Redsocks and Dante-Server on Debian 12 and NfTables

[fernandodiacenco]

Hi,

I'm scratching my head on this and I hope that someone is able to help me out.

I want to transparently proxy only tcp traffic trough dante server, this is to understand how different tcp congestion control algorithms affect the end user quality of experience.

I have the following test environment:

And the following nftables rules:

flush ruleset

table ip nat {
  chain postrouting {
    type nat hook postrouting priority 0;
    oifname "eth1" masquerade
  }

  chain REDSOCKS {
    type nat hook output priority 0; policy accept;

    ip protocol tcp skuid != 1000 return

    ip daddr 0.0.0.0/8      return
    ip daddr 10.0.0.0/8     return
    ip daddr 100.64.0.0/10  return
    ip daddr 127.0.0.0/8    return
    ip daddr 169.254.0.0/16 return
    ip daddr 172.16.0.0/12  return
    ip daddr 192.168.0.0/16 return
    ip daddr 198.18.0.0/15  return
    ip daddr 224.0.0.0/4    return
    ip daddr 240.0.0.0/4    return

    ip protocol tcp redirect to 12345
  }
}

redsocks config is:

log_debug = on;
log_info = on;
log = "file:/var/log/redsocks.log";
redirector = iptables;
rlimit_nofile = 65536;
redsocks_conn_max = 65536;

Dante by itself is working fine, the rules appear to be working fine, client can browse the web and all, but client connections are not showing up on redsocks.log (the log file is generated correctly).

So, are my rules correct? How can I be sure traffic is being sent trough dante?

Thank you, have a nice day.