GithubHelp home page GithubHelp logo

Comments (5)

dista avatar dista commented on June 25, 2024 3

@gilcu3 Sorry, I can not remember the detail now. I original use redsocks with shadowsocks as an transparent proxy. Now I can archive transparent proxy with just shadowsocks-libev. My shadowsocks config files: https://github.com/dista/tools/tree/master/ss-ev-scripts

from redsocks.

samos123 avatar samos123 commented on June 25, 2024

I'm having the same issue. Many https sites don't work while some do work. @kiddyfurby

https://www.google.com and searching my ip shows that everythign is working well

Going to https://www.facebook.com in firefox shows: Secure connection failed
Doing wget https://www.facebook.com shows Unable to establish SSL connection.

Can provide any more information as requested. These are my iptables rules:

iptables -t nat -S 
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N REDSOCKS
-A PREROUTING -i wlan0 -p tcp -j REDSOCKS
-A POSTROUTING -s 10.0.0.0/24 ! -d 10.0.0.0/24 -o eth0 -j MASQUERADE
-A REDSOCKS -d my_socksproxy_server_ip -j RETURN
-A REDSOCKS -d 0.0.0.0/8 -j RETURN
-A REDSOCKS -d 10.0.0.0/8 -j RETURN
-A REDSOCKS -d 127.0.0.0/8 -j RETURN
-A REDSOCKS -d 169.254.0.0/16 -j RETURN
-A REDSOCKS -d 172.16.0.0/12 -j RETURN
-A REDSOCKS -d 192.168.0.0/16 -j RETURN
-A REDSOCKS -d 224.0.0.0/4 -j RETURN
-A REDSOCKS -d 240.0.0.0/4 -j RETURN
-A REDSOCKS -p tcp -j REDIRECT --to-ports 31338

iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N TCP
-N UDP
-N fw-interfaces
-N fw-open
-A INPUT -i wlan0 -p udp -m udp --dport 31338 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 31338 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j fw-interfaces
-A FORWARD -j fw-open
-A FORWARD -j REJECT --reject-with icmp-host-unreachable
-A TCP -s 10.0.0.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A TCP -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A TCP -i wlan0 -p tcp -m tcp --dport 53 -j ACCEPT
-A TCP -i wlan0 -p tcp -m tcp --dport 67 -j ACCEPT
-A TCP -s 192.168.60.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A UDP -i wlan0 -p udp -m udp --dport 53 -j ACCEPT
-A UDP -i wlan0 -p udp -m udp --dport 67 -j ACCEPT
-A fw-interfaces -i wlan0 -j ACCEPT

Related log (notice that 159.106.121.75 is facebook https)::
Sep 10 14:32:41 lemaker sslocal[2451]: 2015-09-10 14:32:41 INFO     connecting 216.58.221.35:80 from 127.0.0.1:33840
Sep 10 14:32:46 lemaker redsocks[2497]: [10.0.0.106:46401->159.106.121.75:443]: accepted
Sep 10 14:32:46 lemaker redsocks[2497]: [10.0.0.106:46401->159.106.121.75:443]: data relaying started
Sep 10 14:32:46 lemaker sslocal[2451]: 2015-09-10 14:32:46 INFO     connecting 159.106.121.75:443 from 127.0.0.1:33842
Sep 10 14:32:47 lemaker redsocks[2497]: [10.0.0.106:37337->63.245.217.162:443]: accepted
Sep 10 14:32:47 lemaker sslocal[2451]: 2015-09-10 14:32:47 INFO     connecting 63.245.217.162:443 from 127.0.0.1:33844
Sep 10 14:32:47 lemaker redsocks[2497]: [10.0.0.106:37337->63.245.217.162:443]: data relaying started
Sep 10 14:32:54 lemaker redsocks[2497]: [10.0.0.106:46401->159.106.121.75:443]: both client and server disconnected
Sep 10 14:32:54 lemaker redsocks[2497]: [10.0.0.106:46401->159.106.121.75:443]: dropping client
Sep 10 14:32:54 lemaker redsocks[2497]: [10.0.0.106:41780->159.106.121.75:443]: accepted
Sep 10 14:32:54 lemaker sslocal[2451]: 2015-09-10 14:32:54 INFO     connecting 159.106.121.75:443 from 127.0.0.1:33846
Sep 10 14:32:54 lemaker redsocks[2497]: [10.0.0.106:41780->159.106.121.75:443]: data relaying started
Sep 10 14:33:01 lemaker redsocks[2497]: [10.0.0.106:41780->159.106.121.75:443]: both client and server disconnected
Sep 10 14:33:01 lemaker redsocks[2497]: [10.0.0.106:41780->159.106.121.75:443]: dropping client
Sep 10 14:33:01 lemaker redsocks[2497]: [10.0.0.106:49450->159.106.121.75:443]: accepted
Sep 10 14:33:01 lemaker sslocal[2451]: 2015-09-10 14:33:01 INFO     connecting 159.106.121.75:443 from 127.0.0.1:33848
Sep 10 14:33:01 lemaker redsocks[2497]: [10.0.0.106:49450->159.106.121.75:443]: data relaying started
Sep 10 14:33:02 lemaker redsocks[2497]: [10.0.0.106:49450->159.106.121.75:443]: both client and server disconnected
Sep 10 14:33:02 lemaker redsocks[2497]: [10.0.0.106:49450->159.106.121.75:443]: dropping client
Sep 10 14:33:02 lemaker redsocks[2497]: [10.0.0.106:37023->159.106.121.75:443]: accepted
Sep 10 14:33:02 lemaker sslocal[2451]: 2015-09-10 14:33:02 INFO     connecting 159.106.121.75:443 from 127.0.0.1:33850

from redsocks.

dista avatar dista commented on June 25, 2024

I have the same issue. After some investigation I find that it is caused by DNS resolver. The ip address resolved in local machine can not be connected in proxy server.

So I installed pdnsd as a dns proxy in my local machine, and use -mto option(only use tcp so that it can be passed to my proxy server) to resolve DNS, then every is ok, now I can visit facebook or youtube.
Some notes: Some domain can't be resolved by DNS over TCP(maybe the DNS server can not find the domain), if that is the case, it can't be visited.

Hope that will help.

from redsocks.

gilcu3 avatar gilcu3 commented on June 25, 2024

@dista could you explain how to use pdnsd and redsocks together, I think I confront the same issue, the proxy restricts some direct https to ip, while not to name

from redsocks.

darkk avatar darkk commented on June 25, 2024

I'm not sure if the original issue was ever related to DNS.
There was some bug fixed between v0.4 and v0.5 that was caused by bad bufferevent juggling (I remember, that I've managed to reproduce it, but I don't remember exact commit), so I'm closing this issue.
Please, try v0.5 if you see issues with https.

from redsocks.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.