SOCKet Secure (SOCKS) is an Internet protocol that routes network packets between a client and server through a proxy server. SOCKS5 additionally provides authentication so only authorized users may access a server. Practically, a SOCKS server will proxy TCP connections to an arbitrary IP address as well as providing a means for UDP packets to be forwarded.
As SOCKS (as it was already marked above) transfers all data from a client to a server, nothing adding from itself, from the point of view of a web-server, a socks proxy is a client. Therefore anonymity of this type of proxy servers is really always absolute.
In this article we’ll see how to use redsocks to achieve a SOCKS proxy.
Redsocks allows you to redirect any TCP connection to SOCKS or HTTPS proxy using your firewall, so redirection is system-wide.
Another related issue is DNS over TCP. Redsocks includes `dnstc’ that is fake and really dumb DNS server that returns “truncated answer” to every query via
UDP. RFC-compliant resolver should repeat same query via TCP in this case – so the request can be redirected using usual redsocks facilities.
Why is that useful? these are some examples of use:
- you use tor and don’t want any TCP connection to leak
- you use DVB ISP and this ISP provides internet connectivity with some special daemon that may be also called “Internet accelerator” and this accelerator acts as proxy. Globax is example of such an accelerator
Linux/iptables, OpenBSD/pf and FreeBSD/ipfw are supported. Linux/iptables is well-tested, other implementations may have bugs.
Installation e basic configuration
For Debian/Ubuntu open a terminal and run:
sudo apt-get install iptables git-core libevent libevent-dev git clone http://github.com/darkk/redsocks.git cd redsocks/ make echo 'base{log_debug = on; log_info = on; log = "file:/tmp/reddi.log"; daemon = on; redirector = iptables;} redsocks { local_ip = 127.0.0.1; local_port = 31338; ip = 127.0.0.1; port = 31337; type = socks5; }' > redsocks.conf ./redsocks -c redsocks.conf |
For Redhat/Centos/Fedora open a terminal and run :
yum install iptables libevent libevent-dev wget -O redsocks --no-check-certificate https://github.com/darkk/redsocks/zipball/master unzip redsocks cd /usr/local/redsocks/darkk-redsocks-8839230 #the number could change in the future. make echo 'base{log_debug = on; log_info = on; log = "file:/tmp/reddi.log"; daemon = on; redirector = iptables;} redsocks { local_ip = 127.0.0.1; local_port = 31338; ip = 127.0.0.1; port = 31337; type = socks5; }' > redsocks.conf ./redsocks -c redsocks.conf |
This basic configuration set a socks5 proxy on localhost port 31337.
Iptables configuration
Now we need to configure our local firewall with the following rules, I suggest to put them in a file and then run it.
#!/bin/bash # Create new chain iptables -t nat -N REDSOCKS # Ignore LANs and some other reserved addresses. iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN # Anything else should be redirected to port 31338 iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 31338 # Any tcp connection made by `linuxaria' should be redirected, put your username here. iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner linuxaria -j REDSOCKS |
Start and Stop of redsocks
To start redsocks and iptables
/path/tothe/bin/redsocks -c redsocks.conf /path/tothe/bin/iptables-redsocks.sh |
To stop redsocks and iptables:
sudo iptables -F sudo iptables -X sudo iptables -Z sudo iptables -t nat -F sudo iptables -t nat -X sudo iptables -t nat -Z killall redsocks |
Conclusions
Now – all outbound traffic will be transparently mapped through redsocks to our socks5 proxy.
And thanks to iptables there is no need to adjust any application configurations !
Popular Posts:
- None Found
In the “Installation e basic configuration” section, your blogging software has converted “>” (greater-than) into “& gt ;” (without spaces – ampersand, “g”, “t”, semi-colon).
You just made my life easier friend. Thanks! Now it won’t take long for me to figure everything. It’s all here. Just good.
needed to do one more thing to work
adduser -m redsocks
i’ve got this when make
Dans le fichier inclus à partir de parser.c:29:
utils.h:6:19: erreur: event.h : Aucun fichier ou dossier de ce type
In file included from parser.c:29:
utils.h:43: attention : ‘struct evbuffer’ declared inside parameter list
utils.h:44: erreur: expected declaration specifiers or ‘…’ before ‘evbuffercb’
utils.h:44: erreur: expected declaration specifiers or ‘…’ before ‘everrorcb’
make: *** [parser.o] Erreur 1
hi
thanks for the howto. i have one problem though:
i cannot make connections from the host that runs the iptables and redsocks. i guess there are some iptables entries missing but i cant figure out which
when i test with wget i get the following:
wget -O - http://google.de/
--2013-12-04 20:35:23-- http://google.de/
Resolving google.de (google.de)... 173.194.113.159, 173.194.113.151, 173.194.113.152, ...
Connecting to google.de (google.de)|173.194.113.159|:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.
--2013-12-04 20:35:24-- (try: 2) http://google.de/
Connecting to google.de (google.de)|173.194.113.159|:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.
...
and so on
any ideas?
thanks
smoe
Hey Guys
i need to use it on centos …it it possible ?? im not sure if there is a package for that
2nd thing ….i need help with config such as i redirect to remote socks based on source ip
can anyone help me ???
thankx
smoe,
I have the same errors as yours. Do you get any progress?