13

Using Linux, I need a way to route all network traffic of interface enp2s0 through SOCKS4 192.168.1.2:1080 (or any SOCKS proxy for that matter) – something like Proxifier in Windows.  The proxy works fine when manually set in Chrome or Firefox.

OS: Linux Mint 19.1

Things I tried:

  • I set the proxy manually in network settings, but it's just like I didn't set it; Chrome still connects directly.  Here's a screenshot:

  • Proxychains is working great, but I have to manually launch each app individually from the terminal.

I don't know how to use redsocks or iptables (yet).

I hope there's a GUI like Proxifier for Linux, but a terminal (CLI)-based solution is okay.

Improve this question
1

4 Answers 4

Reset to default
12

for the impatient just do the following; assuming that the proxy is example.com:7777 and it's socks5 (change it with your own later)

  • first install redsocks sudo apt-get install redsocks

, make an empty file anywhere and name it redsocks.conf (or whatever), I'll assume it's here /etc/redsocks.conf (change it with your own).

  • edit the file you created (redsocks.conf) as follows
base {
 log_debug = on;
 log_info = on;
 log = "stderr";
 daemon = off;
 redirector = iptables;
}

redsocks {
    local_ip = 127.0.0.1;
    local_port = 12345;

    ip = example.com;
    port = 7777;
    type = socks5;
      // known types: socks4, socks5, http-connect, http-relay

    // login = username;
    // password = password;
        }

change example.com 7777 with your proxy, (note that you can use any local_port other than 12345,it's the local port that we will set an iptable rule to redirect the traffic to, so if you use another, make sure to use it in later steps below)

-- now run redsocks with the config file destination as follows

sudo redsocks -c /etc/redsocks.conf

change with the destination of your redsocks.conf (if you get "bind: Address already in use" try killall redsocks) you can also check if redsocks is bound to local port 12345 with netstat -tulpn

-- now that redsocks is running and ready, let's change the iptables rules to use redsocks. this should be customized to your needs, but if you like to redirect all HTTP and HTTPS packets through the proxy. Define the following rules.

sudo iptables -t nat -N REDSOCKS

sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
    
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
    
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDSOCKS
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDSOCKS
    
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDSOCKS
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDSOCKS

now your http and https traffic should be redirected through example.com:7777

if you want your iptables reset use:

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
Improve this answer
1
  • After I run the two PREROUTING chains, I have no Internet connectivity. Any ideas?
    – shig
    Commented Oct 16, 2019 at 20:52
0

You need to forward all outgoing local traffic using iptables. Not aware of any GUI programs that do it. My use of iptables is limited to either very simple written scripts to call it to build a router, etc or to do a typical host based firewall setup with ufw. There is a GUI for ufw (gufw, imagine that) but I've never used it.

This (closed for being off topic) question/answer should get you started.

https://stackoverflow.com/questions/23180696/linux-iptables-redirect-outgoing-traffic-to-local-port

Improve this answer
1
  • 2
    Redirecting traffic to a local port will not make that traffic SOCKS.
    – Daniel B
    Commented Feb 4, 2019 at 6:57
0

I used your config file, but I faced a problem. And by referring to the reference site and using the main config file, I was able to complete the work.

Since I use v2ray on the system, instead of using the IP and port of the server, I used the IP and output port of v2ray.

This is my sample config code. If you want to use my code, delete the comments.

base {
log_debug = off;
log_info = on;
log = stderr;
daemon = off;
redirector = iptables;
}

redsocks {
local_ip = 127.0.0.1;
local_port = 1082; // I changed port number "12345" to this.
ip = 127.0.0.1; //goes from v2ray
port = 1081; //goes from v2ray
type = socks5;
}

redudp {
local_ip = 127.0.0.1;
local_port = 1083;
ip = 127.0.0.1; //goes from v2ray
port = 1081; //goes from v2ray
dest_ip = 8.8.8.8;
dest_port = 53;
udp_timeout = 30;
udp_timeout_stream = 180;
}
Improve this answer
0

Use mitmproxy to intercept the traffic.

All changes done with sysctl and iptables are reset on reboot. If you want to persist this across reboots, you need to adjust your /etc/sysctl.conf or a newly created /etc/sysctl.d/mitmproxy.conf (see here).

Work-around to redirect traffic originating from the machine itself (Linux)

From mitmproxy docs.

Enable IP forwarding.

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1

Disable ICMP redirects.

If your test device is on the same physical network, your machine shouldn’t inform the device that there’s a shorter route available by skipping the proxy.

sysctl -w net.ipv4.conf.all.send_redirects=0

Create a user to run the mitmproxy

sudo useradd --create-home mitmproxyuser
sudo -u mitmproxyuser -H bash -c 'cd ~ && pip install --user mitmproxy'

Configure the iptables rules.

Then, configure iptables to redirect all traffic from our local machine to mitmproxy. If you run into issues, iptables -t nat -F is a heavy handed way to flush (clear) all the rules from the iptables nat table (which includes any other rules you had configured).

sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 80 -j REDIRECT --to-port 8080
sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 443 -j REDIRECT --to-port 8080
sudo ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 80 -j REDIRECT --to-port 8080
sudo ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 443 -j REDIRECT --to-port 8080

This will redirect the packets from all users other than mitmproxyuser on the machine to mitmproxy. To avoid circularity, run mitmproxy as the user mitmproxyuser.

Run mitmproxy

sudo -u mitmproxyuser -H bash -c '$HOME/.local/bin/mitmproxy --mode transparent --showhost --set block_global=false'
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .