Redirect external IP request to localhost when routing through Socks Proxy and Redsocks
Opened this issue · 0 comments
This is a question regarding Redsocks and iptables rules. Following is the scenario.
I have two servers server1 - 172.17.0.1
, server2 - 172.17.0.2
. I need to access JMX
port (7199
) on server1
from server2
. Since I have disabled remote JMX on server1
, I cannot access it from server2
via SSH local forwarding(need to access 7199
port with localhost
from server2
). So I have created SSH socks proxy and configured it with Redsocks. It's working fine.
# run socks proxy from service2
ssh -v -N -D 9999 user@172.17.0.1
# configure socks proxy with Redsocks in service2
redsocks {
// redsocks listening port
local_ip = 127.0.0.1;
local_port = 12345;
// socks proxy
ip = 127.0.0.1;
port = 9999;
type = socks5;
}
# configure iptable rules to route the packets to Redsocks in service2
sudo iptables -t nat -N REDSOCKS
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
sudo iptables -t nat -A OUTPUT -p tcp --dport 7199 -j REDSOCKS
sudo iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner <user id> -j REDSOCKS
Now if I connect to the 127.0.0.1:7199
from service2
(e.g telnet localhost 7199
) it will connect to the JMX port(7199
) of server1
. Redsocks route packets correctly to the server1
via socks proxy.
I have another requirement. When coming packets with IP address of the service1
(e.g 172.17.0.1:7199
), I need to redirect them to localhost(127.0.0.1:7199
). For an example, if I connect with 172.17.0.1:7199
from service2
, I need to redirect it to 127.0.0.1:7199
in order to access the JMX port in service1
via socks proxy. Normally IP address redirection can be done with one of the following iptables
rules. Since there are other iptables
rules existing(related to Redsocks) it does not work.
# redirect with host
iptables -t nat -A OUTPUT -p tcp -d 172.17.0.1 -j DNAT --to-destination 127.0.0.1
# redirect with host and port
iptables -t nat -A OUTPUT -p tcp -d 172.17.0.1 --dport 7199 -j DNAT --to-destination 127.0.0.1:7199
How IP address redirection to localhost
can be done in this scenario?