Transparent Socks5 application proxying in linux
It took me to somehow start the game, which runs under wine, through a proxy. I picked up the ssh-tunnel, started the game through proxychains, and ... the game could not connect to the server, although chromium worked without problems and showed ip proxies. I tried tsocks - the game did not start at all. Of course, it was possible to configure the VPN tunnel using the same ssh, but the server is a VPS, under OpenVZ, which has TUN turned off by default, which would lead to a letter to tech support and waiting.
So, the five-minute googling led me to the abandoned Transocks project, which, unlike the proxychains and tsocks, which load their libraries and intercept network calls, listens to a specific port and redirects everything that comes to it through socks4 proxy. Unfortunately, the transocks I have not met, and I began to google on. It turns out that the project has two fork: transocks_ev on c and transocks_em on ruby. The first supports Socks5, does not support authorization and UDP. The second supports Socks5, UDP, * BSD, but also, it seems, does not support authorization (I did not find it in the code, but there is no documentation). Since I don't need UDP, I stopped at transocks_ev.
Compiling transocks_ev is very simple: just download the Makefile and transocks_ev.c from the project page, install libevent and execute
We have a transocks_ev binary
Since I raised the ssh tunnel on port 4441, I run transocks_ev with the following parameters:
Now we have a server on port 4445 that will allow all requests through our socks5. A bit like NAT, only on a specific port.
We will redirect packets using iptables. I decided to do something like proxychains, so that you can run any application through a proxy, and not just proxying to an address or port (although it will work for the game).
Create a new group of proxified:
We edit / etc / sudoers so that we can run applications under this group. It must be something like this:
Now let's move on to the iptables settings.
This command will redirect all packets from applications with the proxified group to the transocks server.
')
We start application with group proxified
That's all. This method can be used for guaranteed proxification of the entire system, or even for transparent proxification on the router. If you need to use a proxy with authentication, then install 3proxy locally and specify your proxy in it as a top-level proxy server.
So, the five-minute googling led me to the abandoned Transocks project, which, unlike the proxychains and tsocks, which load their libraries and intercept network calls, listens to a specific port and redirects everything that comes to it through socks4 proxy. Unfortunately, the transocks I have not met, and I began to google on. It turns out that the project has two fork: transocks_ev on c and transocks_em on ruby. The first supports Socks5, does not support authorization and UDP. The second supports Socks5, UDP, * BSD, but also, it seems, does not support authorization (I did not find it in the code, but there is no documentation). Since I don't need UDP, I stopped at transocks_ev.
Assembly
Compiling transocks_ev is very simple: just download the Makefile and transocks_ev.c from the project page, install libevent and execute
makeWe have a transocks_ev binary
tranSOCKS-ev - libevent-based transparent SOCKS5-Proxy
Usage: ./transocks_ev [-f] [-p Port] [-H IP-Address] [-s port] [-S IP-Address]
-f Do not fork into background upon execution
-p Bind our server-socket to this port
-H Listen on this IP-Address for incomming connections
-s Expect SOCKS5-Server on this Port
-S Expect SOCKS5-Server on this IP-AddressSince I raised the ssh tunnel on port 4441, I run transocks_ev with the following parameters:
./transocks_ev -p 4445 -H 127.0.0.1 -s 4441 -S 127.0.0.1Now we have a server on port 4445 that will allow all requests through our socks5. A bit like NAT, only on a specific port.
Customization
We will redirect packets using iptables. I decided to do something like proxychains, so that you can run any application through a proxy, and not just proxying to an address or port (although it will work for the game).
Create a new group of proxified:
sudo groupadd proxifiedWe edit / etc / sudoers so that we can run applications under this group. It must be something like this:
valdikss ALL=(ALL:ALL) ALLNow let's move on to the iptables settings.
sudo iptables -t nat -I OUTPUT -m owner --gid-owner proxified -p tcp -j REDIRECT --to-ports 4445This command will redirect all packets from applications with the proxified group to the transocks server.
')
Launch
We start application with group proxified
sudo -g proxified chromium-browserThat's all. This method can be used for guaranteed proxification of the entire system, or even for transparent proxification on the router. If you need to use a proxy with authentication, then install 3proxy locally and specify your proxy in it as a top-level proxy server.
Source: https://habr.com/ru/post/116360/
All Articles