Skip to content

Instantly share code, notes, and snippets.

@siwtom

siwtom/redsocks.conf

Forked from afriza/redsocks.conf
Created October 28, 2023 01:51
Show Gist options
  • Save siwtom/a44a6dbdb1695b7dd1c58cd4813a4b18 to your computer and use it in GitHub Desktop.
Save siwtom/a44a6dbdb1695b7dd1c58cd4813a4b18 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @afriza afriza revised this gist Jul 21, 2011. 2 changed files with 94 additions and 0 deletions.
    81 changes: 81 additions & 0 deletions redsocks.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,81 @@
    base {
    // debug: connection progress & client list on SIGUSR1
    log_debug = on;

    // info: start and end of client session
    log_info = on;

    /* possible `log' values are:
    * stderr
    * file:/path/to/file
    * syslog:FACILITY facility is any of "daemon", "local0"..."local7"
    */
    log = stderr;

    // detach from console
    daemon = off;

    /* Change uid, gid and root directory, these options require root
    * privilegies on startup.
    * Note, your chroot may requre /etc/localtime if you write log to syslog.
    * Log is opened before chroot & uid changing.
    */
    // user = nobody;
    // group = nobody;
    // chroot = "/var/chroot";

    /* possible `redirector' values are:
    * iptables - for Linux
    * ipf - for FreeBSD
    * pf - for OpenBSD
    * generic - some generic redirector that MAY work
    */
    redirector = iptables;
    }

    redsocks {
    /* `local_ip' defaults to 127.0.0.1 for security reasons,
    * use 0.0.0.0 if you want to listen on every interface.
    * `local_*' are used as port to redirect to.
    */
    local_ip = 0.0.0.0;
    local_port = 12345;

    // `ip' and `port' are IP and tcp-port of proxy-server
    ip = 127.0.0.1;
    port = 1080;


    // known types: socks4, socks5, http-connect, http-relay
    type = socks5;

    // login = "foobar";
    // password = "baz";
    }

    redudp {
    // `local_ip' should not be 0.0.0.0 as it's also used for outgoing
    // packets that are sent as replies - and it should be fixed
    // if we want NAT to work properly.
    local_ip = 127.0.0.1;
    local_port = 10053;

    // `ip' and `port' of socks5 proxy server.
    ip = 127.0.0.1;
    port = 1080;
    //login = username;
    //password = pazzw0rd;

    // kernel does not give us this information, so we have to duplicate it
    // in both iptables rules and configuration file. By the way, you can
    // set `local_ip' to 127.45.67.89 if you need more than 65535 ports to
    // forward ;-)
    // This limitation may be relaxed in future versions using contrack-tools.
    dest_ip = 8.8.8.8;
    dest_port = 53;

    udp_timeout = 30;
    udp_timeout_stream = 180;
    }

    // you can add more `redsocks' and `redudp' sections if you need.
    13 changes: 13 additions & 0 deletions run.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,13 @@
    # at terminal 1
    ssh -D1080 username@server -p443

    # at terminal 2
    ./redsocks -c redsocks.conf
    # no log texts appear after running redsocks!!

    # at terminal 3
    . setup-iptables.sh
    # all runs fine

    # at terminal 4: minicom tty via serial port
    # a bunch of LOGs from iptables appear
  2. @afriza afriza created this gist Jul 21, 2011.
    27 changes: 27 additions & 0 deletions setup-iptables.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,27 @@
    # Create new chain
    iptables -t nat -X REDSOCKS
    iptables -t nat -N REDSOCKS

    # Ignore LANs and some other reserved addresses.
    iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 10.10.1.0/22 -j RETURN
    iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
    iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
    iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
    iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
    iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
    #iptables -t nat -A REDSOCKS -d 122.248.x.x/31 -j RETURN

    iptables -t nat -A REDSOCKS -j LOG -p tcp --syn --log-level info --log-prefix "rs "

    # Anything else should be redirected to port 12345
    #iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
    iptables -t nat -A REDSOCKS -p tcp -j DNAT --to-destination 127.0.0.1:12345

    iptables -t nat -A REDSOCKS -j LOG -p tcp --syn --log-level info --log-prefix "err "

    # Any tcp connection made by `darkk' should be redirected.
    iptables -t nat -I OUTPUT 1 -p tcp -j REDSOCKS
    iptables -t nat -I PREROUTING 1 -p tcp -s 192.168.1.0/22 -j REDSOCKS