Configuration issue
JeevansSP opened this issue · 9 comments
so first i ran:
sudo apt-get install -y redsocks
everything worked fine
then i went into etc/redsocks.conf and edited it as below,
base {
// debug: connection progress & client list on SIGUSR1
log_debug = off;
// info: start and end of client session
log_info = on;
/* possible `log' values are:
* stderr
* "file:/path/to/file"
* syslog:FACILITY facility is any of "daemon", "local0"..."local7"
*/
log = "syslog:daemon";
// detach from console
daemon = on;
/* Change uid, gid and root directory, these options require root
* privilegies on startup.
* Note, your chroot may requre /etc/localtime if you write log to syslog.
* Log is opened before chroot & uid changing.
*/
user = redsocks;
group = redsocks;
// chroot = "/var/chroot";
/* possible `redirector' values are:
* iptables - for Linux
* ipf - for FreeBSD
* pf - for OpenBSD
* generic - some generic redirector that MAY work
*/
redirector = iptables;
}
redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 12345;
// `ip' and `port' are IP and tcp-port of proxy-server
// You can also use hostname instead of IP, only one (random)
// address of multihomed host will be used.
ip = proxy-ip;
port = port;
// known types: socks4, socks5, http-connect, http-relay
type = socks5;
login = "user";
password = "pass";
}
redudp {
// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
// packets that are sent as replies - and it should be fixed
// if we want NAT to work properly.
local_ip = 127.0.0.1;
local_port = 10053;
// `ip' and `port' of socks5 proxy server.
ip = proxy-ip;
port = port;
login = user;
password = pass;
// kernel does not give us this information, so we have to duplicate it
// in both iptables rules and configuration file. By the way, you can
// set `local_ip' to 127.45.67.89 if you need more than 65535 ports to
// forward ;-)
// This limitation may be relaxed in future versions using contrack-tools.
dest_ip = 8.8.8.8;
dest_port = 53;
udp_timeout = 30;
udp_timeout_stream = 180;
}
dnstc {
// fake and really dumb DNS server that returns "truncated answer" to
// every query via UDP, RFC-compliant resolver should repeat same query
// via TCP in this case.
local_ip = 127.0.0.1;
local_port = 5300;
}
// you can add more `redsocks' and `redudp' sections if you need.
then i ran the following commands as root
iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -p tcp --dport 80 -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -p tcp --dport 443 -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -p tcp --dport 11371 -j REDIRECT --to-ports 12345
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 11371 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDSOCKS
./redsocks -c /etc/redsocks.conf
oot@jeevan-virtual-machine:/usr/sbin# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 694/systemd-resolve
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 857/cupsd
tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN 2909/redsocks
tcp6 0 0 ::1:631 :::* LISTEN 857/cupsd
udp 0 0 127.0.0.1:10053 0.0.0.0:* 2909/redsocks
udp 0 0 0.0.0.0:43130 0.0.0.0:* 746/avahi-daemon: r
udp 0 0 127.0.0.53:53 0.0.0.0:* 694/systemd-resolve
udp 0 0 0.0.0.0:631 0.0.0.0:* 923/cups-browsed
udp 0 0 127.0.0.1:5300 0.0.0.0:* 2909/redsocks
udp 0 0 0.0.0.0:5353 0.0.0.0:* 746/avahi-daemon: r
udp6 0 0 :::58331 :::* 746/avahi-daemon: r
udp6 0 0 :::5353 :::* 746/avahi-daemon: r
everything ran fine
root@jeevan-virtual-machine:/usr/sbin# curl 'https://api.ipify.org?format=json'
curl: (7) Failed to connect to api.ipify.org port 443 after 66 ms: Connection refused
root@LagMachine:/home/f1# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal
any idea what am i doing wrong?? please help me?
Your local_port=12345
, which redsocks listen on this port for connections , why you on your iptables rules, set forwarding port to 12346 ?
iptables -t nat -A REDSOCKS -p tcp --dport 80 -j REDIRECT --to-ports 12346
iptables -t nat -A REDSOCKS -p tcp --dport 443 -j REDIRECT --to-ports 12346
@chromer030 hey i have updated my question
i still get the same result for the curl
iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -p tcp --dport 80 -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -p tcp --dport 443 -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -p tcp --dport 11371 -j REDIRECT --to-ports 12345
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 11371 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDSOCKS
root@jeevan-virtual-machine:/usr/sbin# curl 'https://api.ipify.org?format=json'
curl: (7) Failed to connect to api.ipify.org port 443 after 32 ms: Connection refused
@chromer030 can i message you elsewhere if it is convenient for you? i really want to solve this issue pls
nvm i worked now Thanks
@JeevansSP
And take a look at https://github.com/xjasonlyu/tun2socks
it's a much better and high performance solution.
using tun2socks can i run multiple containers and config each container to a different socks5 proxy ip that i provide?
Just went through the same problem.
The key point is that PREROUTING
is used to forward route settings for other devices, and after JUMP
ing to REDSOCKS
, it then performs REDIRECT
to localhost 12345. however, REDIRECT
doesn't work for non-local devices, so you should use DNAT
instead!