How to force all Linux apps to use SOCKS proxy

2

1

Using Linux, I need a way to route all network traffic of interface enp2s0 through SOCKS4 192.168.1.2:1080 (or any SOCKS proxy for that matter) – something like Proxifier in Windows.  The proxy works fine when manually set in Chrome or Firefox.

OS: Linux Mint 19.1

Things I tried:

  • I set the proxy manually in network settings, but it's just like I didn't set it; Chrome still connects directly.  Here's a screenshot:

  • Proxychains is working great, but I have to manually launch each app individually from the terminal.

I don't know how to use redsocks or iptables (yet).

I hope there's a GUI like Proxifier for Linux, but a terminal (CLI)-based solution is okay.

yazan sayed

Posted 2019-02-03T15:11:47.817

Reputation: 61

Have you also looked at Redsocks2 (https://github.com/semigodking/redsocks)? It seems to be actively maintained and the documentation is easier to follow than Redsocks. Have you looked into the answers of https://askubuntu.com/a/513956/385961 and https://superuser.com/a/1122572/168962, regarding gsettings under Gnome and general shell environment variables to influence http-based proxy redirection?

– Moreaki – 2019-02-03T19:25:35.510

Answers

4

for the impatient just do the following; assuming that the proxy is example.com:7777 and it's socks5 (change it with your own later)

  • first install redsocks sudo apt-get install redsocks

, make an empty file anywhere and name it redsocks.conf (or whatever), I'll assume it's here /etc/redsocks.conf (change it with your own).

  • edit the file you created (redsocks.conf) as follows
base {
 log_debug = on;
 log_info = on;
 log = "stderr";
 daemon = off;
 redirector = iptables;
}

redsocks {
    local_ip = 127.0.0.1;
    local_port = 12345;

    ip = example.com;
    port = 7777;
    type = socks5;
      // known types: socks4, socks5, http-connect, http-relay

    // login = username;
    // password = password;
        }

change example.com 7777 with your proxy, (note that you can use any local_port other than 12345,it's the local port that we will set an iptable rule to redirect the traffic to, so if you use another, make sure to use it in later steps below)

-- now run redsocks with the config file destination as follows

sudo redsocks -c /etc/redsocks.conf

change with the destination of your redsocks.conf (if you get "bind: Address already in use" try killall redsocks) you can also check if redsocks is bound to local port 12345 with netstat -tulpn

-- now that redsocks is running and ready, let's change the iptables rules to use redsocks. this should be customized to your needs, but if you like to redirect all HTTP and HTTPS packets through the proxy. Define the following rules.

sudo iptables -t nat -N REDSOCKS

sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345

sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDSOCKS
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDSOCKS

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDSOCKS
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDSOCKS

now your http and https traffic should be redirected through example.com:7777

if you want your iptables reset use:

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

additional tip: if you have vpn on your iphone or android, you can use it for free in your pc whatever the OS is. just connect the phone vpn app, and establish a socks proxy server ( in android you can use 'servers ultimate' app) then use the proxy in your pc as above, now all your pc traffic is routed through your phone vpn. neat.

yazan sayed

Posted 2019-02-03T15:11:47.817

Reputation: 61

After I run the two PREROUTING chains, I have no Internet connectivity. Any ideas? – shig – 2019-10-16T20:52:25.297

0

You need to forward all outgoing local traffic using iptables. Not aware of any GUI programs that do it. My use of iptables is limited to either very simple written scripts to call it to build a router, etc or to do a typical host based firewall setup with ufw. There is a GUI for ufw (gufw, imagine that) but I've never used it.

This (closed for being off topic) question/answer should get you started.

https://stackoverflow.com/questions/23180696/linux-iptables-redirect-outgoing-traffic-to-local-port

ivanivan

Posted 2019-02-03T15:11:47.817

Reputation: 2 634

Redirecting traffic to a local port will not make that traffic SOCKS. – Daniel B – 2019-02-04T06:57:22.553

Asked: 2019-02-03T15:11:47.817

Viewed: 6 034 times

Active: 2019-02-05T16:36:03.377