Community discussions

MikroTik App
  4. RouterOS
  5. General

Access to socks5 proxy installed in LAN from WAN.  [SOLVED]

Post Reply
 
NiPh
just joined
Topic Author
Posts: 3
Joined: Wed Feb 07, 2018 7:06 pm

Access to socks5 proxy installed in LAN from WAN.

Tue Apr 17, 2018 3:49 pm

It's very hard to find solution, because when I ask Google "mikrotik + socks +..." i receive a lot of information about internal RouterOS socks proxy.

I have SOCKS5 docker image, which is running normally at 192.168.1.104:32080, when i try smth like
Code: Select all
curl --socks5-hostname 192.168.1.104:32080 google.com
curl: (7) No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
And that's ok, apllications also working ok with this proxy (it is routed through VPN in Mikrotik, but i suppose that doesnt matter)

I have experience in port forwarding from wan to lan service, and know how to masquerade traffic, so that I can work with that service via external address from inside. I have such rules
Code: Select all
/ip firewall nat export
...
add action=netmap chain=dstnat dst-address=[my real static external ip] dst-port=32080 \
    protocol=tcp to-addresses=192.168.1.104
add action=netmap chain=dstnat dst-address=[my real static external ip] dst-port=32080 \
    protocol=udp to-addresses=192.168.1.104
add action=dst-nat chain=dstnat dst-address=[my real static external ip] dst-port=32080 \
    protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.104
add action=dst-nat chain=dstnat dst-address=[my real static external ip] dst-port=32080 \
    protocol=udp src-address=192.168.1.0/24 to-addresses=192.168.1.104
add action=masquerade chain=srcnat dst-address=192.168.1.104 dst-port=32080 \
    protocol=tcp src-address=192.168.1.0/24 src-port=""
add action=masquerade chain=srcnat dst-address=192.168.1.104 dst-port=32080 \
    protocol=udp src-address=192.168.1.0/24
but I couldn't connect to proxy not from real WAN, not from LAN by external IP. I am confused a bit, please give me a hint, what can be wrong?
Code: Select all
➜  ~ curl --socks5 [my real static external ip]:32080 google.com         
curl: (7) Failed to connect to [my real static external ip] port 32080: Operation timed out
After that request tcp counter in netmap rule increases, and that's all.

P.S. Mikrotik hAp ac, 6.41.4
Top
 
NiPh
just joined
Topic Author
Posts: 3
Joined: Wed Feb 07, 2018 7:06 pm

Re: Access to socks5 proxy installed in LAN from WAN.  [SOLVED]

Tue Apr 17, 2018 6:00 pm

Ok, I get it.
The problem was in VPN.
I've used Mangle to mark routing from that machine to vpn interface, so it also routed it's answer to proxy connection.
Rule was
Code: Select all
add action=mark-routing chain=prerouting new-routing-mark=vpn passthrough=no src-address=192.168.1.104
I changed it to
Code: Select all
add action=mark-routing chain=prerouting dst-address-list=!NO_VPN_LOCAL new-routing-mark=vpn passthrough=no src-address=192.168.1.104
where NO_VPN_LOCAL is list consists of external ip and 192.168.1.0/24. Now all is working, hope it will help someone )
Top
 
NiPh
just joined
Topic Author
Posts: 3
Joined: Wed Feb 07, 2018 7:06 pm

Re: Access to socks5 proxy installed in LAN from WAN.

Tue Apr 17, 2018 7:27 pm

That's not the end, it only allows to connect to socks server from LAN via WAN ip, but when i try to connect from outside - it fails to connect.

So, what I want - i want to connect to proxy port from external ip, and all other traffic - except local - goes to VPN. So...
Code: Select all
add action=mark-routing chain=prerouting log=yes log-prefix=vpnmark \
    new-routing-mark=vpn passthrough=no protocol=tcp src-address=192.168.1.104 \
    src-port=!32080
maybe i'll fix it again...
Top
 
User avatar
jitdor
just joined
Posts: 8
Joined: Tue Jul 07, 2015 9:17 pm

Re: Access to socks5 proxy installed in LAN from WAN.

Sun May 26, 2019 6:13 pm

Hi NiPh,

I'm trying to something similar, I have several VM running within my network, each of these VM is running a socks 5 server at port 1080 and I have mark routing rules under Mangle to route specific IP addresses to specific proxies. But it wouldn't work.

The only way I got it to work is by configuring the VM to tunnel all traffic through the proxy, assigning both external and internal interfaces to the VM, NAT the external interface, add a static route 0.0.0.0/0 and then route those specific traffic to this route. It is super inefficient so if you have a way to simply route traffic to the socks proxy, please let me know!

Thank you :)
Top
Post Reply
  4. RouterOS
  5. General