![]() the traffic coming from outside, not that generated on device. TPROXY is the alternative here, but the trouble is that it works only with PREROUTING chain i.e. You can possibly redirect traffic only towards a fixed socket (IP:PORT) e.g. But it doesn't work with simple DNAT or REDIRECT (probably because SO_ORIGINAL_DST is not available for UDP sockets, I don't know the details). openssh and tor both don't, shadowsocks however does have UDP associate features. ![]() But some games, VoIP apps and above all the traditional DNS generate UDP traffic which is not supported by many SOCKS5 proxies. Most of the traffic generated by apps is TCP which works fine with SOCKS and is easy to setup. So it cannot carry whole traffic from all apps. The problem with the iptables approach is that SOCKS5 is a layer 5 protocol in OSI model. I didn't tick any app so I assume that means all app go through custom script, right? shadowsocks provides its own similar tool ( ss-redir), so does Tor. If manually workig from CLI, you can use a transparent TCP/UDP-to-proxy redirector like redsocks in combination with iptables. Enforcing global proxy is (at least partially) possible with proxifier apps like ProxyDroid (which is iptables-based) and SocksDroid (which is VPN/routing based). ![]() It looks like AFWall+ is able to create a NAT forwarding policyĪFWall+ uses iptables at back end and it can execute your script on network changes. Either configure individual apps (which have built-in support for SOCKS) or enforce proxy system-wide transparently (what you are trying to do). But you need to make your traffic SOCKS-aware before directing towards SOCKS proxy. it takes TCP/UDP traffic and SOCKSify it before sending through shadowsocks tunnel. The link you have provided is not setting up SOCKS but a transparent proxy i.e. Are there other settings that I should enable first? I didn't tick any app so I assume that means all app go through custom script, right?.Did I create a wrong script? How do I create a script that does what I want to do?. ![]() $IPTABLES -t nat -A OUTPUT -p udp -j DNAT -to-destination $SERVER:$PORT $IPTABLES -t nat -A OUTPUT -p tcp -j DNAT -to-destination $SERVER:$PORT $IPTABLES -t nat -A OUTPUT -p udp -dport 53 -j DNAT -to-destination $SERVER:$PORT $IPTABLES -t nat -A OUTPUT -p tcp -dport 53 -j DNAT -to-destination $SERVER:$PORT $IPTABLES -t nat -A OUTPUT -d 127.0.0.1 -j RETURN $IPTABLES -t nat -A OUTPUT -o lo -j RETURN So my question is, if let's say I have a socks5 server running at 192.168.1.1:1088 which tunnels all connections via vmess protocol (aka V2Ray) to remote servers in the US, how do I create my custom script? I have tried: IP6TABLES=/system/bin/ip6tables It looks like AFWall+ is able to create a NAT forwarding policy to keep all traffic going through a SOCKS5 proxy and fool Google apps into thinking they are not connected via a VPN (Google apps implement additional security measures when connecting via VPNService and if you are in China you will not pass the security check - the security check requests don't go through VPN, so they will EOF because GFW will kill these requests, read more here). ![]()
0 Comments
Leave a Reply. |