Hi,
I'm scratching my head on this and I hope that someone is able to help me out.
I want to transparently proxy only tcp traffic trough dante server, this is to understand how different tcp congestion control algorithms affect the end user quality of experience.
I have the following test environment:
And the following nftables rules:
flush ruleset
table ip nat {
chain postrouting {
type nat hook postrouting priority 0;
oifname "eth1" masquerade
}
chain REDSOCKS {
type nat hook output priority 0; policy accept;
ip protocol tcp skuid != 1000 return
ip daddr 0.0.0.0/8 return
ip daddr 10.0.0.0/8 return
ip daddr 100.64.0.0/10 return
ip daddr 127.0.0.0/8 return
ip daddr 169.254.0.0/16 return
ip daddr 172.16.0.0/12 return
ip daddr 192.168.0.0/16 return
ip daddr 198.18.0.0/15 return
ip daddr 224.0.0.0/4 return
ip daddr 240.0.0.0/4 return
ip protocol tcp redirect to 12345
}
}
redsocks config is:
log_debug = on;
log_info = on;
log = "file:/var/log/redsocks.log";
redirector = iptables;
rlimit_nofile = 65536;
redsocks_conn_max = 65536;
Dante by itself is working fine, the rules appear to be working fine, client can browse the web and all, but client connections are not showing up on redsocks.log (the log file is generated correctly).
So, are my rules correct? How can I be sure traffic is being sent trough dante?
Thank you, have a nice day.
Hi,
I'm scratching my head on this and I hope that someone is able to help me out.
I want to transparently proxy only tcp traffic trough dante server, this is to understand how different tcp congestion control algorithms affect the end user quality of experience.
I have the following test environment:
And the following nftables rules:
redsocks config is:
Dante by itself is working fine, the rules appear to be working fine, client can browse the web and all, but client connections are not showing up on redsocks.log (the log file is generated correctly).
So, are my rules correct? How can I be sure traffic is being sent trough dante?
Thank you, have a nice day.