Re: [redsocks] Configure RedSocks for some traffic only
- Leonid Evdokimov
- 2012-06-06 @ 09:58
On Tue, May 29, 2012 at 3:13 PM, José Luis Segura Lucas
> My problem is that my company have two services that doesn't like the
> SOCKS5 proxy, and I expect that using redsocks could help me.
Well, redsocks can't affect services, it can only add "go through
proxy" feature to software that does not have it.
> Imagine that I need to access to the IP 126.96.36.199 (for example). I
> added the following rule to iptables:
> iptables -t nat -A OUTPUT -p all -d 188.8.131.52 -j REDSOCKS
> Is it ok?
`-p all` makes little sense, redsocks can redirect only TCP and UDP,
but it should work. Moreover, you're perfectly right, whole point of
separate REDSOCKS chain is avoidance of breaking LAN connectivity. I
prefer per-user or per-group redirection, that's why I don't want to
duplicate this "avoid LAN" filter over and over again.
If your enterprise uses private IPs - feel free to modify this ad-hoc example :)
> In the other hand, how can I check that redsocks is working properly?
> I'm using Debian and I have modified the default configuration file for
> using my actual SOCKS5 proxy (changes IP and port).
The easiest way is to set "log_info = on" and look at log file.
> Do I need the redudp and dnstc sections of the config file?
Probably, no. redudp is for UDP redirection (think about DNS, VoIP,
video streaming) and dnstc is trivial half-broken solution for DNS
WBRBW, Leonid Evdokimov
xmpp:email@example.com && http://darkk.net.ru
tel:+79816800702 && tel:+79050965222