Package: redsocks
Version: 0.5-2
Severity: normal
Dear Maintainer,
Transparent proxy traffic no longer works...
The same configuration, as recommended in the official documentation,
worked on some previous updates. In the stable version (stretch) on the
same network, the traffic is ok. The iptables rules are the same as the
official documentation.
I do not know if the problem is in the redsocks package, the kernel version
or the iptables version.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (50, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages redsocks depends on:
ii adduser 3.118
ii libc6 2.27-8
ii libevent-core-2.1-6 2.1.8-stable-4
ii lsb-base 9.20170808
redsocks recommends no packages.
redsocks suggests no packages.
-- Configuration Files:
/etc/redsocks.conf changed:
base {
// debug: connection progress & client list on SIGUSR1
log_debug = off;
// info: start and end of client session
log_info = on;
/* possible `log' values are:
* stderr
* "file:/path/to/file"
* syslog:FACILITY facility is any of "daemon",
"local0"..."local7"
*/
log = "syslog:daemon";
// detach from console
daemon = on;
/* Change uid, gid and root directory, these options require root
* privilegies on startup.
* Note, your chroot may requre /etc/localtime if you write log to
syslog.
* Log is opened before chroot & uid changing.
*/
user = redsocks;
group = redsocks;
// chroot = "/var/chroot";
/* possible `redirector' values are:
* iptables - for Linux
* ipf - for FreeBSD
* pf - for OpenBSD
* generic - some generic redirector that MAY work
*/
redirector = iptables;
}
redsocks {
/* 'local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* 'local_*' are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 12345;
// 'ip' and 'port' are IP and tcp-port of proxy-server
// You can also use hostname instead of IP, only one (random)
// address of multihomed host will be used.
ip = 127.0.0.1;
port = 1080;
// known types: socks4, socks5, http-connect, http-relay
type = socks5;
login = "*****";
password = "*****";
}
redudp {
// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
// packets that are sent as replies - and it should be fixed
// if we want NAT to work properly.
local_ip = 127.0.0.1;
local_port = 10053;
// 'ip' and `port' of socks5 proxy server.
ip = 127.0.0.1;
port = 1080;
// kernel does not give us this information, so we have to
duplicate it
// in both iptables rules and configuration file. By the way, you
can
// set `local_ip' to 127.45.67.89 if you need more than 65535 ports
to
// forward ;-)
// This limitation may be relaxed in future versions using
contrack-tools.
dest_ip = 10.0.192.18;
dest_port = 53;
udp_timeout = 30;
udp_timeout_stream = 180;
}
dnstc {
// fake and really dumb DNS server that returns "truncated answer"
to
// every query via UDP, RFC-compliant resolver should repeat same
query
// via TCP in this case.
local_ip = 127.0.0.1;
local_port = 5300;
}
// you can add more 'redsocks' and 'redudp' sections if you need.
// dnsu2t {
// local_ip 127.0.0.1;
// local_port 5053;
// remote_ip 127.0.0.1;
// remote_port 10053;
// }
-- no debconf information
--
* Clauzio* 'KlauX' Perpétuo ∴
"Computers are like air-conditioners.
They stop working when you open windows."
"... se alguém não quer trabalhar, também não coma." (2 Ts 3.10).
