Linux devices allow for a host-wide transparent-proxying for all application, the concept is to redirect the traffic (using iptables) to a local port, where a special application is running. The application forwards the connection over a SOCKS proxy, and everything should go well. But what if the device you are working with does not have iptables enabled kernel and/or the ability to install the forwarding application?
Run the application on another computer, and make it as your default gateway!
This is the main idea behind the solution, we will setup a local computer with what it takes to do the transparent-proxy thing, and redirect traffic from the other device to this one.
Install, and configure, redsocks
We are going to install redsocks: This tool allows you to redirect any TCP connection to SOCKS or HTTPS proxy using your firewall, so redirection is system-wide.
sudo apt-get install redsocks
Configure redsocks.conf:
sudo nano /etc/redsocks.conf
redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 0.0.0.0;
local_port = 12345;
// `ip' and `port' are IP and tcp-port of proxy-server
ip = 127.0.0.1;
port = 9999;
// known types: socks4, socks5, http-connect, http-relay
type = socks5;
}
This assumes I am running a socks5 proxy on port 9999.
Next we will create the iptables chain:
# Create new chain
sudo iptables -t nat -N REDSOCKS
# Ignore LANs and some other reserved addresses.
sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to port 12345
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
And will add the rules that define which packets should be forwarded to the REDSOCKS chain:
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDSOCKS
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDSOCKS
This will take care of outgoing connections to 80, 443 ports (http, https).
Now we run redsocks:
sudo killall redsocks
sudo redsocks -c /etc/redsocks.conf
Configuring the other device to use the new setup
The idea here is to use route utility to change the device default route from the router to our host above.
For the reference, the device I am doing here is a Nook Simple Touch, it runs Android 2.1, and does not have iptables itself. The device is rooted, and I am connecting using adb shell.
First I will invoke route by itself, to see current routing information:
# busybox route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 tiwlan0
default 192.168.1.1 0.0.0.0 UG 0 0 0 tiwlan0
Now I will delete my router (192.168.1.1), and add my laptop (192.168.1.100) instead as the default route (For a reason that I don’t know, I have to do some browsing from the nook, then the two devices can ping each other, then I can proceed with the following):
busybox route del default gw 192.168.1.1 tiwlan0
busybox route add default gw 192.168.1.100 tiwlan0
Important: I am using busybox route instead of route, because the default route binary is not working on this device.
And on the mother PC, where redsocks is installed, I do the following:
iptables -t nat -A PREROUTING -p tcp -s 192.168.1.200 -j REDSOCKS
Where 192.168.1.200 is my nook IP. You have to do the following as well (to allow for domain name lookup):
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo echo 1 > /proc/sys/net/ipv4/ip_forward
And that’s it, now your Android apps should all be proxified through the configured proxy.
Summary of addresses
For convenience, and for the sake of clarity, here is a list of used addresses in the above setup:
192.168.1.1router192.168.1.100The computer that hosts redsocks and iptables.:12345The configured port for redsocks:9999The configured socks proxy (ssh -D9999for example.)
192.168.1.200The android device that lacks iptables/redsocks. We set its default gateway to be192.168.1.100.