Is it possible to support SOCKS5 for certain hosts transparently?

0

I have SSH access to a jump box on my work. This jump box gives access to the complete network infrastructure at work. This is great to work from home.

I am able to run a SOCKS5 proxy on the jump box (via ssh -D) and successfully managed to configure my browser to use that SOCKS5 proxy for work hosts (via https://getfoxyproxy.org). Foxyproxy seems to forward DNS requests to that SOCKS5 proxy, so all is working fine.

While this all works fine, I am wondering if it is possible to let my system use the SOCKS5 for work-related traffic in a more transparent manner. It's quite exhausting to figure out for each application I use if it supports SOCKS5 and if so, how.

More concrete, is there a way to configure my system in such way that it will automatically route traffic via the SOCKS5 for predefined hosts?

I know there are tools such as proxychains (see https://github.com/haad/proxychains), but this is not what I am after. This routes all traffic of an application to the proxy, while I want to route all traffic to a host to the proxy, if that makes sense.

Is this possible?

For your information, I asked a related question regarding DNS requests here: Forward DNS request to my work's jump server. Combining this question with the DNS question, I hopefully end up with a fully transparent way of interacting with work.

Pritzl

Posted 2019-07-06T08:51:12.373

Reputation: 225

Answers

1

It is technically possible, though note that SOCKS only supports TCP tunnels (and in rare cases UDP). Anything else would have to be dropped.

If you use Linux, you can use iptables to redirect specific packets to a locally running transparent proxy, of which there are several SOCKS-capable ones – Google gives transocks, redsocks, pr0cks.

(The Tor-based "Tails" OS does the same trick, but the transparent proxying functionality is now built in to the Tor daemon itself – there is no separate SOCKS layer involved.)

For operating systems which do not have such "transparent proxy" support, it would still be possible but the software could get quite complex – it could create a virtual TUN interface that the packets could be routed to, but it would need to handle the entire client-side TCP protocol on its own, without any help from the OS. (SOCKS doesn't actually relay raw TCP packets, it only relays the data carried inside.)

user1686

Posted 2019-07-06T08:51:12.373

Reputation: 283 655

Thank you. I will get start experimenting. – Pritzl – 2019-07-07T16:51:36.877

FYI, I tried to get going with redsocks, but am hitting a wall currently. I listed my case here: https://superuser.com/questions/1457781/why-is-redsocks-not-being-used-for-traffic-in-this-dockerized-environment

– Pritzl – 2019-07-09T11:55:58.467

0

Perhaps take a look at socksify. It might work particularly well if your office proxy uses Dante, but should be fine for other set-ups as well.

Michael - Where's Clay Shirky

Posted 2019-07-06T08:51:12.373

Reputation: 491

Asked: 2019-07-06T08:51:12.373

Viewed: 112 times

Active: 2019-07-07T00:15:49.580