CentOS Redirect All Network Traffic To Local Socks Proxy?

Hi Experts,

I have a firewall / router built in CentOS Linux for my entire home network. All traffic routes through it. I have a socks proxy on the box at port 8888, I would love to route ALL internet bound traffic through this proxy. I use APF so my syntax may be different but it's all based on IPTables.

This is what I tried so far:

$IPT -t nat -N RED
$IPT -t nat -A RED -d -j RETURN
$IPT -t nat -A RED -d -j RETURN
$IPT -t nat -A RED -d -j RETURN
$IPT -t nat -A RED -d -j RETURN
$IPT -t nat -A RED -d -j RETURN
$IPT -t nat -A RED -d -j RETURN
$IPT -t nat -A RED -d -j RETURN
$IPT -t nat -A RED -p tcp -j REDIRECT --to-port 8888

$IPT -t nat -A OUTPUT -p tcp -j RED

But it didn't work?

I am able to use the socks proxy by setting my web browser to <server ip>:<socks port> and it works great!

Any help would be very much appreciated!

Thank you very much.

Best regards,

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
for a socks proxy you need to connect to the proxy and then ask the proxy to do something for you.
So it requires active support in an application.
What you are attempting is transparent proxy, where an application doesn't even know it is proxied.
Try to find the transparent proxy settings on the proxy server (different port) and use that for the redirect.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dr34m3rsAuthor Commented:
I am using SSH as the tunnel on local port 8888 it will autoconvert TCP packets. Just have to figure out the rules to forward all the packets through that port.
nociSoftware EngineerCommented:
that will be a pain... say you connect port 25 (SMTP) then how does ssh know you want to go to 25, the REDIRECT modiefied the number to 8888, if you can to do 21 (FTP) to it get real nice: 21 is now 8888 and all other ports get 8888 too (although the ftp protocol tells the remote system something different)
In short SSH tunnels don't work like that!

SSH tunnels are configure to connect localport say 8025 to remote system X:port 25
and 8021 to remote X:21 where FTP is impossible to transfer like this because it uses MULTIPLE channels where the other ports are random.

What you want is IPSEC or OpenVPN tunnelling in stead and not use -j REDIRECT at all.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

dr34m3rsAuthor Commented:
Sending all TCP data through that port is still what I want to do. Any ideas on how to do it with IPTables? I have seen it done, but I'm not sure how to do it myself....... ?
nociSoftware EngineerCommented:
well in short:
Mapping All protocols / [Languages] (differentiated by port number)   into one port means all clients & servers need to talk one common language [esperanto] identified by it's own portnumber.

There must have been something different liek Mulitple REDIRECT for various protocols to various portnumbers
or maybe you mean proxying, in that case the clienst still needs to talk the proxy protocol BEFORE the real native protocol.
like voice dialing in esperanto before continuing in chinese, english or whatever.
dr34m3rsAuthor Commented:
Yes I completely understand this. SSH tunnel automatically does this for you!

All I have to do is have the command to redirect all TCP for the box to that port number and SSH will dynamically redirect ports and such as needed! It's pretty sweet.
dr34m3rsAuthor Commented:
I'll resolve this on my own, thanks for the "help" ;)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.