REDSOCKS goes 'out of file descriptors' when trying to redirect all outgoing (TCP) traffic from my Linux machine

Question

I'm trying to redirect all outgoing TCP traffic from my linux box to the remote SOCKS5 proxy server.

Currently I'm using the following rule in the OUTPUT chain:

sudo iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner myuser -j REDSOCKS

And the REDSOCKS chain contains:

sudo iptables -t nat -N REDSOCKS
sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port 12345

On the local port 12345 I have running REDSOCKS daemon which communicates with remote SOCKS5 proxy server.

This works fine! All the applications started on behalf of user myuser are 'socksified' through the remote SOCKS5 proxy.

But what if I want this to work for all the users on my Linux box?

So, I tried the following rule in the OUTPUT chain (instead of the one above):

sudo iptables -t nat -A OUTPUT -p tcp -j REDSOCKS

And that's when the REDSOCKS daemon went 'out of file descriptors' immediately and could not redirect any packets.

Why does this happen? How can I redirect TCP traffic for all users (and their apps) to a remote SOCKS5 proxy server?

P.S. I tried:

1. sudo iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner 0-10000 -j REDSOCKS

2. ulimit -n 4096

But still have the same problem.

Answer 1

I guess you need to exclude REDSOCKS's own traffic — when you redirect for all users, you're creating a loop.