dest-unreach / socat / contrib / redirection

Proxy redirection feature

Introduction

Vitaly _Vi Shukela implemented a redirect features that allows to use socat as kind of transparent socksifier/proxyfier.

Message of the contributor

I think it is useful for socat to be able to use non-fixed destination addresses for SOCKS servers to handle "-j REDIRECT" target in iptables.

I've quickly hacked this capability now can "socksify" connections at host/network level.

iptables -t nat -A OUTPUT -d 127.0.0.0/8 -j RETURN
iptables -t nat -A OUTPUT -d 10.0.0.0/8 -j RETURN
iptables -t nat -A OUTPUT -d 212.95.48.19 -j RETURN
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1234

ssh vi@xyz.95.48.19 -D 127.0.0.1:1080

/opt/socat/bin/socat -v -d -d tcp-l:1234,fork,reuseaddr 'socks5:REDIRECT:REDIRECT|tcp:127.0.0.1:1080'

And now all my internet goes thought the SSH.

Using 'PREROUTING' chain I can get other hosts to transparently connect through the SOCKS servers.

Tested (only a bit) with socks4, socks5, tcp and proxy targets. Also it adds two more environment variables.

The patch is hackish (I haven't studied the code of socat well), but you may integrate the changes in some better way if you find it useful.

Requisites

Apply this patch to socat 2.0.0-b3 source.

Download

socat-redirect-1.patch
socat-redirect-2.patch
socat-redirect-3.patch
socat-redirect-4.patch

Future

A similar but more flexible solution is planned for the long term, therefore this patch will not join socats mainline.