Community discussions

MUM Europe 2020
 
headshoter
just joined
Topic Author
Posts: 18
Joined: Mon Jul 30, 2012 3:21 am

Marking Socks Connections

Wed Jan 04, 2017 11:14 am

Hello,
I need to Route Mark the Socks connections to my router, so after that i can do some PBR.
But i could not get any success. i've tried marking by source address but couldn't get any luck.

P.S:when i dont use socks, and route normally through the MikroTik, the marking and PBR work fine based on source address, but as soon as use socks connection, the marking are not applied so i can't get PBR to work.

what is your suggestion for marking the socks traffic?

Thanks,
 
Sob
Forum Guru
Forum Guru
Posts: 4995
Joined: Mon Apr 20, 2009 9:11 pm

Re: Marking Socks Connections

Wed Jan 04, 2017 6:28 pm

You may want to add some more details about what exactly you want to do. SOCKS is proxy, so client connects to router, router connects to target, and all those connections come from process running on router. You can see target addresses and ports, but not anything about client that initiated those connections.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
headshoter
just joined
Topic Author
Posts: 18
Joined: Mon Jul 30, 2012 3:21 am

Re: Marking Socks Connections

Thu Jan 05, 2017 9:22 am

assume that mikrotik has 192.168.1.1 as default gateway, but for socks traffic i want to route the traffic through 10.1.1.1 instead of 192.168.1.1.
i mean on a single LAN, users not using SOCKS should route to 192.168.1.1, and users that are using SOCKS need to be routed to 10.1.1.1
i've also attached a diagram.
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 4995
Joined: Mon Apr 20, 2009 9:11 pm

Re: Marking Socks Connections

Thu Jan 05, 2017 9:40 pm

I understand what you want, but I don't think it's possible (in a clean no-sideeffects way). Unless there's a feature that I don't know about, that would mark connections made by proxy (I'm pretty sure there isn't, but it could be interesting if it was), you can't tell proxy traffic from other traffic originating from router. What you could do, would be sending forwarded traffic to GW1 and all traffic from router (which would also cover proxied traffic) to GW2. You could set some exceptions, e.g. DNS queries going to GW1, atd.. So it might be usable.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6137
Joined: Mon Jun 08, 2015 12:09 pm

Re: Marking Socks Connections

Thu Jan 05, 2017 9:48 pm

Where in the diagram above is the SOCKS proxy located?
 
headshoter
just joined
Topic Author
Posts: 18
Joined: Mon Jul 30, 2012 3:21 am

Re: Marking Socks Connections

Fri Jan 06, 2017 1:06 am

I understand what you want, but I don't think it's possible (in a clean no-sideeffects way). Unless there's a feature that I don't know about, that would mark connections made by proxy (I'm pretty sure there isn't, but it could be interesting if it was), you can't tell proxy traffic from other traffic originating from router. What you could do, would be sending forwarded traffic to GW1 and all traffic from router (which would also cover proxied traffic) to GW2. You could set some exceptions, e.g. DNS queries going to GW1, atd.. So it might be usable.
It seems that i have no other choice. Thanks for your help.


Sent from my iPhone using Tapatalk
 
headshoter
just joined
Topic Author
Posts: 18
Joined: Mon Jul 30, 2012 3:21 am

Re: Marking Socks Connections

Fri Jan 06, 2017 1:08 am

Where in the diagram above is the SOCKS proxy located?
Proxy client is located on LAN, and the server is mikrotik. Do you have a solution for this case?


Sent from my iPhone using Tapatalk
 
pe1chl
Forum Guru
Forum Guru
Posts: 6137
Joined: Mon Jun 08, 2015 12:09 pm

Re: Marking Socks Connections

Fri Jan 06, 2017 10:26 am

No, there is no solution for that case, when you don't want to change anything to the proxy.
When you move the proxy into the MikroTik shown on the picture, perhaps something could be done.
(although I do not have a ready solution for that, either)

Who is online

Users browsing this forum: dad2312, Google [Bot] and 139 guests