Ask Ubuntu Asked on January 3, 2022
Am trying to redirect all my computer’s traffic thru my local redsocks service on port 12345. And though https is working for some reason http doesnt appear to be.
/etc/redsocks.conf
base {
log_debug = on;
log_info = on;
log = "file:/var/log/redsocks.log";
daemon = on;
redirector = iptables;
}
redsocks {
local_ip = 0.0.0.0;
local_port = 12345;
ip = proxy.uclv.cu;
port = 3128;
type = http-connect;
login = "MyUser";
password = "MyPassword";
}
iptables configuration
iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 100.64.0.0/10 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 198.18.0.0/15 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
# Anything should be redirected to port 12345
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
# Any tcp connection should be redirected to REDSOCKS chain
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
Executing command sudo iptables -v -x -n -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Executing command sudo iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REDSOCKS tcp -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain REDSOCKS (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/8
RETURN all -- 0.0.0.0/0 10.0.0.0/8
RETURN all -- 0.0.0.0/0 100.64.0.0/10
RETURN all -- 0.0.0.0/0 127.0.0.0/8
RETURN all -- 0.0.0.0/0 169.254.0.0/16
RETURN all -- 0.0.0.0/0 172.16.0.0/12
RETURN all -- 0.0.0.0/0 192.168.0.0/16
RETURN all -- 0.0.0.0/0 198.18.0.0/15
RETURN all -- 0.0.0.0/0 224.0.0.0/4
RETURN all -- 0.0.0.0/0 240.0.0.0/4
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 redir ports 12345
If I try a https site such as https://google.com it works. But if it is a site like http://archive.ubuntu.com/ubuntu/ it doesn’t.
However if i change http-connect to http-relay in the redsocks config file the opposite happens.
Is there any way i can make both http and https work at the same time?
I used transocks (https://github.com/cybozu-go/transocks) instead of redsocks, my iptables config looks like that:
https://gist.github.com/andersondanilo/a28e7165fa8a9700d8ead20a224ecf44
example transocks config:
listen = "0.0.0.0:12345"
# Connect to HTTP Proxy
proxy_url = "http://USER:PASS@HOST:80"
# Connect to socks5 Proxy (you can create with ssh)
# proxy_url = "socks5://10.20.30.40:1080"
[log]
level = "info"
script to configure iptables:
#!/usr/bin/bash
# Transocks: https://github.com/cybozu-go/transocks
# 1. Install: go get -u github.com/cybozu-go/transocks/...
# Note: depending on your vension of go, you will need the env: GO111MODULE=on
# 2. Create a "transocks" user
# 3. Execute: sudo -u transocks $HOME/go/bin/transocks -f transocks.toml
set -e
stty -echoctl
# Point to the transparent socket port (running in an exclusive user)
TRANSOCKS_PORT=12345
TRANSOCKS_USER=transocks
# Redirect all the network of your computer (except transocks user)
REDIRECT_LOCAL_NETWORK=1
# Redirect access point (wifi hotspot)
AP_SUBNET_ENABLED=1
AP_SUBNET_IFACE=ap0
AP_SUBNET_RANGE="192.168.12.0/24"
function action_up()
{
echo "-----------------------------"
echo "# Adding iptables chain rules"
echo "-----------------------------"
iptables -v -t nat -N TRANSOCKS
iptables -v -t nat -A TRANSOCKS -d 0.0.0.0/8 -j RETURN
iptables -v -t nat -A TRANSOCKS -d 10.0.0.0/8 -j RETURN
iptables -v -t nat -A TRANSOCKS -d 100.64.0.0/10 -j RETURN
iptables -v -t nat -A TRANSOCKS -d 127.0.0.0/8 -j RETURN
iptables -v -t nat -A TRANSOCKS -d 169.254.0.0/16 -j RETURN
iptables -v -t nat -A TRANSOCKS -d 172.16.0.0/12 -j RETURN
iptables -v -t nat -A TRANSOCKS -d 192.168.0.0/16 -j RETURN
iptables -v -t nat -A TRANSOCKS -d 198.18.0.0/15 -j RETURN
iptables -v -t nat -A TRANSOCKS -d 224.0.0.0/4 -j RETURN
iptables -v -t nat -A TRANSOCKS -d 240.0.0.0/4 -j RETURN
iptables -v -t nat -A TRANSOCKS -p tcp -j REDIRECT --to-ports $TRANSOCKS_PORT
if [ "$REDIRECT_LOCAL_NETWORK" = 1 ]; then
echo "--------------------------------"
echo "# Redirecting non-transocks user"
echo "--------------------------------"
iptables -v -t nat -A OUTPUT -p tcp -m owner ! --uid-owner $TRANSOCKS_USER -j TRANSOCKS
fi
if [ "$AP_SUBNET_ENABLED" = 1 ]; then
echo "-----------------------"
echo "# Redirecting AP subnet"
echo "-----------------------"
iptables -v -t nat -I PREROUTING -i $AP_SUBNET_IFACE -s $AP_SUBNET_RANGE -j TRANSOCKS
iptables -v -I INPUT -i $AP_SUBNET_IFACE -s $AP_SUBNET_RANGE -p tcp -m tcp --dport $TRANSOCKS_PORT -j ACCEPT
fi
}
function action_down()
{
if [ "$REDIRECT_LOCAL_NETWORK" = 1 ]; then
echo "------------------------------"
echo "# Cleaning non-transocks rules"
echo "------------------------------"
iptables -v -t nat -D OUTPUT -p tcp -m owner ! --uid-owner $TRANSOCKS_USER -j TRANSOCKS
fi
if [ "$AP_SUBNET_ENABLED" = 1 ]; then
echo "--------------------------"
echo "# Cleaning AP subnet rules"
echo "--------------------------"
iptables -v -t nat -D PREROUTING -i $AP_SUBNET_IFACE -s $AP_SUBNET_RANGE -j TRANSOCKS
iptables -v -D INPUT -i $AP_SUBNET_IFACE -s $AP_SUBNET_RANGE -p tcp -m tcp --dport $TRANSOCKS_PORT -j ACCEPT
fi
echo "-----------------------------"
echo "# Cleaning and removing chain"
echo "-----------------------------"
iptables -v -F TRANSOCKS -t nat
iptables -v -X TRANSOCKS -t nat
}
trap 'action_down' SIGINT
action_up
echo
echo "Hit Ctrl+C to remove the ip table rules"
echo
while :
do
sleep 1
done
Answered by Anderson Danilo on January 3, 2022
After trying the answer of Atreyu94 and some other examples this is what worked for me:
base {
log_debug = on;
log_info = on;
log = "file:/var/log/redsocks.log";
daemon = on;
redirector = iptables;
}
redsocks {
local_ip = 0.0.0.0;
local_port = 12345;
ip = my.proxy.dns;
port = 3128;
type = http-connect;
login = "myUser";
password = "myPassword";
}
redsocks {
local_ip = 0.0.0.0;
local_port = 12346;
ip = my.proxy.dns;
port = 3128;
type = http-relay;
login = "myUser";
password = "myPassword";
}
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REDSOCKS tcp -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain REDSOCKS (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/8
RETURN all -- 0.0.0.0/0 10.0.0.0/8
RETURN all -- 0.0.0.0/0 100.64.0.0/10
RETURN all -- 0.0.0.0/0 127.0.0.0/8
RETURN all -- 0.0.0.0/0 169.254.0.0/16
RETURN all -- 0.0.0.0/0 172.16.0.0/12
RETURN all -- 0.0.0.0/0 192.168.0.0/16
RETURN all -- 0.0.0.0/0 198.18.0.0/15
RETURN all -- 0.0.0.0/0 224.0.0.0/4
RETURN all -- 0.0.0.0/0 240.0.0.0/4
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 12346
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 12345
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11371 redir ports 12346
As you can see in my tables i redirect all HTTP traffic to the http-relay port i also redirect the tcp traffic of port 11371 thru the http-relay port i don't even know why that works but it does. That particular redirection i saw it in:
https://jmkhael.io/escape-proxy-hell-with-redsocks/
Also i only redirect OUTPUT traffic because am not working on a server but on my personal computer. If you want to use the computer you are working on as some kind of nat gateway you should consider also using the PREROUTING tables.
Answered by jogarcia on January 3, 2022
The redsocks2 website (https://github.com/semigodking/redsocks) probably explains your problem. This example must be contained in the configuration file. I quote verbatim:
"To make redsocks2 works with GoAgent proxy, you need to set proxy type as 'http-relay' for HTTP protocol and 'http-connect' for HTTPS protocol respectively. Suppose your goagent local proxy is running at the same server as redsocks2, The configuration for forwarding connections to GoAgent is like below:
redsocks {
bind = "192.168.1.1:1081"; //HTTP should be redirect to this port.
relay = "192.168.1.1:8080";
type = http-relay; // Must be 'htt-relay' for HTTP traffic.
autoproxy = 1; // I want autoproxy feature enabled on this section.
// timeout is meaningful when 'autoproxy' is non-zero.
// It specified timeout value when trying to connect to destination
// directly. Default is 10 seconds. When it is set to 0, default
// timeout value will be used.
timeout = 13;
}
redsocks {
bind = "192.168.1.1:1082"; //HTTPS should be redirect to this port.
relay = "192.168.1.1:8080";
type = http-connect; // Must be 'htt-connect' for HTTPS traffic.
autoproxy = 1; // I want autoproxy feature enabled on this section.
// timeout is meaningful when 'autoproxy' is non-zero.
// It specified timeout value when trying to connect to destination
// directly. Default is 10 seconds. When it is set to 0, default
// timeout value will be used.
timeout = 13;
}
"
Answered by Atreyu94 on January 3, 2022
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP