I have created proxy
and client
VMs. I checked provides network
when creating proxy
and set NetVM of client
to proxy
and the NetVM of proxy
is sys-firewall
. Both client
and proxy
can connect to network at start.
Then I install and run proxy program in proxy
VM and make it be transparent by updating iptables, now traffic of terminal and browser in proxy
VM goes through proxy program but traffic from client
VM doesn’t go through proxy program although client
can still connect to network. I think I may need to update iptables about client
in proxy
VM but I am not familiar with iptables.
I want traffic from client
VM to go through the proxy program in proxy
VM.
iptables in proxy
VM
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PR-QBS all -- anywhere anywhere
PR-QBS-SERVICES all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
clash_out tcp -- anywhere anywhere
clash_dns_out udp -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
Chain PR-QBS (1 references)
target prot opt source destination
DNAT udp -- anywhere 10.139.1.1 udp dpt:domain to:10.139.1.1
DNAT tcp -- anywhere 10.139.1.1 tcp dpt:domain to:10.139.1.1
DNAT udp -- anywhere 10.139.1.2 udp dpt:domain to:10.139.1.2
DNAT tcp -- anywhere 10.139.1.2 tcp dpt:domain to:10.139.1.2
Chain PR-QBS-SERVICES (1 references)
target prot opt source destination
Chain clash_dns_out (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere owner GID match shellclash
REDIRECT udp -- anywhere anywhere udp dpt:domain redir ports 1053
REDIRECT tcp -- anywhere anywhere tcp dpt:domain redir ports 1053
Chain clash_out (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere owner GID match shellclash
RETURN all -- anywhere 0.0.0.0/8
RETURN all -- anywhere 10.0.0.0/8
RETURN all -- anywhere 127.0.0.0/8
RETURN all -- anywhere 169.254.0.0/16
RETURN all -- anywhere 172.16.0.0/12
RETURN all -- anywhere 192.168.0.0/16
RETURN all -- anywhere base-address.mcast.net/4
RETURN all -- anywhere 240.0.0.0/4
REDIRECT tcp -- anywhere anywhere multiport dports ssh,domain,submission,submissions,pop3s,imaps,imap2,http,https,http-alt redir ports 7892
# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere state INVALID
0 0 DROP udp -- vif+ any anywhere anywhere udp dpt:bootpc
46620 47M ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- vif+ any anywhere anywhere
554 31835 ACCEPT all -- lo any anywhere anywhere
0 0 REJECT all -- vif+ any anywhere anywhere reject-with icmp-host-prohibited
0 0 DROP all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere state INVALID
2616 5905K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
23 1421 QBS-FORWARD all -- any any anywhere anywhere
0 0 DROP all -- vif+ vif+ anywhere anywhere
0 0 ACCEPT all -- vif+ any anywhere anywhere
0 0 DROP all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 28962 packets, 11M bytes)
pkts bytes target prot opt in out source destination
Chain QBS-FORWARD (1 references)
pkts bytes target prot opt in out source destination
23 1421 qbs-10-137-0-27 all -- any any 10.137.0.27 anywhere
0 0 RETURN all -- !vif+ any anywhere anywhere
0 0 DROP all -- any any anywhere anywhere
Chain qbs-10-137-0-27 (1 references)
pkts bytes target prot opt in out source destination
23 1421 ACCEPT all -- any any anywhere anywhere
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-admin-prohibited