redsocks

mat@vpntest:~$ cat /etc/sockstables.sh
# clear tables
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

# vpn
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
# vpn redirect?
iptables -t nat -A POSTROUTING -o enp0s3 -j LOG --log-prefix "nat_post_out_enp: "
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o enp0s3 -j MASQUERADE

# Create new chain
iptables -t nat -N REDSOCKS

# Ignore LANs and some other reserved addresses.
iptables -t nat -A REDSOCKS -j LOG --log-prefix "redsocks: "
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 100.64.0.0/10 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 198.18.0.0/15 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

# Anything else should be redirected to port 12345
iptables -t nat -A REDSOCKS -p tcp -j LOG --log-prefix "redirect12345: "
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345

# If you want to configure socksifying router, you should look at
# doc/iptables-packet-flow.png, doc/iptables-packet-flow-ng.png and
# https://en.wikipedia.org/wiki/File:Netfilter-packet-flow.svg
# Note, you should have proper `local_ip' value to get external packets with
# redsocks, default 127.0.0.1 will not go. See iptables(8) manpage regarding
# REDIRECT target for details.
# Depending on your network configuration iptables conf. may be as easy as:
iptables -t nat -A PREROUTING -i ppp+ -p tcp -j LOG --log-prefix "pre_in_ppp: "
iptables -t nat -A PREROUTING -i ppp+ -p tcp -j REDSOCKS