Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect external IP request to localhost when routing through Socks Proxy and Redsocks #150

Open
erangaeb opened this issue Mar 13, 2020 · 0 comments
Open

Redirect external IP request to localhost when routing through Socks Proxy and Redsocks #150

erangaeb opened this issue Mar 13, 2020 · 0 comments

Comments

@erangaeb
Copy link

This is a question regarding Redsocks and iptables rules. Following is the scenario.

I have two servers server1 - 172.17.0.1, server2 - 172.17.0.2. I need to access JMX port (7199) on server1 from server2. Since I have disabled remote JMX on server1, I cannot access it from server2 via SSH local forwarding(need to access 7199 port with localhost from server2). So I have created SSH socks proxy and configured it with Redsocks. It's working fine.

# run socks proxy from service2
ssh -v -N -D 9999 user@172.17.0.1

# configure socks proxy with Redsocks in service2
redsocks {
    // redsocks listening port
    local_ip = 127.0.0.1;
    local_port = 12345;

    // socks proxy 
    ip = 127.0.0.1;
    port = 9999;

    type = socks5;
}

# configure iptable rules to route the packets to Redsocks in service2
sudo iptables -t nat -N REDSOCKS
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
sudo iptables -t nat -A OUTPUT -p tcp --dport 7199 -j REDSOCKS
sudo iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner <user id> -j REDSOCKS

Now if I connect to the 127.0.0.1:7199 from service2(e.g telnet localhost 7199) it will connect to the JMX port(7199) of server1. Redsocks route packets correctly to the server1 via socks proxy. 

I have another requirement. When coming packets with IP address of the service1(e.g 172.17.0.1:7199), I need to redirect them to localhost(127.0.0.1:7199). For an example, if I connect with 172.17.0.1:7199 from service2, I need to redirect it to 127.0.0.1:7199 in order to access the JMX port in service1 via socks proxy. Normally IP address redirection can be done with one of the following iptables rules. Since there are other iptables rules existing(related to Redsocks) it does not work.

# redirect with host
iptables -t nat -A OUTPUT -p tcp -d 172.17.0.1 -j DNAT --to-destination 127.0.0.1

# redirect with host and port
iptables -t nat -A OUTPUT -p tcp -d 172.17.0.1 --dport 7199 -j DNAT --to-destination 127.0.0.1:7199

How IP address redirection to localhost can be done in this scenario?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@erangaeb