UDP socks5 transparent proxy

[swex]

Hello! Can somebody please help me with transparent UDP proxy configuration: I have remote service UDP service I want to reach via socks5 proxy. here are my redudp part of my redsocks.conf and routing/iptables configuration please tell me what is wrong with it

redudp {             
 local_ip = 127.0.0.1; //localhost
 local_port = 42424; //port I will route traffic to
 ip = 192.168.1.189; //socks5 host
 port = 1080; //socks5  port
 type = socks5;  //its socks5 server
 //login = rc4-md5;  //not used
 //password = "your_passwd";  //not used
 udp_timeout = 20; 
 dest_ip = example.com; //service I want to reach host
 dest_port = 48484; //service I want to reach port
}

ip rule add fwmark 0x01/0x01 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N REDSOCKS2
iptables -t mangle -A REDSOCKS2 -p udp --dport 48484 -j TPROXY --on-port 42424 --tproxy-mark 0x01/0x01
iptables -t mangle -A PREROUTING -j REDSOCKS2

In that case nothing happened. If I add the next rule:

iptables -t nat -A OUTPUT -p udp --dport 42424 -j DNAT --to 192.168.1.189:1080

I can see UDP associate on my socks5 server but nothing on the other end of the client.

[semigodking]

It seems you should use OUTPUT chain in mangle table.

iptables -t mangle -A OUTPUT -j REDSOCKS2

[swex]

no, it doesn't work. In my dmesg I see:

x_tables: ip_tables: TPROXY target: used from hooks PREROUTING/OUTPUT, but only usable from PREROUTING

[fedstryale]

you should mark your connections (-j mark 1) in the OUPUT chain to make it go through your local routing table and enter the PREROUTING chain and TPROXY target. Typically OUPUT connections won't enter the PREROUTING chain and there should be no TPROXY target in the OUPUT chain.