search

semigodking / redsocks

transparent redirector of any TCP/UDP connection to proxy
Apache License 2.0
1.14k stars 246 forks source link

Can we relay both WebRtc and DNS (UDP) through Proxy ? #197

Open Jackychans opened 2 months ago

Jackychans commented 2 months ago

I'm new to redsocks. Just wonder how we can bypass webrtc and DNS leak. Please look at the photo below, the true IP shown from webrtc field and DNS ISP not from proxy country.

Screenshot-20240417-115559

Here is my iptable rule

iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:10053
iptables -t nat -A REDSOCKS -p tcp -d 8.8.8.8:53 -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -p tcp -d 8.8.4.4:53 -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -m owner --uid-owner $(pgrep redsocks2) -j RETURN
iptables -t nat -A REDSOCKS -p tcp -d 65.108.9.147 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -d 65.21.238.216 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -d 192.168.0.0/24 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -d 240.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -p tcp --dport 80 -j REDIRECT --to-ports 12345
iptables -t nat -A REDSOCKS -p tcp --dport 443 -j REDIRECT --to-ports 12345

iptables -t nat -I OUTPUT -j REDSOCKS

iptables -t filter -N REDSOCKS
iptables -t filter -A REDSOCKS -p udp -d 65.108.9.147 -j RETURN
iptables -t filter -A REDSOCKS -p udp -d 65.21.238.216 -j RETURN
iptables -t filter -A REDSOCKS -p udp -d 192.168.0.0/24 -j RETURN
iptables -t filter -A REDSOCKS -p udp -d 10.0.0.0/8 -j RETURN
iptables -t filter -A REDSOCKS -p udp -d 172.16.0.0/12 -j RETURN
iptables -t filter -A REDSOCKS -p udp -d 224.0.0.0/4 -j RETURN
iptables -t filter -A REDSOCKS -p udp -d 240.0.0.0/4 -j RETURN
iptables -t filter -A REDSOCKS -p udp -d 127.0.0.0/8 -j RETURN
iptables -t filter -A REDSOCKS -p udp --dport 80 -j REJECT
iptables -t filter -A REDSOCKS -p udp --dport 443 -j REJECT

iptables -t filter -I OUTPUT -j REDSOCKS

and redsocks.conf

base {log_debug = off;log_info = off;log = "stderr";daemon = on;redirector = iptables; } 
redsocks { bind = "0.0.0.0:12345";relay = "207.246.121.109:15892"; type = socks5; login = "ynureq5v0tg8"; password = "ynureq5v0tg8"; }
redudp { bind = "0.0.0.0:10053";relay = "207.246.121.109:15892"; type = socks5; login = "ynureq5v0tg8"; password = "ynureq5v0tg8"; dest = "8.8.8.8:53"; udp_timeout = 3;}
tcpdns { bind = "127.0.0.1:1053"; tcpdns1 = "8.8.8.8:53"; tcpdns2 = "8.8.4.4:53" ;timeout = 10;}

The expectation is that the webrtc field should show Proxy IP and ISP country should be US Please advise, really appreciate

Jackychans commented 2 months ago

I just add another IP table line iptables -t nat -A REDSOCKS -p udp --dport 19302 -j REDIRECT --to-ports 10053 However, that would block public IP address exposed by webrtc, while I expect webrtc should show proxy IP.

ge9 commented 1 month ago

It's possible. You have to use TPROXY instead of REDIRECT to proxy UDP traffic.