![]() ![]() TPROXY is the alternative here, but the trouble is that it works only with PREROUTING chain i.e. You can possibly redirect traffic only towards a fixed socket (IP:PORT) e.g. But it doesn't work with simple DNAT or REDIRECT (probably because SO_ORIGINAL_DST is not available for UDP sockets, I don't know the details). openssh and tor both don't, shadowsocks however does have UDP associate features. But some games, VoIP apps and above all the traditional DNS generate UDP traffic which is not supported by many SOCKS5 proxies. Most of the traffic generated by apps is TCP which works fine with SOCKS and is easy to setup. So it cannot carry whole traffic from all apps. The problem with the iptables approach is that SOCKS5 is a layer 5 protocol in OSI model. I didn't tick any app so I assume that means all app go through custom script, right? shadowsocks provides its own similar tool ( ss-redir), so does Tor. If manually workig from CLI, you can use a transparent TCP/UDP-to-proxy redirector like redsocks in combination with iptables. Enforcing global proxy is (at least partially) possible with proxifier apps like ProxyDroid (which is iptables-based) and SocksDroid (which is VPN/routing based). It looks like AFWall+ is able to create a NAT forwarding policyĪFWall+ uses iptables at back end and it can execute your script on network changes. Either configure individual apps (which have built-in support for SOCKS) or enforce proxy system-wide transparently (what you are trying to do). But you need to make your traffic SOCKS-aware before directing towards SOCKS proxy. it takes TCP/UDP traffic and SOCKSify it before sending through shadowsocks tunnel. The link you have provided is not setting up SOCKS but a transparent proxy i.e.
0 Comments
Leave a Reply. |