IntroductionWhat: TranSocks is a transparent proxy that relays traffic through a SOCKS proxy. Why: If your want to transparently route network traffic through a SOCKS server, then TranSocks is for you. You might need to do this for one or more of the following reasons:
How: Transocks is a user-space daemon for Linux that does this, in conjunction with Linux IP Tables. You can use TranSocks to only handle traffic from the Linux machine running TranSocks, or you can run it on a Linux router that other machines on your network route through. Many TCP applications will work without modifications. TranSocks currently uses SOCKS version 4 and therefore does not support UDP. FAQ
InstallationWe don't currently distribute binaries, so you will have to compile TranSocks yourself. The source code can be downloaded from anonymous CVS. To compile TranSocks, you will first need a SOCKS client library such as: UsageRun TranSocks:/usr/local/sbin/transocks (or wherever you installed it)TranSocks takes two options:
Transocks doesn't need to run as root unless you want it to listen on a privileged port. You should be running Linux with IP Tables. You will need to setup firewall rules to enable the transparent proxy. The following script creates a SOCKSIFY chain for all TCP traffic destined for hosts outside the local network: #!/bin/sh LOCAL_NET=192.168.0.0/16 iptables -t nat -X SOCKSIFY iptables -t nat -N SOCKSIFY #Exceptions iptables -t nat -A SOCKSIFY -o lo -j RETURN iptables -t nat -A SOCKSIFY --dst 127.0.0.1 -j RETURN iptables -t nat -A SOCKSIFY --dst $LOCAL_NET -j RETURN #Avoid feedback loops iptables -t nat -A SOCKSIFY -m owner --cmd-owner transocks -j RETURN #Log iptables -t nat -A SOCKSIFY -j LOG -p tcp --syn --log-level info \ --log-prefix "SOCKSify " #Send to transocks iptables -t nat -A SOCKSIFY -p tcp -j REDIRECT --to-port 1211 # Socksify traffic leaving this host: iptables -t nat -A OUTPUT -p tcp --syn -j SOCKSIFY # Socksify traffic routing through this host: iptables -t nat -A PREROUTING -p tcp -s $LOCAL_NET --syn -j SOCKSIFY CaveatsThere's no support for UDP at present. Transocks forks and creates a new process to service each connection. This is the simplest way to do it but it's not very scalable as it is limited by the maximum number of processes. FTP will only work in passive mode. Other application protocols which similarly use reverse connections will also not work. Transocks is best used for those apps that do not support SOCKS natively. Direct usage of SOCKS is likely to have better performance, and certainly has broader protocol support. Future Work(Volunteers Welcome) ContactPlease send bug reports/patches/comments to: mefisk@gmail.com The latest version of TranSocks is available at: http://TranSocks.sourceforge.net/ |