darkk
commented
13 years ago libnetfilter_conntrack support is not implemented yet.
Do you need dynamic UDP redirection? Can you tell me a bit more about your use-case?
Open edir opened 13 years ago
darkk
commented
13 years ago libnetfilter_conntrack support is not implemented yet.
Do you need dynamic UDP redirection? Can you tell me a bit more about your use-case?
edir
commented
13 years ago Hi,
actually i am interested in playing games over a socks5 proxy. I know that the firewall has to let TCP and UDP thru and this is in my case not a problem. The idea is to collect connection from the lan and tunnel them thru the proxyserver.
Another case i had was the problem, that a virtual maschine could not connect to a specific dns-server and was not able to do ntp.
The main problem is, that i dont know in advance which destination and which port will be used. It would be quite nice, if it would be possible to redirect all traffic, that is not directed to your local net thru a proxy.
edir
commented
13 years ago To be more detailed: Some applications, especially from cisco, require a NTP-Server. If they cannot reach the ntp-server, they wont install. Virtualbox nor VMWare Server is able to redirect over Socks5.
Btw: Seems that i closed the issue by error??
darkk
commented
12 years ago https://github.com/darkk/redsocks/commit/709646d59d96cb73a7e70347f37de9823e4e5f14 - initial support for dynamic UDP redirection was commited to master.
pencil
commented
11 years ago I would like to redirect all TCP and UDP traffic through redsocks (v0.4). I came up with the following iptables command:
iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d $SOCKS_SERVER_IP/32 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -p udp -j REDIRECT --to-ports 12346
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
iptables -t nat -A OUTPUT -p udp -j REDSOCKSWhile the TCP redirection does work (Yay! \o/), the UDP redirection does not (connection time out). I can see the following log entries on the server side (running Dante as SOCKS5 server):
Nov 7 15:36:53 server danted[14898]: pass(1): tcp/accept [: $EXTERNAL_CLIENT_IP.6058 -> $SOCKS_SERVER_IP.1080
Nov 7 15:36:54 server danted[14899]: pass(2): udp/udpassociate [: 0.0.0.0.0 -> 0.0.0.0.0And the redsocks log on the client reads like this:
Nov 7 15:36:52 client redsocks[3043]: [10.255.77.143:53948->127.0.0.1:0]: <trace>
Nov 7 15:36:52 client redsocks[3043]: [10.255.77.143:53948->127.0.0.1:0]: got 1st packet from client
Nov 7 15:36:53 client redsocks[3043]: [10.255.77.143:53948->127.0.0.1:0]: <trace>
Nov 7 15:36:54 client[3043]: last message repeated 2 times
Nov 7 15:36:54 client redsocks[3043]: [10.255.77.143:53948->127.0.0.1:0]: Starting UDP relay
Nov 7 15:37:27 client redsocks[3043]: [10.255.77.143:53948->127.0.0.1:0]: Client timeout. First: 1383835012, last_client: 1383835017, last_relay: 0.
Nov 7 15:37:27 client redsocks[3043]: [10.255.77.143:53948->127.0.0.1:0]: Dropping...@darkk: What's the status of UDP redirection? Are there any configuration examples?
Evengard
commented
10 years ago Seems like there is some working UDP redirection with using TPROXY, but I just can't get how to configure the system to make it work? Can you give information about which iptables rules and ip commands should be used (as an example)?
akamensky
commented
6 years ago It's been 8 years since this issue has been open and 4 years since last comment. Did anyone have any success with TPROXY configuration? Any working example? The docs here seriously lack on that side. Only config available for TCP (which is trivial anyway).
swex
commented
5 years ago Are there any news here?
ge9
commented
8 months ago UDP redirection (to any destination) does work for locally-generated packets and incoming packets. It only works with TPROXY, not REDIRECT. I'll add some example in the future.
Hi there! Thank you very much for UDP-support but actually there is a little lack of documentation about how it works. Darkk wrote that there may be a way to dynamicly redirect udp packets with the help of libnetfilter_conntrack but it would be nice if there would be a howto or an example.
It would be great! Thanks.