Tested with FreeBSD 14.0, ipfw, with redirector=generic.
The main point is setting "IP_BINDANY" to avoid os error 49 (Can't assign requested address) at bound_udp_get(). Also, sizeof(struct sockaddr_in) seems to be required to avoid "Invalid address" error.
This is my script for ipfw/ifconfig.
kldload ipfw
fwcmd=ipfw
ifconfig em0 alias 10.0.2.25 netmask 0xffffff00
$fwcmd add 100 allow all from any to any via lo0
$fwcmd add 500 fwd 127.0.0.1,22222 tcp from 10.0.2.25 to any
$fwcmd add 600 fwd 127.0.0.1,22222 udp from 10.0.2.25 to any
$fwcmd add 700 allow ip from any to any
FreeBSD has firewalls other than IPFW, i.e. pf and ipfilter (ipf).
rdr pass on lo0 proto {tcp, udp} from 10.0.2.25 -> 127.0.0.1 port 22222
pass out quick route-to lo0 from 10.0.2.25
pass
For ipfilter, I couldn't figure out how to set it up for transparent proxy (though it seems supported by redsocks according to documentation).
I also tried pfSense, but strangely, only UDP worked. (TCP packets won't be received by redsocks).
OpenBSD
Tested with OpenBSD 7.5 and pf, redirector=generic.
I added 10.0.2.25 as before, and this is the configuration.
pass # establish keep-state
pass in quick proto {tcp, udp} from 10.0.2.25 to ! 10.0.2.25 divert-to 127.0.0.1 port 22222
pass out quick proto {tcp, udp} from 10.0.2.25 route-to lo0
Added support for FreeBSD/OpenBSD (https://github.com/semigodking/redsocks/issues/200).
FreeBSD
Tested with FreeBSD 14.0, ipfw, with
redirector=generic
.The main point is setting "IP_BINDANY" to avoid os error 49 (Can't assign requested address) at bound_udp_get(). Also,
sizeof(struct sockaddr_in)
seems to be required to avoid "Invalid address" error.This is my script for ipfw/ifconfig.
FreeBSD has firewalls other than IPFW, i.e. pf and ipfilter (ipf).
pf partially worked but destination addresses were obtained as the transparent proxy port (127.0.0.1:22222), useless in actual cases. For TCP, there is a way to get the original destination, but this seems not work for UDP (https://stackoverflow.com/questions/46675715/how-do-i-get-the-original-destination-ip-of-a-redirected-connection-with-pf-on-f#comment119982054_56689694).
FYI, this is my pf configiration.
For ipfilter, I couldn't figure out how to set it up for transparent proxy (though it seems supported by redsocks according to documentation).
I also tried pfSense, but strangely, only UDP worked. (TCP packets won't be received by redsocks).
OpenBSD
Tested with OpenBSD 7.5 and pf,
redirector=generic
.I added 10.0.2.25 as before, and this is the configuration.
To make it work, I added some options like IP_RECVDSTADDR for sockets, according to man page documentation on
divert-to
syntax. https://github.com/ge9/redsocks/commit/65fa263c3ed594531a7d0ae5d5ffeb8bd998602aCurrently it support only IPv4. (IPv6 udp relay seems not supported by redsocks itself)
Also, similarly to FreeBSD, SO_BINDANY is set to avoid os error 49.
If we use
rdr-to
instead ofdivert-to
here, the destination addresses are obtained as 127.0.0.1:22222, much like the behavior of FreeBSD's pf.redirector=pf
doesn't work correctly for TCP, because it's for FreeBSD's pf.I also tried NetBSD which OpenBSD originates from, but it seems that there are no
divert-to
in NetBSD's pf.