?
Solved

CentOS Redirect All Network Traffic To Local Socks Proxy?

Posted on 2014-08-06
7
Medium Priority
?
1,051 Views
Last Modified: 2014-09-05
Hi Experts,

I have a firewall / router built in CentOS Linux for my entire home network. All traffic routes through it. I have a socks proxy on the box at port 8888, I would love to route ALL internet bound traffic through this proxy. I use APF so my syntax may be different but it's all based on IPTables.

This is what I tried so far:

$IPT -t nat -N RED
$IPT -t nat -A RED -d 127.0.0.0/8 -j RETURN
$IPT -t nat -A RED -d 10.0.0.0/8 -j RETURN
$IPT -t nat -A RED -d 169.254.0.0/16 -j RETURN
$IPT -t nat -A RED -d 172.16.0.0/12 -j RETURN
$IPT -t nat -A RED -d 192.168.0.0/16 -j RETURN
$IPT -t nat -A RED -d 224.0.0.0/4 -j RETURN
$IPT -t nat -A RED -d 240.0.0.0/4 -j RETURN
$IPT -t nat -A RED -p tcp -j REDIRECT --to-port 8888

$IPT -t nat -A OUTPUT -p tcp -j RED

But it didn't work?

I am able to use the socks proxy by setting my web browser to <server ip>:<socks port> and it works great!

Any help would be very much appreciated!

Thank you very much.

Best regards,

dr34m3r
0
Comment
Question by:dr34m3rs
  • 4
  • 3
7 Comments
 
LVL 41

Accepted Solution

by:
noci earned 2000 total points
ID: 40247034
for a socks proxy you need to connect to the proxy and then ask the proxy to do something for you.
So it requires active support in an application.
What you are attempting is transparent proxy, where an application doesn't even know it is proxied.
Try to find the transparent proxy settings on the proxy server (different port) and use that for the redirect.
0
 
LVL 1

Author Comment

by:dr34m3rs
ID: 40259078
I am using SSH as the tunnel on local port 8888 it will autoconvert TCP packets. Just have to figure out the rules to forward all the packets through that port.
0
 
LVL 41

Expert Comment

by:noci
ID: 40259626
that will be a pain... say you connect port 25 (SMTP) then how does ssh know you want to go to 25, the REDIRECT modiefied the number to 8888, if you can to do 21 (FTP) to it get real nice: 21 is now 8888 and all other ports get 8888 too (although the ftp protocol tells the remote system something different)
In short SSH tunnels don't work like that!

SSH tunnels are configure to connect localport say 8025 to remote system X:port 25
and 8021 to remote X:21 where FTP is impossible to transfer like this because it uses MULTIPLE channels where the other ports are random.

What you want is IPSEC or OpenVPN tunnelling in stead and not use -j REDIRECT at all.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:dr34m3rs
ID: 40303537
Sending all TCP data through that port is still what I want to do. Any ideas on how to do it with IPTables? I have seen it done, but I'm not sure how to do it myself....... ?
0
 
LVL 41

Expert Comment

by:noci
ID: 40303919
well in short:
Mapping All protocols / [Languages] (differentiated by port number)   into one port means all clients & servers need to talk one common language [esperanto] identified by it's own portnumber.

There must have been something different liek Mulitple REDIRECT for various protocols to various portnumbers
or maybe you mean proxying, in that case the clienst still needs to talk the proxy protocol BEFORE the real native protocol.
like voice dialing in esperanto before continuing in chinese, english or whatever.
0
 
LVL 1

Author Comment

by:dr34m3rs
ID: 40304632
Yes I completely understand this. SSH tunnel automatically does this for you!

All I have to do is have the command to redirect all TCP for the box to that port number and SSH will dynamically redirect ports and such as needed! It's pretty sweet.
0
 
LVL 1

Author Comment

by:dr34m3rs
ID: 40305851
I'll resolve this on my own, thanks for the "help" ;)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question