How to route/forward all traffic through transparent proxy(redsocks) using iptables?

linuxuser34

New Member
Credits
104
Hello!
I want to route all traffic through redsocks proxy using iptables.
My redsocks.conf:
Code:
base {
    log_debug = on;
    log_info = on;
    log = "file:/home/user/redsocks.log";
    daemon = on;
    redirector = iptables;
}

redsocks {
    local_ip = 127.0.0.1;
    local_port = 2525;
    
    ip = *proxy ip*;
    port = *proxy port*;
    login = *proxy login*;
    password = *proxy password*;
    type = socks5;
}
Proxy works fine.

My iptables rules:
Code:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 2525 # Route incoming traffic through redsocks.
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 2525 # Route local traffic through redsocks.
sudo iptables -t nat -A POSTROUTING -p tcp -o enp0s3 -j MASQUERADE # Route all traffic through enp0s3 interface.
Also, ipv4 forward enabled.

In local machine (M1) routing works ok, I can access HTTP websites (80 port) through my socks5 proxy.
But it doesn't work from other machine (M2) which is connected to M1 with redsocks through gateway.
I get error: curl: (7) Failed to connect to *host* port 80: Connection refused.
Also, if I delete PREROUTING rule, routing will work from both machines, but M2 will work without proxy, just connect to the Internet directly.
What am I doing wrong?
Thanks in advance!
 


f33dm3bits

Gold Member
Gold Supporter
Credits
24,105
You may need to add a forward rule to allow incoming traffic to on your local network to be forwarded, trying adding these forward rules so that it looks like this.
Code:
iptables -A FORWARD -i enp0s3 -j ACCEPT
iptables -A FORWARD -o enp0s3 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 2525
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 2525
iptables -t nat -A POSTROUTING -p tcp -o enp0s3 -j MASQUERADE
Also I don't think you need the output rule since the output table would only be used if you have a default DROP policy, so also try it without that rule so.
Code:
iptables -A FORWARD -i enp0s3 -j ACCEPT
iptables -A FORWARD -o enp0s3 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 2525
iptables -t nat -A POSTROUTING -p tcp -o enp0s3 -j MASQUERADE
Then test both your local machine and from that other machine on your network.
 

linuxuser34

New Member
Credits
104
You may need to add a forward rule to allow incoming traffic to on your local network to be forwarded, trying adding these forward rules so that it looks like this.
Code:
iptables -A FORWARD -i enp0s3 -j ACCEPT
iptables -A FORWARD -o enp0s3 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 2525
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 2525
iptables -t nat -A POSTROUTING -p tcp -o enp0s3 -j MASQUERADE
Also I don't think you need the output rule since the output table would only be used if you have a default DROP policy, so also try it without that rule so.
Code:
iptables -A FORWARD -i enp0s3 -j ACCEPT
iptables -A FORWARD -o enp0s3 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 2525
iptables -t nat -A POSTROUTING -p tcp -o enp0s3 -j MASQUERADE
Then test both your local machine and from that other machine on your network.
Unfortunately, it didn't help. I still can access the Internet from the local machine, but I still can't do it using other machines connected to the local machine. I want to notice that a traffic routing works fine because I can access to the Internet from other machines only if redsocks redirecting is disabled.
I can just remove the rule iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 2525 and it will work, but without a proxy.

P.S: I use virtual operating systems (virtualbox), the systems are just installed and they don't contain excess programs.
 
Last edited:
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Staff online

Members online


Top