redsocks not forwarding proxy requests in RHEL 8

[justinschw]

I am trying to figure out what the cause is. It worked flawlessly for me in debian.

I am running RHEL 8 right now, and I set up redsocks in exactly the same way to try and transparently proxy to squid. Here is my redsocks.conf:

base {
 log_debug = off;
 log_info = on;
 log = "file:/var/log/redsocks.log";
 daemon = on;
 user = redsocks;
 group = redsocks;
 redirector = iptables;
}
redsocks {
 local_ip = 127.0.0.1;
 local_port = 12345;
 ip = 127.0.0.1;
 port = 3128;
 type = http-connect;
}

Here are the iptables commands I use:

iptables -t nat -A OUTPUT -m owner --uid-owner justin -p tcp --dport 80 -j REDIRECT --to-port 12345
iptables -t nat -A OUTPUT -m owner --uid-owner justin -p tcp --dport 443 -j REDIRECT --to-port 12345
ip6tables -t nat -A OUTPUT -m owner --uid-owner justin -p tcp --dport 80 -j REDIRECT --to-port 12345
ip6tables -t nat -A OUTPUT -m owner --uid-owner justin -p tcp --dport 443 -j REDIRECT --to-port 12345

In the redsocks logs I can see that new connections are coming in, but nothing else.

1616694520.847829 notice main.c:165 main(...) redsocks started, conn_max=32768
1616694605.629614 info redsocks.c:1243 redsocks_accept_client(...) [10.0.0.169:33050->52.39.165.66:443]: accepted
1616694606.421735 info redsocks.c:1243 redsocks_accept_client(...) [10.0.0.169:45062->172.217.2.4:443]: accepted
1616694606.682479 info redsocks.c:1243 redsocks_accept_client(...) [10.0.0.169:45066->172.217.2.4:443]: accepted

On the client side, the connection just spins for a while before timing out.
When I look at a pcap, I can see the connect requests coming into squid, but no handshake, etc.

Any idea where to start looking? I can connect to the squid proxy manually and it works fine, so it is hard to imagine that squid is the problem.

I disabled SELinux to see if that was causing problems, that didn't help.

[antenore]

It could be a conflict between firewalld, iptables and nftables.

I think it's better you convert the iptables rules to Nftable (there are tools for this).

If firewalld is enabled you should disable it, be sure nftable is disabled as well and run only iptables, or better, migrate to nftable and be sure the other services are disabled. Be sure to migrate all the rules you have

[chromer030]

@antenore is nftable supported by redsocks ?

[antenore]

I use it, with iptables as backend, so yes

[chromer030]

I'm using it with iptables , i wish #143 will be merged soon.
iptables is deprecated and marked as legacy.

[antenore]

@chromer030 as I said redsocks works out of the box with nftable, that MR is just informational

[chromer030]

I use it, with iptables as backend

You said iptable !
But thank you for informing , i will switch to nftable.

[antenore]

Yes, in the redsocks configuration you have to use the iptables back-end, but on Linux you use nftable

[andronoob]

Could this be related to #123?