/etc/redsocks.conf
base {
log_debug = off;
log_info = on;
log = "syslog:local7";
daemon = on;
redirector = iptables;
}
redsocks {
local_ip = 0.0.0.0;
local_port = 1337;
ip = socks-ip;
port = socks-port;
type = socks5;
login = socks-username;
password = socks-pass;
}
- nftable chain/hook to redirect to redsocks
/etc/redsocks_fw.nft
chain REDSOCKS {
# hook to the output/prerouting
type nat hook prerouting priority dstnat; policy accept;
# skip if the user is not uid 1000
# ip protocol tcp skuid != 1000 return
# skip for local ip ranges
ip daddr 0.0.0.0/8 return
ip daddr 10.0.0.0/8 return
ip daddr 100.64.0.0/10 return
ip daddr 127.0.0.0/8 return
ip daddr 169.254.0.0/16 return
ip daddr 172.16.0.0/12 return
ip daddr 192.168.0.0/16 return
ip daddr 198.18.0.0/15 return
ip daddr 224.0.0.0/4 return
ip daddr 240.0.0.0/4 return
# do iptable redirect to redsocks port
# e.g. redirect only internal ip .199 and .189
ip protocol tcp ip saddr 192.168.1.199 redirect to 1337
ip protocol tcp ip saddr 192.168.1.189 redirect to 1337
}
?. Add chain using fw4 (openwrt)
/etc/config/firewall
config include
option type 'nftables'
option path '/etc/redsocks_fw.nft'
option position 'table-pre'
option enabled '1'
option chain 'dstnat'
fw4 reload && service redsocks restart