WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: redsocks - problems with the -d option  (Read 3324 times)

Offline netnomad

  • Hero Member
  • *****
  • Posts: 1026
redsocks - problems with the -d option
« on: October 15, 2011, 01:20:48 PM »
hi vitex,

today i downloaded your redsocks.tcz and your via-ssh.sh, too.
the basic idea and your script seems to be a great piece of work.
that is something i was looking for so long...and i think it's superior to tsocks...

do i need to change my config in the browser concerning proxy or socks?

usually i use the ssh-tunnel (ssh -D 1080 host), but i have to edit this used port in my browser.
or i use tor with polipo and i have to adjust my browser-network-settings, too.

i know tsocks under debian, and with tsocks  i can use my browser without changed settings,
while i use following pre-command:
tsocks browser           or
tsocks mailclient
and so on.

i didn't succeed yet with your redsocks-package....
what are the basic and needed steps?

i loaded your redsocks.tcz
then i started in a terminal:
./via-ssh.sh -v -d myhost:mysshport
and all the messages sounded fine, but my browser didn't work anymore, no requests were dissolved...
i couldn't ping a www.something.com anymore, so the dns didn't work in my config.
after terminating your script with strg-c, the browser worked fine again.

you would do my a great favor, if you give me some hints.
thank you for your help.
« Last Edit: October 15, 2011, 01:40:01 PM by netnomad »

Offline netnomad

  • Hero Member
  • *****
  • Posts: 1026
Re: redsocks - problems with the -d
« Reply #1 on: October 15, 2011, 01:39:20 PM »
now i succeeded with the your script without the -d option:

./via-ssh.sh -v myhost:mysshport

but i guess it makes sense to use the -d option.

thank you for your help.

Offline netnomad

  • Hero Member
  • *****
  • Posts: 1026
Re: redsocks - problems with the -d option
« Reply #2 on: October 15, 2011, 01:53:06 PM »
your script gives all needed informations, but i'm not sure whether i understand enough to get security...

after starting pdnsd with
sudo /usr/local/etc/init.d/pdnsd start -mto -g
also
./via-ssh.sh -v -d myhost:mysshport
works fine, the dns-resolution works and the messages of pdnsd are looking fine...

where do you see dangerous misconfigurations or wrong usage of these two packages?
« Last Edit: October 15, 2011, 02:18:23 PM by netnomad »

Offline vitex

  • Full Member
  • ***
  • Posts: 113
Re: redsocks - problems with the -d option
« Reply #3 on: October 15, 2011, 03:57:00 PM »
I have started the thread Using redsocks to implement a system-wide OpenSSH SOCKS proxy with a better description of how to use the script.  I prefer to use that thread for future questions.


do i need to change my config in the browser concerning proxy or socks?

No.  When the script is active, all TCP traffic is sent through the proxy without any changes to the  configuration of any applications.

Quote
i didn't succeed yet with your redsocks-package....
what are the basic and needed steps?

i loaded your redsocks.tcz
then i started in a terminal:
./via-ssh.sh -v -d myhost:mysshport
and all the messages sounded fine, but my browser didn't work anymore, no requests were dissolved...

If you use the "-d" option, DNS queries will not be handled unless you start pdnsd.

Quote
i couldn't ping a www.something.com anymore, so the dns didn't work in my config.
after terminating your script with strg-c, the browser worked fine again.

Ping works for me.
« Last Edit: October 15, 2011, 06:43:56 PM by vitex »

Offline vitex

  • Full Member
  • ***
  • Posts: 113
Re: redsocks - problems with the -d
« Reply #4 on: October 15, 2011, 04:04:57 PM »
now i succeeded with the your script without the -d option:

./via-ssh.sh -v myhost:mysshport

but i guess it makes sense to use the -d option.

thank you for your help.

You only need to use the -d option if you want to hide the locations (DNS queries) to which you are sending TCP traffic. 

If I were using my netbook at the local library and have a proxy to my router at home, I might want to encrypt my TCP traffic but not care about hiding the sites that I am visiting with my browser.  In such a case, I would not bother with the -d option and starting pdnsd.

Offline netnomad

  • Hero Member
  • *****
  • Posts: 1026
Re: redsocks - problems with the -d option
« Reply #5 on: April 14, 2014, 02:21:10 AM »
hi vitex,

i really appreciate your via-ssh.sh-tool and i use it regularly.

would you be so kind and offer it for dCore, that you make some adjustments?

thank you for your help.