I am using (socks5)redsocks2(from https://github.com/semigodking/redsocks) at client side to redirect all data packets to an intermediate gateway instead of Application server directly.It works very well in case of tcp packets. But in case of UDP packets it doesnt work at all. Problem is that once the UDP packet comes to redsocks, the Destination Address and port has changed to redsocks local address and port.
I am using below IPTable rules for packet forwarding :-
iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -p tcp --dport 7 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -d xxx.xxx.xxx.xxx --dport 1080 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 0.0.0.0 -j RETURN
iptables -t nat -A REDSOCKS -p udp --dport 53 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports YYYYY
iptables -t nat -A REDSOCKS -p udp -j REDIRECT --to-ports ZZZZZ
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
iptables -t nat -A OUTPUT -p udp -j REDSOCKS
** xxx.xxx.xxx.xxx = intermediate gateway server address
** YYYY, ZZZZ = local ports for redsocks in client device
I am using below redsocks conf file :
base {
log_debug = off;
log_info = off;
daemon = on;
redirector = iptables;
}
redsocks {
local_ip = 127.0.0.1;
local_port = YYYYY;
ip = xxx.xxx.xxx.xxx;
port = MMMM;
type = socks5;
login = "login";
password = "password";
}
redudp {
local_ip = 0.0.0.0;
local_port = ZZZZZ;
ip = xxx.xxx.xxx.xxx;
port = MMMM;
type = socks5;
login = "login";
password = "password";
udp_timeout = 30;udp_timeout_stream = 180;
}
As far as I know, TPROXY works on PREROUTING. It doesn't work on packet generated from local machine(I mean OUTPUT chain). TPROXY can work on router but can not work on origin machine.
Please suggest how can we handle this scenario for udp packet forwarding via redsocks2.
