Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added support for FreeBSD/OpenBSD #201

Merged
merged 1 commit into from
Jun 29, 2024
Merged

added support for FreeBSD/OpenBSD #201

merged 1 commit into from
Jun 29, 2024

Conversation

ge9
Copy link

@ge9 ge9 commented Jun 25, 2024

Added support for FreeBSD/OpenBSD (#200).

FreeBSD

Tested with FreeBSD 14.0, ipfw, with redirector=generic.

The main point is setting "IP_BINDANY" to avoid os error 49 (Can't assign requested address) at bound_udp_get(). Also, sizeof(struct sockaddr_in) seems to be required to avoid "Invalid address" error.

This is my script for ipfw/ifconfig.

kldload ipfw
fwcmd=ipfw
ifconfig em0 alias 10.0.2.25 netmask 0xffffff00
$fwcmd add 100 allow all from any to any via lo0
$fwcmd add 500 fwd 127.0.0.1,22222 tcp from 10.0.2.25 to any
$fwcmd add 600 fwd 127.0.0.1,22222 udp from 10.0.2.25 to any
$fwcmd add 700 allow ip from any to any

FreeBSD has firewalls other than IPFW, i.e. pf and ipfilter (ipf).

pf partially worked but destination addresses were obtained as the transparent proxy port (127.0.0.1:22222), useless in actual cases. For TCP, there is a way to get the original destination, but this seems not work for UDP (https://stackoverflow.com/questions/46675715/how-do-i-get-the-original-destination-ip-of-a-redirected-connection-with-pf-on-f#comment119982054_56689694).

FYI, this is my pf configiration.

rdr pass on lo0 proto {tcp, udp} from 10.0.2.25 -> 127.0.0.1 port 22222
pass out quick route-to lo0 from 10.0.2.25
pass

For ipfilter, I couldn't figure out how to set it up for transparent proxy (though it seems supported by redsocks according to documentation).

I also tried pfSense, but strangely, only UDP worked. (TCP packets won't be received by redsocks).

OpenBSD

Tested with OpenBSD 7.5 and pf, redirector=generic.

I added 10.0.2.25 as before, and this is the configuration.

pass        # establish keep-state
pass in quick proto {tcp, udp} from 10.0.2.25 to ! 10.0.2.25 divert-to 127.0.0.1 port 22222
pass out quick proto {tcp, udp} from 10.0.2.25 route-to lo0

To make it work, I added some options like IP_RECVDSTADDR for sockets, according to man page documentation on divert-to syntax. ge9@65fa263
Currently it support only IPv4. (IPv6 udp relay seems not supported by redsocks itself)

Also, similarly to FreeBSD, SO_BINDANY is set to avoid os error 49.

If we use rdr-to instead of divert-to here, the destination addresses are obtained as 127.0.0.1:22222, much like the behavior of FreeBSD's pf.

redirector=pf doesn't work correctly for TCP, because it's for FreeBSD's pf.

I also tried NetBSD which OpenBSD originates from, but it seems that there are no divert-to in NetBSD's pf.

@ge9 ge9 mentioned this pull request Jun 25, 2024
Closed
@semigodking
Copy link
Owner

Thank you for great PR. Redsocks2 supports IPv6. I think you could improve IPv6 for BSD by new PR.

@semigodking semigodking merged commit 82fa950 into semigodking:master Jun 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ge9 @semigodking