Small improvements (#7) Thank you @nurfed1

* Allow multiple domains * Ensure proxy can be reached when in conflict with TARGET_ROUTES Thank you @nurfed1
sensepost · Jan 19, 2024 · 6215e81 · 6215e81
1 parent 009e821
commit 6215e81
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 6 deletions.
diff --git a/.env.example b/.env.example
@@ -14,7 +14,7 @@ PROXY_ADDRESS=socks4://host.docker.internal:48501
 # comma seperated list of routes to route
 TARGET_ROUTES=10.10.10.0/24
 TARGET_DNS_SERVER=10.10.10.254
-TARGET_ROOT_DOMAIN=domain.local
+TARGET_ROOT_DOMAINS=domain.local
 
 # wireguard information.
 #

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -4,6 +4,8 @@ services:
 
   wiresocks:
     image: ghcr.io/sensepost/wiresocks:latest
+    build:
+      dockerfile: Dockerfile
     container_name: wiresocks
     mem_limit: 1gb
     memswap_limit: 2gb
@@ -13,7 +15,7 @@ services:
     devices:
       - /dev/net/tun:/dev/net/tun
     environment:
-      - LOGLEVEL=info
+      - LOGLEVEL=${LOGLEVEL:-info}
       - TUN=tun0
       - ADDR=198.18.0.1/15
       - MTU=9000
@@ -63,6 +65,7 @@ services:
       - PEERS=${WG_PEERS}
       - INTERNAL_SUBNET=10.13.13.0
       - ALLOWEDIPS=10.13.13.0/24,${TARGET_ROUTES}
+      - TARGET_ROOT_DOMAINS=${TARGET_ROOT_DOMAINS}
     volumes:
       # this is where the wireguard peer configs will live
       - ./config:/config

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -6,6 +6,15 @@
 TUN="${TUN:-tun0}"
 ADDR="${ADDR:-198.18.0.1/15}"
 LOGLEVEL="${LOGLEVEL:-info}"
+PROXY_ADDRESS=${PROXY#*//}
+DEFAULT_ROUTE=$(ip route | grep default | head -1)
+
+config_proxy_route() {
+  echo 200 proxy >> /etc/iproute2/rt_tables
+  ip route add table proxy $DEFAULT_ROUTE
+  ip rule add fwmark 200 table 200
+  iptables -t mangle -A OUTPUT -p tcp -d ${PROXY_ADDRESS%:*} --dport ${PROXY_ADDRESS#*:} -j MARK --set-mark 200
+}
 
 create_tun() {
   ip tuntap add mode tun dev "$TUN"
@@ -22,6 +31,7 @@ config_route() {
 
 run() {
 
+  config_proxy_route
   create_tun
   config_route
 
@@ -61,4 +71,4 @@ run() {
     $ARGS
 }
 
-run || exit 1
+run || exit 1
diff --git a/init.d/config-dns.sh b/init.d/config-dns.sh
@@ -3,18 +3,26 @@
 # a shell script to configure coredns to forward DNS traffic to
 # an upstream server, forcing TCP lookups to be socks friendly
 
-echo "configuring dns to ${TARGET_ROOT_DOMAIN} to lookup at ${TARGET_DNS_SERVER}..."
+echo "configuring dns to ${TARGET_ROOT_DOMAINS} to lookup at ${TARGET_DNS_SERVER}..."
 
-cat << EOF > /config/coredns/Corefile
-${TARGET_ROOT_DOMAIN} {
+for DOMAIN in ${TARGET_ROOT_DOMAINS//,/ };
+do
+    cat << EOF
+${DOMAIN} {
     loop
     log
     forward . ${TARGET_DNS_SERVER}:53 {
         force_tcp
     }
 }
+EOF
+done > /config/coredns/Corefile
+
+
+cat << EOF >> /config/coredns/Corefile
 . {
     loop
     forward . /etc/resolv.conf
 }
 EOF
+