how to forward socks from mikrotik to another device

farzin · July 25, 2012, 3:00pm

hi , i have a mikrotik as router/gteway of a network , i want to have socks v5 in this network so i want to forward socks requests from this mikrotik which is currently as the gateway of my network to a windows machine. but as socks v4 is integrated in mikrotik , it doesnt allow me to forward socks requests from this mikrotik to that windows .
i tried removing all packages so that maybe i can remove socks from mikrotik but no result , every thing removed except socks

here is my config :
mikrotik ether 1 ip is : x.x.x.27
mikrotik ether 2 ip is : x.x.100.10/24

windows ip is : x.x.100.11 , gatewat is : x.x.100.10 ( mik ip )

i want to have port forwarding from this mikrotik to that win. so i have forwarded remote desktop tcp 3389 , and https port 123 , via dstnat to 100.11 .
remote desktop and https is working fine when the request come from network to the ip 27
so the packets are routing like this : Packet ( https/remote desktop ) → mikrotik → windows → socks app ( ccproxy ) → then return to the gateway and go back to the request sender. and they are just fine.
but about socks packets they fail to enter windows . mikrotik do not let them too pass from it . it only checks if socks v4 server is enable in mikrotik , then if anabled step 1 connects ( local mikrotik socks connection ) then step 2 fails as it cannot send socks v5 user/pass to the windows app.

any ideas for how to remove socks check / socks module from the mikrotik or how to some how bypass mikrotik socks protocol integration ?

farzin · July 28, 2012, 5:43pm

hi , as i had no success with forwarding socks port from mikrotik to win machines , i decided to use a linuc centos as a gateway . now i face another problem with pptp / l2tp authentications.

here is my server network now :
centos : ether 1 : ip : x.x.x.28 ↔ connected to DataCenter internet via cable
centos : ether 2 : ip : x.x.100.10 ( acts as a network gateway ) ( it should forward socks / https ports to windows machines via nat port forwarding )
my own internet ip : 1.2.3.4

win machine 1 : ip : x.x.100.11 , gateway : 100.10
it can get internet from that linux machine which is its gateway .
https / socks v5 / remote desktop ports forwarded to it are working just fine. ( i have no problem with win machines till here )

now i have a mikrotik router and i want it to act as a pptp / l2tp server.
ip : x.x.100.12/24 gateway : x.x.100.10
i have forwarded port 1723 from that linux 100.10 to 100.12 .

for example when i want to connect to remote desktop on that win machine , i use remote desktop x.x.x.28 , and linux 100.10 forwards 3389 to the win machine 100.11 and this works fine in my iptables nat.
or for example when i use winbox port to connect to mikrotik , i use the server ip 28 , the linux 100.10 forwards winbox port to the mikrotik 100.12 and it is working without any problems.

now when i want to connect to pptp vpn on that win , or pptp vpn in that mikrotik ( i have tested 2 configurations with no result ) , the target machines recieve the request . but when they want to authenticate they timeout and disconnect.

pptp,ppp,debug,packet  <x.x.100.10>: sent LCP ConfReq id=0x1
9 pptp,ppp,debug,packet    <mru 1460>
pptp,ppp,debug,packet    <magic 0x49030c70>
pptp,ppp,debug,packet    <auth  mschap2>
pptp,ppp,debug <x.x.100.10>: LCP timer
 pptp,ppp,debug,packet  <x.x.100.10>: sent LCP ConfReq id=0x2
 pptp,ppp,debug,packet    <mru 1460>
 pptp,ppp,debug,packet    <magic 0x49030c70>
pptp,ppp,debug,packet    <auth  mschap2>
 pptp,ppp,debug <x.x.100.10>: LCP timer
 pptp,ppp,debug,packet  <x.x.100.10>: sent LCP ConfReq id=0x3
 pptp,ppp,debug,packet    <mru 1460>
 pptp,ppp,debug,packet    <magic 0x49030c70>
 pptp,ppp,debug,packet    <auth  mschap2>
 pptp,ppp,debug <x.x.100.10>: LCP timer
 pptp,ppp,debug <x.x.100.10>: [b]LCP timeout sending ConfReq[/b]
 pptp,ppp,debug <x.x.100.10>: LCP lowerdown

i have tried not to use authentication encoding and used PAP no encryption , and the same result happend and couldnt connect.

the strange thing here is that mikrotik sees ip 100.10 as incoming request ip not my main internet 1.2.3.4 ip.

here is my linux iptables for nat :

# Completed on Fri Jul 27 22:04:33 2012
# Generated by iptables-save v1.3.5 on Fri Jul 27 22:04:33 2012
*nat
:PREROUTING ACCEPT [20318:1095858]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [25:1937]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 808 -j DNAT --to-destination x.x.27.11
-A PREROUTING -i eth0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination x.x.27.11
-A PREROUTING -i eth0 -p tcp -m tcp --dport 3389 -j DNAT --to-destination x.x.27.11
-A PREROUTING -i eth0 -p tcp -m tcp --dport 8291 -j DNAT --to-destination x.x.27.12
-A PREROUTING -p tcp -m tcp --dport 1723 -j DNAT --to-destination x.x.27.12
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT

any helps/opinions would be appreciated.