* iptables redirects packets to local proxy
@ 2013-11-30 16:46 ilic_68
2013-11-30 17:40 ` Phil Oester
0 siblings, 1 reply; 4+ messages in thread
From: ilic_68 @ 2013-11-30 16:46 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 653 bytes --]
Hello,
consider this scenario:
PC1 wants to telnet to SRV1 tcp 40000.
I would like to put a proxy in the middle that receives the
connection, rewrites the destination, sends packet to a local socks proxy (redsocks).
So the scenario would be:
PC1 --> PROXY tcp 20000 [iptables rewrites destination to SRV tcp 40000 --> redsocks 127.0.0.1 tcp 12345] --> SRV1 tcp 40000
I tried:
iptables -t nat -A PREROUTING -p tcp -s $MYSOURCEIP --dport 20000 -j DNAT --to $SRV1:40000
It works, but I know it doesn't go through redsocks.
I just changed the destination for the packets but how can I force them to flow into redsocks?
Thank you for any help, Ilic
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: iptables redirects packets to local proxy
2013-11-30 16:46 ilic_68
@ 2013-11-30 17:40 ` Phil Oester
0 siblings, 0 replies; 4+ messages in thread
From: Phil Oester @ 2013-11-30 17:40 UTC (permalink / raw)
To: ilic_68; +Cc: netfilter
On Sat, Nov 30, 2013 at 09:46:06AM -0700, ilic_68@yopmail.com wrote:
> Hello,
>
> consider this scenario:
>
> PC1 wants to telnet to SRV1 tcp 40000.
>
> I would like to put a proxy in the middle that receives the
> connection, rewrites the destination, sends packet to a local socks proxy (redsocks).
>
> So the scenario would be:
>
> PC1 --> PROXY tcp 20000 [iptables rewrites destination to SRV tcp 40000 --> redsocks 127.0.0.1 tcp 12345] --> SRV1 tcp 40000
Use -j REDIRECT --to 12345
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: iptables redirects packets to local proxy
[not found] <529A42E6.7030504@gmail.com>
@ 2013-11-30 20:17 ` Phil Oester
2013-11-30 21:39 ` Antonio Prado
0 siblings, 1 reply; 4+ messages in thread
From: Phil Oester @ 2013-11-30 20:17 UTC (permalink / raw)
To: Antonio Prado; +Cc: ilic_68, netfilter
On Sat, Nov 30, 2013 at 07:56:22PM +0000, Antonio Prado wrote:
> On 30/11/13 17:40, Phil Oester wrote:
> > Use -j REDIRECT --to 12345
>
> If I get it correctly, the OP wants to redirect to 127.0.0.1:12345 after
> having changed destination address and port to the packets.
> Is that possible anyway?
You have to pick where you want to change the destination to. Either x:12345
or y:40000 - can't have it both ways. Seems the socks proxy should be configured
to send the traffic to y:40000.
Phil
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: iptables redirects packets to local proxy
2013-11-30 20:17 ` iptables redirects packets to local proxy Phil Oester
@ 2013-11-30 21:39 ` Antonio Prado
0 siblings, 0 replies; 4+ messages in thread
From: Antonio Prado @ 2013-11-30 21:39 UTC (permalink / raw)
To: Phil Oester; +Cc: ilic_68, netfilter
On 30/11/13 20:17, Phil Oester wrote:
> Seems the socks proxy should be configured to send the traffic to y:40000.
Right, without using iptables at all for redirecting, socat can do it all.
For example:
socat TCP4-LISTEN:20000,reuseaddr,fork \
SOCKS4:127.0.0.1:A.B.C.D:40000,socksport=12345
--
antonio
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-11-30 21:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <529A42E6.7030504@gmail.com>
2013-11-30 20:17 ` iptables redirects packets to local proxy Phil Oester
2013-11-30 21:39 ` Antonio Prado
2013-11-30 16:46 ilic_68
2013-11-30 17:40 ` Phil Oester
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).