6

I have a laptop with linux installed on it. The laptop has two network interfaces: eth0 and wlan0. Normally I surf the Internet through eth0, and I've successfully set up a hotspot in linux for my kindle to use. Important codes are as follows: 

# Enable NAT
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Run access point daemon
sudo hostapd /etc/ap-hotspot.conf

Usually I would like to surf the Internet through an encrypted socks5 proxy: 127.0.0.1:10000, and I want the proxy system-wide, so I installed redsocks, which can redirect all the TCP connections to the socks5 proxy. Important codes are as follows:

#redsocks requires all the data to be redirected to port 12345, and the socks5 address and port(127.0.0.1:10000) has been written to redsocks's configuration file.
sudo iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 12345

So far, It seems everything works great. My kindle can connect to the hotspot, and I can surf the Internet through a system-wide proxy in linux. The problem is, my kindle bypasses the socks5 proxy and connects to the Internet directly. So how to make my kindle go through the proxy when using the hotspot? I mean, how to do it in linux, because there's no way to set up a proxy in my kindle.

Searene
  • 903
  • 2
  • 11
  • 14

3 Answers3

2

I have a similar set up. wlan0 is connected to the internet (through my router) while wlan1 acts as a hotspot (Access Point) for my Android phone. wlan1 is set up with ipv4 address 10.0.0.1/24 that is my phone gets ip address in the 10.0.0.x range.

The iptables rule I use to pass all traffic from my phone through redsocks is:

sudo iptables -t nat -A PREROUTING -s 10.0.0.0/24 -p tcp -j REDIRECT --to-ports 12345

As far as I understand it this rule basically takes all tcp traffic from any source device with address 10.0.0.0/24 and redirects it to the 12345 port which passes it through redsocks.

Abid H. Mujtaba
  • 121
0

For me, redsocks worked with "socks5" proxy, for "http" proxy, i replaced it with "transocks", my iptables config looks like that:

#!/usr/bin/bash

Transocks: https://github.com/cybozu-go/transocks


set -e
stty -echoctl


Point to the transparent socket port (running in an exclusive user)


TRANSOCKS_PORT=12345
TRANSOCKS_USER=transocks


Redirect all the network of your computer (except transocks user)


REDIRECT_LOCAL_NETWORK=1


Redirect access point (wifi hotspot)


AP_SUBNET_ENABLED=1
AP_SUBNET_IFACE=ap0
AP_SUBNET_RANGE="192.168.12.0/24"


function action_up()
{
    echo "-----------------------------"
    echo "# Adding iptables chain rules"
    echo "-----------------------------"
    iptables -v -t nat -N TRANSOCKS
    iptables -v -t nat -A TRANSOCKS -d 0.0.0.0/8 -j RETURN
    iptables -v -t nat -A TRANSOCKS -d 10.0.0.0/8 -j RETURN
    iptables -v -t nat -A TRANSOCKS -d 100.64.0.0/10 -j RETURN
    iptables -v -t nat -A TRANSOCKS -d 127.0.0.0/8 -j RETURN
    iptables -v -t nat -A TRANSOCKS -d 169.254.0.0/16 -j RETURN
    iptables -v -t nat -A TRANSOCKS -d 172.16.0.0/12 -j RETURN
    iptables -v -t nat -A TRANSOCKS -d 192.168.0.0/16 -j RETURN
    iptables -v -t nat -A TRANSOCKS -d 198.18.0.0/15 -j RETURN
    iptables -v -t nat -A TRANSOCKS -d 224.0.0.0/4 -j RETURN
    iptables -v -t nat -A TRANSOCKS -d 240.0.0.0/4 -j RETURN
    iptables -v -t nat -A TRANSOCKS -p tcp -j REDIRECT --to-ports $TRANSOCKS_PORT


if [ "$REDIRECT_LOCAL_NETWORK" = 1 ]; then
    echo "--------------------------------"
    echo "# Redirecting non-transocks user"
    echo "--------------------------------"
    iptables -v -t nat -A OUTPUT -p tcp -m owner ! --uid-owner $TRANSOCKS_USER -j TRANSOCKS
fi

if [ "$AP_SUBNET_ENABLED" = 1 ]; then
    echo "-----------------------"
    echo "# Redirecting AP subnet"
    echo "-----------------------"
    iptables -v -t nat -I PREROUTING -i $AP_SUBNET_IFACE -s $AP_SUBNET_RANGE -j TRANSOCKS
    iptables -v -I INPUT -i $AP_SUBNET_IFACE -s $AP_SUBNET_RANGE -p tcp -m tcp --dport $TRANSOCKS_PORT -j ACCEPT
fi



}


function action_down()
{
    if [ "$REDIRECT_LOCAL_NETWORK" = 1 ]; then
        echo "------------------------------"
        echo "# Cleaning non-transocks rules"
        echo "------------------------------"
        iptables -v -t nat -D OUTPUT -p tcp -m owner ! --uid-owner $TRANSOCKS_USER -j TRANSOCKS
    fi


if [ "$AP_SUBNET_ENABLED" = 1 ]; then
    echo "--------------------------"
    echo "# Cleaning AP subnet rules"
    echo "--------------------------"
    iptables -v -t nat -D PREROUTING -i $AP_SUBNET_IFACE -s $AP_SUBNET_RANGE -j TRANSOCKS
    iptables -v -D INPUT -i $AP_SUBNET_IFACE -s $AP_SUBNET_RANGE -p tcp -m tcp --dport $TRANSOCKS_PORT -j ACCEPT
fi

echo "-----------------------------"
echo "# Cleaning and removing chain"
echo "-----------------------------"
iptables -v -F TRANSOCKS -t nat
iptables -v -X TRANSOCKS -t nat



}


trap 'action_down' SIGINT


action_up


echo
echo "Hit Ctrl+C to remove the ip table rules"
echo


while :
do
    sleep 1
done
Anderson Danilo
  • 11
0

I have not had any experience with hostapd, but chances are that it modifies the routing table (and maybe even iptables).

after you start hostapd, it may be a good idea to run

netstat -nr

iptables -t nat -L

iptables -t filter -L

and try to work out where the packets are heading.

then, crank up your redsocks and have a new look at the full iptables setup

let me know those outputs, i may be able to help

user1649339
  • 1