7
I am trying to play a Japanese karaoke game on a PS3 but the latency is just horrendous and downloading songs takes forever. One recommendation I got was to turn my laptop into a SOCKS proxy by logging in via OpenSSH to my friend's server in Japan.
[server]----(ssh tunnel)---[wlan0 < laptop > eth0]---[PS3]
So that's what I did:
ssh -ND 4711 login@friend.server
At that moment I tried reaching google.com from my laptop using Firefox (with SOCKS proxy settings) and I got redirected to google.co.jp. Great.
Then I wanted to connect my PS3 to my laptop via Ethernet.
I first assigned a static IP to eth0 with:
ip link set dev eth0 up
ip addr add 139.96.30.100/24 dev eth0
I then started a DHCP server on my laptop to give an IP to the PS3 with:
systemctl start dhcp4.service
And finally I enabled NAT with some iptables magic:
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
I went to "Networks Settings" and tested the connection from my PS3 and nice, it seemed to work. I launched the web browser and google.com got redirected to google.fr. How stupid, I forgot to forward the connection to the right port.
After a lot of connection forwarding through iptables that didn't work I decided to try using a transparent proxy: redsocks. http://darkk.net.ru/redsocks/
After installation I modified /etc/redsocks.conf to suit my needs:
redsocks {
local_ip=0.0.0.0; // documentation says: "use 0.0.0.0 if you want to listen on every interface"
local_port=31388;
ip=127.0.0.1;
port=4711;
}
with the rest left out as it was in https://github.com/darkk/redsocks/blob/master/redsocks.conf.example
I used the basic redsocks.rules provided in the package I installed:
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:REDSOCKS - [0:0]
# Redirect all output through redsocks
-A OUTPUT -p tcp -j REDSOCKS
# Whitelist LANs and some other reserved addresses.
# https://en.wikipedia.org/wiki/Reserved_IP_addresses#Reserved_IPv4_addresses
-A REDSOCKS -d 0.0.0.0/8 -j RETURN
-A REDSOCKS -d 10.0.0.0/8 -j RETURN
-A REDSOCKS -d 127.0.0.0/8 -j RETURN
-A REDSOCKS -d 169.254.0.0/16 -j RETURN
-A REDSOCKS -d 172.16.0.0/12 -j RETURN
-A REDSOCKS -d 192.168.0.0/16 -j RETURN
-A REDSOCKS -d 224.0.0.0/4 -j RETURN
-A REDSOCKS -d 240.0.0.0/4 -j RETURN
# Redirect everything else to redsocks port
-A REDSOCKS -p tcp -j REDIRECT --to-ports 31338
COMMIT
That allowed me to stop using the SOCKS proxy settings on Firefox and luakit which I confirmed with the google.com turning into google.co.jp test.
I figured I still had to enable NAT so I redid:
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
The PS3 apparently bypassed the system-wide proxy and google.com got redirected to google.fr. I then used the redsocks.rules file as it was without masquerading. I believed that anyway I wouldn't need NAT since the redsocks server apparently listens on every interface.
I tried connecting the PS3 again and I got the following message (after the PS3 acquired an IP from my DHCP server and failed at getting an internet connection):
"An error occured during communication with the server. This is a DNS error."
That's where I am right now. I guess it might be a problem with redsocks though, since it uses a DNS server called dnstc which does this according to the documentation:
dnstc {
// fake and really dumb DNS server that returns "truncated answer" to
// every query via UDP, RFC-compliant resolver should repeat same query
// via TCP in this case.
local_ip = 127.0.0.1;
local_port = 5300;
}
My wild guess is that my PS3 requests DNS resolution via UDP and that dnstc replies with "truncated answer" all the time. If I understand correctly, it should resend the request through TCP but apparently it produces a DNS error instead??
What should I do? Or more precisely:
- Is redsocks unnecessary? Am I just iptables-illiterate?
- Should I install a DNS server and forward the DNS requests? If so, how?
Thanks for reading that wall-of-text! Hope it doesn't suck too much for a first question...
Thank you for your answer! Unfortunately, I already tried this kind of thing. It seems like DNS packets are intercepted by dnstc and thus never relayed to the DNS server. I will update my question soon to share my new meager findings... – paob – 2013-02-14T12:53:07.433
Perhaps the flow is something like this:
UDP DNS -> dnstc -> TCP DNS -> gets picked up by redsocks and redirected.
If that's why the DNS request isn't coming back, maybe adding the DNS server IPs to the redsocks whitelist it would let the TCP DNS request pass through. – Jarett Millard – 2013-02-17T02:21:40.217