Open dev-pingfighter opened 3 years ago
-N should work in your case, it should not lead to bind() errors, because -N address is not used for binding, this address is reported to client. Can you provide more info/log examples?
@z3APA3A, thanks for your reply!
Unfortunately it's not working. I have just checked it, here are the logs:
socksify nc -v -u 3.65.20.100 5000
Sep 27 11:21:20 (1632730880.167427) nc[7661]: info: Dante/client v1.4.2 running
Sep 27 11:21:20 (1632730880.168652) nc[7661]: info: Rconnect(): fd 3, address 3.65.20.100.5000
Sep 27 11:21:20 (1632730880.168785) nc[7661]: info: socks_requestpolish(): searching for direct route for udpassociate, protocol udp, src 0.0.0.0.0, dst 3.65.20.100.5000, authmethod -1
Sep 27 11:21:20 (1632730880.169003) nc[7661]: info: socks_connectroute(): have socks_v5 route (route #1) to 3.65.20.100.5000 via 3.70.44.170.1091
Sep 27 11:21:20 (1632730880.169036) nc[7661]: info: socks_connecthost(): connect to 3.70.44.170.1091 on <N/A> side from 0.0.0.0.0, fd 4. Timeout is -1
Sep 27 11:21:20 (1632730880.211342) nc[7661]: info: socks_connecthost(): connect to 3.70.44.170.1091 from 192.168.0.103.57942 on fd 4 ok (no system error)
Sep 27 11:21:20 (1632730880.211450) nc[7661]: info: socks_negotiate(): initiating socks_v5 negotiation with control-fd 4 (laddr: 192.168.0.103.57942, raddr: 3.70.44.170.1091, protocol: tcp), data-fd 3 (laddr: 192.168.0.103.42342, raddr: N/A, protocol: udp), req.host = 192.168.0.103.42342
Sep 27 11:21:20 (1632730880.211482) nc[7661]: info: negotiate_method(): offering proxy server #2 methods: none, username
Sep 27 11:21:20 (1632730880.251678) nc[7661]: info: negotiate_method(): proxy server selected method username
Sep 27 11:21:20 (1632730880.251721) nc[7661]: info: socks_getusername(): using socks username from environment: "Test"
Sep 27 11:21:20 (1632730880.251734) nc[7661]: info: clientmethod_uname(): offering username "Test", password ******** to server
Sep 27 11:21:20 (1632730880.292351) nc[7661]: info: clientmethod_uname(): received server response: 0x1, 0x0
Sep 27 11:21:20 (1632730880.292389) nc[7661]: info: negotiate_method(): established v5 connection using method 2
Sep 27 11:21:20 (1632730880.292408) nc[7661]: info: socks_sendrequest(): sending request to server: VER: 5 CMD: 3 FLAG: 0 ATYP: 1 address: 192.168.0.103.42342
Sep 27 11:21:50 (1632730910.391959) nc[7661]: info: socks_blacklist(): blacklisting route #1. Reason: premature eof from proxy server while waiting for response
Sep 27 11:21:50 (1632730910.392144) nc[7661]: warning: udpsetup(): socks_negotiate() failed: premature eof from proxy server while waiting for response
Sep 27 11:21:50 (1632730910.392176) nc[7661]: info: Rconnect(): udpsetup() returned no route to 3.65.20.100.5000 for fd 3: premature eof from proxy server while waiting for response
nc: connect to 3.65.20.100 port 5000 (udp) failed: Network is unreachable
#!/bin/3proxy
config /etc/3proxy/3proxy.cfg
nserver 1.0.0.1 nserver 1.1.1.1 nserver 8.8.4.4 nserver 8.8.8.8
nscache 65536
timeouts 1 5 30 60 180 1800 15 60 15 5
log
logformat "-\""+_G{""time_unix"":%t, ""proxy"":{""type:"":""%N"", ""port"":%p}, ""error"":{""code"":""%E""}, ""auth"":{""user"":""%U""}, ""client"":{""ip"":""%C"", ""port"":%c}, ""server"":{""ip"":""%Q"", ""port"":%q}, ""bytes"":{""sent"":%O, ""received"":%I}, ""request"":{""hostname"":""%n""}, ""message"":""%T""}"
maxconn 1024
socks -N3.70.44.170 -e172.31.11.72 -i172.31.11.72 -p1091
flush
3. 3proxy logs
```bash
{"time_unix":1632730852, "proxy":{"type:":"SOCKS", "port":1091}, "error":{"code":"00000"}, "auth":{"user":"-"}, "client":{"ip":"172.31.11.72", "port":1091}, "server":{"ip":"0.0.0.0", "port":0}, "bytes":{"sent":0, "received":0}, "request":{"hostname":"[0.0.0.0]"}, "message":"Accepting connections [1/1686107904]"}
{"time_unix":1632730910, "proxy":{"type:":"SOCK5", "port":1091}, "error":{"code":"00012"}, "auth":{"user":"Test"}, "client":{"ip":"My ISP IP here", "port":57942}, "server":{"ip":"192.168.0.103", "port":42342}, "bytes":{"sent":0, "received":0}, "request":{"hostname":"192.168.0.103"}, "message":"UDPMAP 192.168.0.103:42342"}
3proxy version is 0.9.4
Hey and much thanks for your work! @z3APA3A Hopefully this question will be helpful for everyone else who has the same problem.
So I am trying to set up a socks proxy for tcp and udp connections (via UDP ASSOCIATE) and while it's working fine on DigitalOcean, it's not working on AWS. Basically because when an EC2 instance has a public IPv4 address associated with it (no matter whether it's a public IP from the AWS pool or Elastic IP), it can't bind a socket to the public IP address, because it's statically NAT-ed to the private IP by the Internet Gateway -- the instance itself is not aware of the public IP address (output of
ip addr show
command has no public IP in it). If socks proxy is bound to the private IP or 0.0.0.0 then tcp works just fine, but reported IP for the UDP ASSOCIATE request is a private IP, which means, that sent datagrams from the client are silently dropped and aren't received by the proxy server. I have tried to use-N
flag with the next config:but unfortunately in this case socks proxy returns
00012
code error, which means that socks proxy "failed to bind()" according to this doc https://3proxy.ru/howtoe.asp#ERRORSIt's fair enough! So I have tried to test it by adding secondary ip to the network interface with
sudo ip addr add 18.157.80.150/32 dev eth0
. In this case socks proxy returned no error, but the port has been assigned to an outbound connection. Here are the logs I have so far:I am using dante-client
socksify
to send datagrams:At the same time on the server where socks proxy is installed:
tcp 0 0 172.31.11.72:1091 0.0.0.0: LISTEN 79357/3proxy
udp 0 0 18.157.80.150:43875 0.0.0.0: 79357/3proxy
udp 0 0 172.31.11.72:55948 0.0.0.0:* 79357/3proxy
So as you can see there are no errors, but the bound port of
-N
IP is the opposite of the one I need and reported IP to the UDP ASSOCIATE command is the private IP.Please let me know if I can somehow achieve what I need and if there are any more required data from my side, then I will gladly provide it. Thanks!