librelist archives

« back to archive

Using Redsocks for LAN gateway to SOCKS proxy?

Using Redsocks for LAN gateway to SOCKS proxy?

From:
Jean Seurin
Date:
2014-05-06 @ 10:57
Hi,

my goal is to build a gateway to tunnel transparently (and ultimately
selectively) a LAN internet through a SOCKS proxy.

My original plan was Squid setup as transparent proxy on a 2 NIC (or
virtual NIC) system, which would forward to a Privoxy parent, which in
turn would forward to a SOCKS tunnel.
It works great this way, but when it comes to HTTPS, I don't like the
solution offered by Squid: I don't want to have to mess with
certificates and I don't want to have to add the CA to each every
browser accessing HTTPS sites from the LAN.

I want to keep it simple and transparent for every device on the LAN.

So that's where I want to use Redsocks, but I'm confused on how to
implement it in this setup.
It's pretty clear to set it up for a single computer, but I'm not sure I
understand what it takes to get it working in my desired configuration.
https://github.com/darkk/redsocks/blob/master/doc/balabit-TPROXY-README.txt
really messed up my understanding of it.

Is the idea that it would replace Squid in this situation correct? (Or
maybe it could replace Squid only for HTTPS connections)
If so do I have to do anything special with the kernel to get it working
on a gateway/router?
Or will simple iptables rules be enough to forward all NIC1 TCP traffic
to NIC1 port 12345 ( then with Redsocks to NIC1 privoxy port 8118 or
directly to a SOCKS port ?)

Sorry for shallow understanding of network, hope the question make sense.

/nodje

PS: this is what I got working
redsocks[8951]: [10.0.0.8:57862->74.125.235.199:443]: accepted
redsocks[8951]: [10.0.0.8:57862->74.125.235.199:443]:
socks5_is_known_auth_method: Socks5 server reported unexpected auth
methods reply version...
redsocks[8951]: [10.0.0.8:57862->74.125.235.199:443]: dropping client

redirection to Redsocks seemed to work but Resocks to privoxy link
doesn't seem to work