Configuration issue

Question

Configuration issue

JeevansSP opened this issue 2 years ago · 9 comments

so first i ran:
sudo apt-get install -y redsocks

everything worked fine
then i went into etc/redsocks.conf and edited it as below,

base {
	// debug: connection progress & client list on SIGUSR1
	log_debug = off;

	// info: start and end of client session
	log_info = on;

	/* possible `log' values are:
	 *   stderr
	 *   "file:/path/to/file"
	 *   syslog:FACILITY  facility is any of "daemon", "local0"..."local7"
	 */
	log = "syslog:daemon";

	// detach from console
	daemon = on;

	/* Change uid, gid and root directory, these options require root
	 * privilegies on startup.
	 * Note, your chroot may requre /etc/localtime if you write log to syslog.
	 * Log is opened before chroot & uid changing.
	 */
	user = redsocks;
	group = redsocks;
	// chroot = "/var/chroot";

	/* possible `redirector' values are:
	 *   iptables   - for Linux
	 *   ipf        - for FreeBSD
	 *   pf         - for OpenBSD
	 *   generic    - some generic redirector that MAY work
	 */
	redirector = iptables;
}

redsocks {
	/* `local_ip' defaults to 127.0.0.1 for security reasons,
	 * use 0.0.0.0 if you want to listen on every interface.
	 * `local_*' are used as port to redirect to.
	 */
	local_ip = 127.0.0.1;
	local_port = 12345;

	// `ip' and `port' are IP and tcp-port of proxy-server
	// You can also use hostname instead of IP, only one (random)
	// address of multihomed host will be used.
	ip = proxy-ip;
	port = port;


	// known types: socks4, socks5, http-connect, http-relay
	type = socks5;

	 login = "user";
	 password = "pass";
}

redudp {
	// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
	// packets that are sent as replies - and it should be fixed
	// if we want NAT to work properly.
	local_ip = 127.0.0.1;
	local_port = 10053;

	// `ip' and `port' of socks5 proxy server.
	ip = proxy-ip;
	port = port;
	login = user;
	password = pass;

	// kernel does not give us this information, so we have to duplicate it
	// in both iptables rules and configuration file.  By the way, you can
	// set `local_ip' to 127.45.67.89 if you need more than 65535 ports to
	// forward ;-)
	// This limitation may be relaxed in future versions using contrack-tools.
	dest_ip = 8.8.8.8;
	dest_port = 53;

	udp_timeout = 30;
	udp_timeout_stream = 180;
}

dnstc {
	// fake and really dumb DNS server that returns "truncated answer" to
	// every query via UDP, RFC-compliant resolver should repeat same query
	// via TCP in this case.
	local_ip = 127.0.0.1;
	local_port = 5300;
}

// you can add more `redsocks' and `redudp' sections if you need.

then i ran the following commands as root

iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

iptables -t nat -A REDSOCKS -p tcp --dport 80 -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -p tcp --dport 443 -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -p tcp --dport 11371 -j REDIRECT --to-ports 12345

iptables -t nat -A OUTPUT -p tcp -j REDSOCKS

iptables -t nat -A PREROUTING -p tcp --dport 11371 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDSOCKS

./redsocks -c /etc/redsocks.conf


oot@jeevan-virtual-machine:/usr/sbin# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      694/systemd-resolve 
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      857/cupsd           
tcp        0      0 127.0.0.1:12345         0.0.0.0:*               LISTEN      2909/redsocks       
tcp6       0      0 ::1:631                 :::*                    LISTEN      857/cupsd           
udp        0      0 127.0.0.1:10053         0.0.0.0:*                           2909/redsocks       
udp        0      0 0.0.0.0:43130           0.0.0.0:*                           746/avahi-daemon: r 
udp        0      0 127.0.0.53:53           0.0.0.0:*                           694/systemd-resolve 
udp        0      0 0.0.0.0:631             0.0.0.0:*                           923/cups-browsed    
udp        0      0 127.0.0.1:5300          0.0.0.0:*                           2909/redsocks       
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           746/avahi-daemon: r 
udp6       0      0 :::58331                :::*                                746/avahi-daemon: r 
udp6       0      0 :::5353                 :::*                                746/avahi-daemon: r

everything ran fine

root@jeevan-virtual-machine:/usr/sbin# curl 'https://api.ipify.org?format=json'
curl: (7) Failed to connect to api.ipify.org port 443 after 66 ms: Connection refused

root@LagMachine:/home/f1#  lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.4 LTS
Release:        20.04
Codename:       focal

any idea what am i doing wrong?? please help me?

Answer 1 · 2022-05-09T16:12:55.000Z

@darkk pls help

Answer 2 · 2022-05-09T17:54:45.000Z

Your local_port=12345 , which redsocks listen on this port for connections , why you on your iptables rules, set forwarding port to 12346 ?

iptables -t nat -A REDSOCKS -p tcp --dport 80 -j REDIRECT --to-ports 12346
iptables -t nat -A REDSOCKS -p tcp --dport 443 -j REDIRECT --to-ports 12346

Answer 3 · 2022-05-09T18:08:31.000Z

@chromer030 hey i have updated my question
i still get the same result for the curl

iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

iptables -t nat -A REDSOCKS -p tcp --dport 80 -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -p tcp --dport 443 -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -p tcp --dport 11371 -j REDIRECT --to-ports 12345

iptables -t nat -A OUTPUT -p tcp -j REDSOCKS

iptables -t nat -A PREROUTING -p tcp --dport 11371 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDSOCKS

root@jeevan-virtual-machine:/usr/sbin# curl 'https://api.ipify.org?format=json'
curl: (7) Failed to connect to api.ipify.org port 443 after 32 ms: Connection refused

Answer 4 · 2022-05-09T18:09:07.000Z

@chromer030 can i message you elsewhere if it is convenient for you? i really want to solve this issue pls

Answer 5 · 2022-05-09T18:33:34.000Z

nvm i worked now Thanks

Answer 6 · 2022-05-10T08:07:58.000Z

@JeevansSP
And take a look at https://github.com/xjasonlyu/tun2socks
it's a much better and high performance solution.

Answer 7 · 2022-05-12T08:39:32.000Z

using tun2socks can i run multiple containers and config each container to a different socks5 proxy ip that i provide?

Answer 8 · 2022-05-12T08:40:07.000Z

@chromer030 @darkk @kanzure

Answer 9 · 2023-12-12T14:28:45.000Z

Just went through the same problem.
The key point is that PREROUTING is used to forward route settings for other devices, and after JUMPing to REDSOCKS, it then performs REDIRECT to localhost 12345. however, REDIRECT doesn't work for non-local devices, so you should use DNAT instead!