tovask · February 8, 2020 22:12
diff --git a/configure.sh b/configure.sh
 OUTSIDE_INTERFACE=wlan0
 INSIDE_INTERFACE=eth0
 SSH_REMOTE_PORT=22
 SSH_SOCKS_PORT=1337
 REDSOCKS_PORT=12345

 # set the ip address
 ifconfig $INSIDE_INTERFACE 10.0.0.1 netmask 255.255.255.0

 # enable ip forwarding
 echo 1 > /proc/sys/net/ipv4/ip_forward

 # reset iptables
 iptables -P INPUT ACCEPT
 iptables -P FORWARD ACCEPT
 iptables -P OUTPUT ACCEPT
 iptables -t nat -F
 iptables -F
 iptables -X

 # redirect local traffic, except traffic from redsocks to ssh or the ssh itself
 iptables -t nat -A OUTPUT -p tcp --dport $SSH_REMOTE_PORT -j RETURN
 iptables -t nat -A OUTPUT -p tcp --dport $SSH_SOCKS_PORT -j RETURN
 iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports $REDSOCKS_PORT

 # redirect traffic from inside
 iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports $REDSOCKS_PORT
diff --git a/redsocks.conf b/redsocks.conf
 # file: /etc/redsocks.conf
 # install redsocks: sudo apt-get install redsocks
 # restart to apply a new config: sudo killall redsocks && sudo redsocks -c /etc/redsocks.conf

 base {
        // debug: connection progress & client list on SIGUSR1
        log_debug = off;

        // info: start and end of client session
        log_info = on;

        /* possible `log' values are:
         *   stderr
         *   "file:/path/to/file"
         *   syslog:FACILITY  facility is any of "daemon", "local0"..."local7"
         */
        log = "syslog:daemon";

        // detach from console
        daemon = on;

        /* Change uid, gid and root directory, these options require root
         * privilegies on startup.
         * Note, your chroot may requre /etc/localtime if you write log to syslog.
         * Log is opened before chroot & uid changing.
         */
        user = redsocks;
        group = redsocks;
        // chroot = "/var/chroot";

        /* possible `redirector' values are:
         *   iptables   - for Linux
         *   ipf        - for FreeBSD
         *   pf         - for OpenBSD
         *   generic    - some generic redirector that MAY work
         */
        redirector = iptables;
 }

 redsocks {
        /* `local_ip' defaults to 127.0.0.1 for security reasons,
         * use 0.0.0.0 if you want to listen on every interface.
         * `local_*' are used as port to redirect to.
         */
        local_ip = 0.0.0.0;
        local_port = 12345;

        // `ip' and `port' are IP and tcp-port of proxy-server
        // You can also use hostname instead of IP, only one (random)
        // address of multihomed host will be used.
        ip = 127.0.0.1;
        port = 1337;


        // known types: socks4, socks5, http-connect, http-relay
        type = socks5;

        // login = "foobar";
        // password = "baz";
 }
	OUTSIDE_INTERFACE=wlan0
	INSIDE_INTERFACE=eth0
	SSH_REMOTE_PORT=22
	SSH_SOCKS_PORT=1337
	REDSOCKS_PORT=12345

	# set the ip address
	ifconfig $INSIDE_INTERFACE 10.0.0.1 netmask 255.255.255.0

	# enable ip forwarding
	echo 1 > /proc/sys/net/ipv4/ip_forward

	# reset iptables
	iptables -P INPUT ACCEPT
	iptables -P FORWARD ACCEPT
	iptables -P OUTPUT ACCEPT
	iptables -t nat -F
	iptables -F
	iptables -X

	# redirect local traffic, except traffic from redsocks to ssh or the ssh itself
	iptables -t nat -A OUTPUT -p tcp --dport $SSH_REMOTE_PORT -j RETURN
	iptables -t nat -A OUTPUT -p tcp --dport $SSH_SOCKS_PORT -j RETURN
	iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports $REDSOCKS_PORT

	# redirect traffic from inside
	iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports $REDSOCKS_PORT
	# file: /etc/redsocks.conf
	# install redsocks: sudo apt-get install redsocks
	# restart to apply a new config: sudo killall redsocks && sudo redsocks -c /etc/redsocks.conf

	base {
	// debug: connection progress & client list on SIGUSR1
	log_debug = off;

	// info: start and end of client session
	log_info = on;

	/* possible `log' values are:
	* stderr
	* "file:/path/to/file"
	* syslog:FACILITY facility is any of "daemon", "local0"..."local7"
	*/
	log = "syslog:daemon";

	// detach from console
	daemon = on;

	/* Change uid, gid and root directory, these options require root
	* privilegies on startup.
	* Note, your chroot may requre /etc/localtime if you write log to syslog.
	* Log is opened before chroot & uid changing.
	*/
	user = redsocks;
	group = redsocks;
	// chroot = "/var/chroot";

	/* possible `redirector' values are:
	* iptables - for Linux
	* ipf - for FreeBSD
	* pf - for OpenBSD
	* generic - some generic redirector that MAY work
	*/
	redirector = iptables;
	}

	redsocks {
	/* `local_ip' defaults to 127.0.0.1 for security reasons,
	* use 0.0.0.0 if you want to listen on every interface.
	* `local_*' are used as port to redirect to.
	*/
	local_ip = 0.0.0.0;
	local_port = 12345;

	// `ip' and `port' are IP and tcp-port of proxy-server
	// You can also use hostname instead of IP, only one (random)
	// address of multihomed host will be used.
	ip = 127.0.0.1;
	port = 1337;


	// known types: socks4, socks5, http-connect, http-relay
	type = socks5;

	// login = "foobar";
	// password = "baz";
	}