phantomcraft
commented
3 years ago Just complementing, the connections come from 10.0.0.2 address, perhaps is this what causes this error, maybe Glider only works with 127.0.0.1 address?
Closed phantomcraft closed 3 years ago
phantomcraft
commented
3 years ago Just complementing, the connections come from 10.0.0.2 address, perhaps is this what causes this error, maybe Glider only works with 127.0.0.1 address?
phantomcraft
commented
3 years ago As the logs show, the connection coming from trproxy server reached socks5 server.
I captured the traffic between the two servers: packet_log.zip
Maybe can help in solving this issue.
phantomcraft
commented
3 years ago The tproxy server and socks5 server are working:
I think it's my iptables rules that are missing something that prevents the UDP packet for going through sub-net (eth2).
Can someone help me?
phantomcraft
commented
3 years ago I removed the rule in OUTPUT chain and now it works fine:
ip netns add nsx
ip li add vethx type veth peer name peerx netns nsx
ip li set vethx up
ip addr add 10.0.0.1/24 dev vethx
ip netns exec nsx ip li set lo up
ip netns exec nsx ip li set peerx up
ip netns exec nsx ip addr add 10.0.0.2/24 dev peerx
ip netns exec nsx ip route add default via 10.0.0.1 dev peerx
ip rule add fwmark 1088 table 100
ip route add local default dev vethx table 100
iptables -t mangle -A PREROUTING -i vethx -p udp -j TPROXY --on-ip 10.0.0.1 --on-port 10000 --tproxy-mark 1088
sysctl -w net.ipv4.conf.vethx.forwarding=1===========================
root@localhost:/home/user# ip netns exec nsx dig @1.1.1.1 g.co
; <<>> DiG 9.16.15-Debian <<>> @1.1.1.1 g.co
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1000
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;g.co. IN A
;; ANSWER SECTION:
g.co. 254 IN A 142.250.219.238
;; Query time: 24 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Oct 11 00:58:48 EDT 2021
;; MSG SIZE rcvd: 49==============================================
root@localhost:/home/user# glider -verbose -listen tproxy://10.0.0.1:10000 -forward socks5://127.0.0.1:9000
2021/10/11 01:00:19 group.go:186: [group] only 1 forwarder found, disable health checking
2021/10/11 01:00:19 server.go:78: [tproxyu] listening UDP on 10.0.0.1:10000
2021/10/11 01:00:40 server.go:126: [tproxyu] 10.0.0.2:51264 <-> 1.1.1.1:53 via 127.0.0.1:9000=============================================
root@localhost:/home/user# glider -verbose -listen socks5://127.0.0.1:9000
2021/10/11 01:00:12 group.go:186: [group] only 1 forwarder found, disable health checking
2021/10/11 01:00:12 server.go:38: [socks5] listening TCP on 127.0.0.1:9000
2021/10/11 01:00:12 server.go:107: [socks5] listening UDP on 127.0.0.1:9000
2021/10/11 01:00:40 server.go:150: [socks5u] 127.0.0.1:52516 <-> 1.1.1.1:53 via DIRECT
I want to forward UDP to a sub-net but I'm having problems.
First I launch a local socks5 server:
$ glider -verbose -listen socks5://127.0.0.1:9000And a tproxy proxy:
$ glider -verbose -listen tproxy://10.0.0.1:10000 -forward socks5://127.0.0.1:9000And set iproute2 and iptables rules:
These are the the logs:
The logs are showing that the connection was received by tproxy and socks5 proxy, but the connection is not made in the host.
am I doing something wrong?