.165;
port = 45554;
// login = username;
// password = pazzw0rd;
// kernel does not give us this information, so we have to duplicate it
// in both iptables rules and configuration file. By the way, you can
// set `local_ip' to 127.45.67.89 if you need more than 65535 ports to
// forward ;-)
// This limitation may be relaxed in future versions using contrack-tools.
dest_ip = 127.0.0.1;
dest_port = 53;
udp_timeout = 30;
udp_timeout_stream = 180;
}
dnstc {
// fake and really dumb DNS server that returns "truncated answer" to
// every query via UDP, RFC-compliant resolver should repeat same query
// via TCP in this case.
local_ip = 127.0.0.1;
local_port = 5300;
}
// you can add more `redsocks' and `redudp' sections if you need.
iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 31338
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner username -j REDSOCKS
Answer the question
In order to leave comments, you need to log in
I recommend using dnsmasq.
I did not look at the config, since tcp traffic is running, then everything works.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question