Comments (5)
@gilcu3 Sorry, I can not remember the detail now. I original use redsocks with shadowsocks as an transparent proxy. Now I can archive transparent proxy with just shadowsocks-libev. My shadowsocks config files: https://github.com/dista/tools/tree/master/ss-ev-scripts
from redsocks.
I'm having the same issue. Many https sites don't work while some do work. @kiddyfurby
https://www.google.com and searching my ip shows that everythign is working well
Going to https://www.facebook.com in firefox shows: Secure connection failed
Doing wget https://www.facebook.com shows Unable to establish SSL connection.
Can provide any more information as requested. These are my iptables rules:
iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N REDSOCKS
-A PREROUTING -i wlan0 -p tcp -j REDSOCKS
-A POSTROUTING -s 10.0.0.0/24 ! -d 10.0.0.0/24 -o eth0 -j MASQUERADE
-A REDSOCKS -d my_socksproxy_server_ip -j RETURN
-A REDSOCKS -d 0.0.0.0/8 -j RETURN
-A REDSOCKS -d 10.0.0.0/8 -j RETURN
-A REDSOCKS -d 127.0.0.0/8 -j RETURN
-A REDSOCKS -d 169.254.0.0/16 -j RETURN
-A REDSOCKS -d 172.16.0.0/12 -j RETURN
-A REDSOCKS -d 192.168.0.0/16 -j RETURN
-A REDSOCKS -d 224.0.0.0/4 -j RETURN
-A REDSOCKS -d 240.0.0.0/4 -j RETURN
-A REDSOCKS -p tcp -j REDIRECT --to-ports 31338
iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N TCP
-N UDP
-N fw-interfaces
-N fw-open
-A INPUT -i wlan0 -p udp -m udp --dport 31338 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 31338 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j fw-interfaces
-A FORWARD -j fw-open
-A FORWARD -j REJECT --reject-with icmp-host-unreachable
-A TCP -s 10.0.0.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A TCP -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A TCP -i wlan0 -p tcp -m tcp --dport 53 -j ACCEPT
-A TCP -i wlan0 -p tcp -m tcp --dport 67 -j ACCEPT
-A TCP -s 192.168.60.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A UDP -i wlan0 -p udp -m udp --dport 53 -j ACCEPT
-A UDP -i wlan0 -p udp -m udp --dport 67 -j ACCEPT
-A fw-interfaces -i wlan0 -j ACCEPT
Related log (notice that 159.106.121.75 is facebook https)::
Sep 10 14:32:41 lemaker sslocal[2451]: 2015-09-10 14:32:41 INFO connecting 216.58.221.35:80 from 127.0.0.1:33840
Sep 10 14:32:46 lemaker redsocks[2497]: [10.0.0.106:46401->159.106.121.75:443]: accepted
Sep 10 14:32:46 lemaker redsocks[2497]: [10.0.0.106:46401->159.106.121.75:443]: data relaying started
Sep 10 14:32:46 lemaker sslocal[2451]: 2015-09-10 14:32:46 INFO connecting 159.106.121.75:443 from 127.0.0.1:33842
Sep 10 14:32:47 lemaker redsocks[2497]: [10.0.0.106:37337->63.245.217.162:443]: accepted
Sep 10 14:32:47 lemaker sslocal[2451]: 2015-09-10 14:32:47 INFO connecting 63.245.217.162:443 from 127.0.0.1:33844
Sep 10 14:32:47 lemaker redsocks[2497]: [10.0.0.106:37337->63.245.217.162:443]: data relaying started
Sep 10 14:32:54 lemaker redsocks[2497]: [10.0.0.106:46401->159.106.121.75:443]: both client and server disconnected
Sep 10 14:32:54 lemaker redsocks[2497]: [10.0.0.106:46401->159.106.121.75:443]: dropping client
Sep 10 14:32:54 lemaker redsocks[2497]: [10.0.0.106:41780->159.106.121.75:443]: accepted
Sep 10 14:32:54 lemaker sslocal[2451]: 2015-09-10 14:32:54 INFO connecting 159.106.121.75:443 from 127.0.0.1:33846
Sep 10 14:32:54 lemaker redsocks[2497]: [10.0.0.106:41780->159.106.121.75:443]: data relaying started
Sep 10 14:33:01 lemaker redsocks[2497]: [10.0.0.106:41780->159.106.121.75:443]: both client and server disconnected
Sep 10 14:33:01 lemaker redsocks[2497]: [10.0.0.106:41780->159.106.121.75:443]: dropping client
Sep 10 14:33:01 lemaker redsocks[2497]: [10.0.0.106:49450->159.106.121.75:443]: accepted
Sep 10 14:33:01 lemaker sslocal[2451]: 2015-09-10 14:33:01 INFO connecting 159.106.121.75:443 from 127.0.0.1:33848
Sep 10 14:33:01 lemaker redsocks[2497]: [10.0.0.106:49450->159.106.121.75:443]: data relaying started
Sep 10 14:33:02 lemaker redsocks[2497]: [10.0.0.106:49450->159.106.121.75:443]: both client and server disconnected
Sep 10 14:33:02 lemaker redsocks[2497]: [10.0.0.106:49450->159.106.121.75:443]: dropping client
Sep 10 14:33:02 lemaker redsocks[2497]: [10.0.0.106:37023->159.106.121.75:443]: accepted
Sep 10 14:33:02 lemaker sslocal[2451]: 2015-09-10 14:33:02 INFO connecting 159.106.121.75:443 from 127.0.0.1:33850
from redsocks.
I have the same issue. After some investigation I find that it is caused by DNS resolver. The ip address resolved in local machine can not be connected in proxy server.
So I installed pdnsd as a dns proxy in my local machine, and use -mto option(only use tcp so that it can be passed to my proxy server) to resolve DNS, then every is ok, now I can visit facebook or youtube.
Some notes: Some domain can't be resolved by DNS over TCP(maybe the DNS server can not find the domain), if that is the case, it can't be visited.
Hope that will help.
from redsocks.
@dista could you explain how to use pdnsd and redsocks together, I think I confront the same issue, the proxy restricts some direct https to ip, while not to name
from redsocks.
I'm not sure if the original issue was ever related to DNS.
There was some bug fixed between v0.4 and v0.5 that was caused by bad bufferevent
juggling (I remember, that I've managed to reproduce it, but I don't remember exact commit), so I'm closing this issue.
Please, try v0.5 if you see issues with https.
from redsocks.
Related Issues (20)
- File descriptors never closed?? HOT 1
- redsocks not forwarding proxy requests in RHEL 8 HOT 8
- My redsocks proxy connection has stopped working - new security somewhere?
- Software will not compile on OpenBSD 7.0
- Log file permission denied HOT 2
- Broken pipe and dropping client messages in the log file HOT 2
- Configuration issue HOT 9
- Kill switch feature
- Kill switch feature
- Kill switch feature
- Redirect all traffic HOT 1
- Is redsocks able to redirect udp traffic by tproxy (not only for dns )? HOT 3
- Not fully working as a socksifying router HOT 1
- Compiling Redsocks on M1 MacOS Monterey 12.5 HOT 1
- [Bug] Two UAF related to redsocks_shutdown
- [Bug] UAF in http-relay.c
- Redirect does not seem to happen on my IPv6 only server. HOT 1
- Redsocks on Kubernetes?
- Redsocks and Dante-Server on Debian 12 and NfTables
- Redsocks service is down.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from redsocks.