By default the kernel refuses to route packets with the loopback as source or destination.
You'll need to play with the sysctl route_localnet values, so better make socks5 listen on all interfaces.
Create a set containing the IP addresses to be excluded.
#/etc/config/firewall
config ipset
option name 'localnets'
option match 'dest_net'
option enabled '1'
list entry '10.0.0.0/8'
list entry '172.16.0.0/12'
list entry '192.168.0.0/16'
config redirect
option name 'Redirect-all-but-localnets'
option target 'DNAT'
option src 'lan'
list proto 'tcp'
option src_dport '0-65535'
option ipset '!localnets'
option dest_port '12345'
Note that a DNAT rule cannot have '*' as source.
If you have multiple zones, create as many rules as needed.
Check the rule for hits by running nft list chain inet fw4 dstnat_lan