Marking Socks Connections

headshoter · January 4, 2017, 9:14am

Hello,
I need to Route Mark the Socks connections to my router, so after that i can do some PBR.
But i could not get any success. i’ve tried marking by source address but couldn’t get any luck.

P.S:when i dont use socks, and route normally through the MikroTik, the marking and PBR work fine based on source address, but as soon as use socks connection, the marking are not applied so i can’t get PBR to work.

what is your suggestion for marking the socks traffic?

Thanks,

Sob · January 4, 2017, 4:28pm

You may want to add some more details about what exactly you want to do. SOCKS is proxy, so client connects to router, router connects to target, and all those connections come from process running on router. You can see target addresses and ports, but not anything about client that initiated those connections.

headshoter · January 5, 2017, 7:22am

assume that mikrotik has 192.168.1.1 as default gateway, but for socks traffic i want to route the traffic through 10.1.1.1 instead of 192.168.1.1.
i mean on a single LAN, users not using SOCKS should route to 192.168.1.1, and users that are using SOCKS need to be routed to 10.1.1.1
i’ve also attached a diagram.

Sob · January 5, 2017, 7:40pm

I understand what you want, but I don’t think it’s possible (in a clean no-sideeffects way). Unless there’s a feature that I don’t know about, that would mark connections made by proxy (I’m pretty sure there isn’t, but it could be interesting if it was), you can’t tell proxy traffic from other traffic originating from router. What you could do, would be sending forwarded traffic to GW1 and all traffic from router (which would also cover proxied traffic) to GW2. You could set some exceptions, e.g. DNS queries going to GW1, atd.. So it might be usable.

pe1chl · January 5, 2017, 7:48pm

Where in the diagram above is the SOCKS proxy located?

headshoter · January 5, 2017, 11:06pm

It seems that i have no other choice. Thanks for your help.

Sent from my iPhone using Tapatalk

headshoter · January 5, 2017, 11:08pm

Proxy client is located on LAN, and the server is mikrotik. Do you have a solution for this case?

Sent from my iPhone using Tapatalk

pe1chl · January 6, 2017, 8:26am

No, there is no solution for that case, when you don’t want to change anything to the proxy.
When you move the proxy into the MikroTik shown on the picture, perhaps something could be done.
(although I do not have a ready solution for that, either)