Setup transparent redirect of local traffic to proxy

Installing and Using OpenWrt
4

I got redsocks up and running in less than 10 mins, it's really no rocket science....

if using nftables

create 99-redsocks.nft in /etc/nftables.d, and paste the following into it

chain REDSOCKS {
        # hook to the output/prerouting
        type nat hook prerouting priority dstnat; policy accept;

        # skip for local ip ranges
        ip daddr 0.0.0.0/8      return
        ip daddr 10.0.0.0/8     return
        ip daddr 100.64.0.0/10  return
        ip daddr 127.0.0.0/8    return
        ip daddr 169.254.0.0/16 return
        ip daddr 172.16.0.0/12  return
        ip daddr 192.168.0.0/16 return
        ip daddr 198.18.0.0/15  return
        ip daddr 224.0.0.0/4    return
        ip daddr 240.0.0.0/4    return

        # everything else tcp = redirect to redsocks
        ip protocol tcp redirect to 12345
}

restart the network service, or reboot the router afterwards.

if using iptables

install iptables iptables-mod-nat-extra in addition to redsocks, and apply the iptables rules found on internet, only slightly modified to match OpenWRT's LAN interface.

iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 100.64.0.0/10 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 198.18.0.0/15 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -i br-lan -p tcp -j REDSOCKS
iptables -A INPUT -i br-lan -p tcp --dport 12345 -j ACCEPT

Don't forget to customize your /etc/redsocks.conf file too.

not very pretty, but I suck at firewall rules, I still use shorewall (not on OpenWRT) :slight_smile:

1751008062.934829 info redsocks.c:1243 redsocks_accept_client(...) [192.168.1.157:53498->208.79.209.138:443]: accepted
1751008063.208377 debug redsocks.c:341 redsocks_start_relay(...) [192.168.1.157:53498->208.79.209.138:443]: data relaying started
1751008064.087770 info redsocks.c:671 redsocks_drop_client(...) [192.168.1.157:53498->208.79.209.138:443]: connection closed
1751008064.768139 info redsocks.c:1243 redsocks_accept_client(...) [192.168.1.157:53499->2.21.240.94:443]: accepted
1751008065.426704 debug redsocks.c:341 redsocks_start_relay(...) [192.168.1.157:53499->2.21.240.94:443]: data relaying started