linux

Setting up Iptables rules?

Good evening everyone. The problem is the following. Can't set up iptables rules for redsocks. TCP traffic is filtered, ip sock, but dns is still mine. To change them, you need to configure udp. I do not quite understand what and where to direct. Correct me if I'm wrong. As I understand it, you first need to direct traffic to "redudp", that is, 127.0.0.1:10053, then redirect it from this address to "dnstc", that is, 127.0.0.1:5300, and from there send it to the local address of the computer, where all udp traffic comes from, i.e. 127.0.0.1:53. The question is, am I right? And you can see an example of a command with udp filtering in my case. And if it is not correct, then explain what is wrong and suggest how to solve this problem. Thanks in advance. Redsocks.conf

base {
  // debug: connection progress & client list on SIGUSR1
  log_debug = on;

  // info: start and end of client session
  log_info = on;

  /* possible `log' values are:
   *   stderr
   *   "file:/path/to/file"
   *   syslog:FACILITY  facility is any of "daemon", "local0"..."local7"
   */
        log = "file:/tmp/reddi.log";

  // detach from console
  daemon = on;

  /* Change uid, gid and root directory, these options require root
   * privilegies on startup.
   * Note, your chroot may requre /etc/localtime if you write log to syslog.
   * Log is opened before chroot & uid changing.
   */
  user = redsocks;
  group = redsocks;
  // chroot = "/var/chroot";

  /* possible `redirector' values are:
   *   iptables   - for Linux
   *   ipf        - for FreeBSD
   *   pf         - for OpenBSD
   *   generic    - some generic redirector that MAY work
   */
  redirector = iptables;
}

redsocks {
  /* `local_ip' defaults to 127.0.0.1 for security reasons,
   * use 0.0.0.0 if you want to listen on every interface.
   * `local_*' are used as port to redirect to.
   */
  local_ip = 127.0.0.1;
  local_port = 31330;

  // `ip' and `port' are IP and tcp-port of proxy-server
  // You can also use hostname instead of IP, only one (random)
  // address of multihomed host will be used.
  ip = 81.165.130.165;
  port = 45554;

  // known types: socks4, socks5, http-connect, http-relay
  type = socks5;

  // login = "foobar";
  // password = "baz";
}

redudp {
  // `local_ip' should not be 0.0.0.0 as it's also used for outgoing
  // packets that are sent as replies - and it should be fixed
  // if we want NAT to work properly.
  local_ip = 127.0.0.1;
  local_port = 10053;

  // `ip' and `port' of socks5 proxy server.
  ip = 81.165.130.165;
  port = 45554;
  // login = username;
  // password = pazzw0rd;

  // kernel does not give us this information, so we have to duplicate it
  // in both iptables rules and configuration file.  By the way, you can
  // set `local_ip' to 127.45.67.89 if you need more than 65535 ports to
  // forward ;-)
  // This limitation may be relaxed in future versions using contrack-tools.
  dest_ip = 127.0.0.1;
  dest_port = 53;

  udp_timeout = 30;
  udp_timeout_stream = 180;
}

dnstc {
  // fake and really dumb DNS server that returns "truncated answer" to
  // every query via UDP, RFC-compliant resolver should repeat same query
  // via TCP in this case.
  local_ip = 127.0.0.1;
  local_port = 5300;
}

// you can add more `redsocks' and `redudp' sections if you need.

iptables rules

iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 31338
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner username -j REDSOCKS