dest-unreach / socat / contrib / redirection
Vitaly _Vi Shukela implemented a redirect features that allows to use socat as kind of transparent socksifier/proxyfier.
I think it is useful for socat to be able to use non-fixed destination addresses for SOCKS servers to handle "-j REDIRECT" target in iptables.
I've quickly hacked this capability now can "socksify" connections at host/network level.
iptables -t nat -A OUTPUT -d 127.0.0.0/8 -j RETURN iptables -t nat -A OUTPUT -d 10.0.0.0/8 -j RETURN iptables -t nat -A OUTPUT -d 212.95.48.19 -j RETURN iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1234 ssh vi@xyz.95.48.19 -D 127.0.0.1:1080 /opt/socat/bin/socat -v -d -d tcp-l:1234,fork,reuseaddr 'socks5:REDIRECT:REDIRECT|tcp:127.0.0.1:1080'
And now all my internet goes thought the SSH.
Using 'PREROUTING' chain I can get other hosts to transparently connect through the SOCKS servers.
Tested (only a bit) with socks4, socks5, tcp and proxy targets. Also it adds two more environment variables.
The patch is hackish (I haven't studied the code of socat well), but you may integrate the changes in some better way if you find it useful.
Apply this patch to socat 2.0.0-b3 source.
socat-redirect-1.patch
socat-redirect-2.patch
socat-redirect-3.patch
socat-redirect-4.patch
A similar but more flexible solution is planned for the long term, therefore this patch will not join socats mainline.