Redsocks Router

proxify.sh

#!/bin/bash

# This script will forward internet connection over redsocks proxy 
# - Install redsocks and make it listen to any IP
# - Setup Wifi AP or ETH connection and DHCP server
# - Connect to ssh with -D 1080 parameter or start tor on port 1080
# - Run the script

INTERNET_INTERFACE=wlan0
SUBNET_INTERFACE=wlan1
SUBNET_PORT_ADDRESS="10.10.0.1"

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo ifconfig $SUBNET_INTERFACE $SUBNET_PORT_ADDRESS netmask 255.255.255.0
sudo iptables -A FORWARD -o $INTERNET_INTERFACE -i $SUBNET_INTERFACE -s $SUBNET_PORT_ADDRESS/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE

# create the REDSOCKS target
sudo iptables -t nat -N REDSOCKS

# don't route unroutable addresses
sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
# sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345

# if it came in on eth0, and it is tcp, send it to REDSOCKS
sudo iptables -t nat -A PREROUTING -i $SUBNET_INTERFACE -p tcp -j REDSOCKS

# don't forget to accept the tcp packets from subnet
sudo iptables -A INPUT -i $SUBNET_INTERFACE -p tcp --dport 12345 -j ACCEPT

# lets do it 
sudo service redsocks restart