Routing application traffic through a specific network interface, such as tun0, is essential when dealing with VPNs, penetration testing, or privacy-focused setups. This process ensures that all data from the proxy server is transmitted over the desired tunnel, improving security and network segmentation.

Method 1: Using Privoxy and iptables for Transparent Proxying

Step 1: Install Privoxy, a lightweight non-caching web proxy, using your system’s package manager. On Debian-based systems, run:

sudo apt update
sudo apt install privoxy

This command downloads and installs Privoxy, preparing your system for proxy configuration.

Step 2: Edit the Privoxy configuration file, usually located at /etc/privoxy/config. Set the listen address to your local IP and desired port (e.g., 8118):

listen-address  127.0.0.1:8118

This change ensures Privoxy listens for connections only from your local machine, reducing exposure to external threats.

Step 3: Restart Privoxy to apply changes:

sudo systemctl restart privoxy

Step 4: Use iptables to mark and route traffic destined for the proxy through tun0. First, identify the network interface name for your VPN tunnel (commonly tun0) by running:

ip addr

Step 5: Set up an iptables rule to mark packets from Privoxy for routing via tun0:

sudo iptables -t mangle -A OUTPUT -p tcp --sport 8118 -j MARK --set-mark 1

This rule tags outgoing packets from Privoxy’s port with a mark for special routing.

Step 6: Add a routing rule so marked packets use the tun0 interface:

sudo ip rule add fwmark 1 table 100
sudo ip route add default dev tun0 table 100

These commands direct all marked packets to use the custom routing table, sending them out via tun0.

Step 7: Configure your applications or browsers to use 127.0.0.1:8118 as the HTTP/HTTPS proxy. This change forces their traffic through the Privoxy proxy and, by extension, the VPN tunnel.

Method 2: Using socat for Simple Proxy Forwarding

Step 1: Install socat, a command-line utility for data transfer between two locations, with:

sudo apt update
sudo apt install socat

Step 2: Forward local proxy traffic to a remote server or through tun0 by running:

socat TCP4-LISTEN:8888,fork SOCKS4A:127.0.0.1:destination:port,socksport=1080

Replace destination and port with your target server details. If your SOCKS proxy is bound to tun0, all forwarded traffic will use that interface.

Step 3: Set your application’s proxy settings to 127.0.0.1:8888 so that traffic is handled by socat and routed as configured.

Method 3: Using Redsocks for Transparent Proxying

Step 1: Install redsocks, a tool that redirects TCP connections to a SOCKS or HTTP proxy, with:

sudo apt update
sudo apt install redsocks

Step 2: Configure /etc/redsocks.conf to specify your local proxy settings and ensure the tun0 interface is used for outgoing connections.

base {
  log_debug = on;
  log_info = on;
  daemon = on;
  redirector = iptables;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 127.0.0.1;
  port = 1080;
  type = socks5;
}

Step 3: Start redsocks:

sudo systemctl start redsocks

Step 4: Use iptables to redirect desired traffic to redsocks:

sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner root -j REDIRECT --to-ports 12345

This command redirects all non-root TCP traffic to the redsocks proxy, which then routes it through the SOCKS proxy over tun0.

Step 5: Verify that traffic is correctly routed through tun0 by checking your public IP or using network monitoring tools.

Routing local proxy server traffic through the tun0 interface optimizes privacy and network segmentation. Regularly review your iptables and routing rules to maintain secure, consistent operation.