tothi · October 14, 2024 15:43
diff --git a/tunnel_vm_socks.txt b/tunnel_vm_socks.txt
 # ssh socks server on :5000 (tunnels traffic to tunnel-endpoint-server)
 ssh -D5000 -NT -v user@tunnel-endpoint-server

 # redsocks: https://github.com/darkk/redsocks 
 # 1.) as a socks client, listen on :4999 and connect to :5000
 # 2.) run a dummy udp dns server on :5300 (to force vm to fallback to tcp which is working through ssh socks) 
 cat > redsocks.conf <<EOF
 base { log_info=on; redirector=iptables; }
 redsocks { local_ip=127.0.0.1; local_port=4999; ip=127.0.0.1; port=5000; type=socks4; }
 dnstc { local_ip=127.0.0.1; local_port=5300; }
 EOF
 redsocks -c redsocks.conf

 # run virtualbox vm with host-only interface (e.g. vboxnet0 as 192.168.56.1/24)
 # dhcp is ok, but setting proper dns ip (behind tunnel-endpoint-server) is mandatory

 # redirect virtualbox traffic from vboxnet0 to socks client :4999
 # and redirect udp dns to dummy service
 sysctl -w net.ipv4.conf.vboxnet0.route_localnet=1
 iptables -t nat -F PREROUTING
 iptables -t nat -A PREROUTING -i vboxnet0 -s 192.168.56.0/24 -p tcp -j DNAT --to-destination 127.0.0.1:4999
 iptables -t nat -A PREROUTING -i vboxnet0 -s 192.168.56.0/24 -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:5300

 # alternative iptables rules if we want to route host localnet (e.g. 192.168.1.0/24) directly
 iptables -t nat -F PREROUTING
 iptables -t nat -A PREROUTING -i vboxnet0 -s 192.168.56.0/24 -p tcp ! -d 192.168.1.0/24 -j DNAT --to-destination 127.0.0.1:4999
 iptables -t nat -A PREROUTING -i vboxnet0 -s 192.168.56.0/24 -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:5300
 iptables -t nat -A POSTROUTING -s 192.168.56.0/24 -p tcp -d 192.168.1.0/24 -j MASQUERADE
	# ssh socks server on :5000 (tunnels traffic to tunnel-endpoint-server)
	ssh -D5000 -NT -v user@tunnel-endpoint-server

	# redsocks: https://github.com/darkk/redsocks
	# 1.) as a socks client, listen on :4999 and connect to :5000
	# 2.) run a dummy udp dns server on :5300 (to force vm to fallback to tcp which is working through ssh socks)
	cat > redsocks.conf <<EOF
	base { log_info=on; redirector=iptables; }
	redsocks { local_ip=127.0.0.1; local_port=4999; ip=127.0.0.1; port=5000; type=socks4; }
	dnstc { local_ip=127.0.0.1; local_port=5300; }
	EOF
	redsocks -c redsocks.conf

	# run virtualbox vm with host-only interface (e.g. vboxnet0 as 192.168.56.1/24)
	# dhcp is ok, but setting proper dns ip (behind tunnel-endpoint-server) is mandatory

	# redirect virtualbox traffic from vboxnet0 to socks client :4999
	# and redirect udp dns to dummy service
	sysctl -w net.ipv4.conf.vboxnet0.route_localnet=1
	iptables -t nat -F PREROUTING
	iptables -t nat -A PREROUTING -i vboxnet0 -s 192.168.56.0/24 -p tcp -j DNAT --to-destination 127.0.0.1:4999
	iptables -t nat -A PREROUTING -i vboxnet0 -s 192.168.56.0/24 -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:5300

	# alternative iptables rules if we want to route host localnet (e.g. 192.168.1.0/24) directly
	iptables -t nat -F PREROUTING
	iptables -t nat -A PREROUTING -i vboxnet0 -s 192.168.56.0/24 -p tcp ! -d 192.168.1.0/24 -j DNAT --to-destination 127.0.0.1:4999
	iptables -t nat -A PREROUTING -i vboxnet0 -s 192.168.56.0/24 -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:5300
	iptables -t nat -A POSTROUTING -s 192.168.56.0/24 -p tcp -d 192.168.1.0/24 -j MASQUERADE