You are not logged in.
I'm trying to proxy Discord WebRTC traffic through shadowsocks proxy (redsocks at port 9049 -> shadowsocks at port 9050):
$ doas iptables -t nat -N REDSOCKS
$ doas iptables -t nat -A REDSOCKS -p udp -j REDIRECT --to-ports 9049
$ for port in {50000..50010}; do
doas iptables -t nat -A OUTPUT -p udp --dport $port -j REDSOCKS
done
$ doas redsocks -c /etc/redsocks.conf
1728734491.493014 notice main.c:167 main(...) redsocks started, conn_max=128
$ sslocal -U -b 127.0.0.1:9050 --server-url "ss://.../?outline=1"
INFO shadowsocks local 1.21.0 build 2024-09-22T18:06:17.170776391+00:00
INFO shadowsocks socks TCP listening on 127.0.0.1:9050
INFO shadowsocks socks5 UDP listening on 127.0.0.1:9050
with wireshark it's seen that UDP traffic indeed gets redirected to a proxy IP:
208 1.711190732 192.168.1.14 xx.xx.xx.xx UDP 171 57706 → xxxx Len=129
209 1.711200583 192.168.1.14 xx.xx.xx.xx UDP 171 35816 → xxxx Len=129
however, the Discord logs report the following:
Creating connection to 35.217.46.15:50006 with audio ssrc: 64920
RTC connection state: RTC_CONNECTING => NO_ROUTE
Error occurred while connecting to RTC server: [OnConnectAttemptTimedOut] Connection timed out 3 times.
Disconnected from RTC server, clean: true, code: 1000, reason: Force Close, state: NO_ROUTE
Redsocks configuration:
$ cat /etc/redsocks.conf
base {
log_debug = off;
log_info = on;
log = stderr;
daemon = off;
redirector = iptables;
}
redsocks {
local_ip = 127.0.0.1;
local_port = 9049;
ip = 127.0.0.1;
port = 9050;
type = socks5;
}
redudp {
local_ip = 127.0.0.1;
local_port = 9049;
ip = 127.0.0.1;
port = 9050;
}
dnstc {
local_ip = 127.0.0.1;
local_port = 5300;
}
dnsu2t {
local_ip = 127.0.0.1;
local_port = 5313;
remote_ip = 8.8.8.8;
remote_port = 53;
}
Offline
had to do something similar on my mail server as sendmail doesn't respect the port in a nullclient config
look at the second answer to https://serverfault.com/questions/10047 … k-redirect using firewalld and a policy
as firewalld is just a frontend to iptables/nftables it should be able to write the result yourself without firewalld
Offline