I have a Linux system which is behind a firewall, but it can connect to a HTTP proxy which passes all CONNECT commands through. How can I configure the Linux system to make DNS requests over TCP over the HTTP CONNECT, and to establish all outgoing TCP connections (except for those to the HTTP proxy) over the HTTP CONNECT?
I'm looking for a solution which works in any process, including statically linked binaries which call socket(2)
and connect(2)
directly. (So LD_PRELOAD
is not an acceptable solution, because it doesn't work with statically linked binaries.)
Have a look at Transocks, which can intercept tcp connections with iptables and tunnel them trough Socks. Should work with static binaries.
DNS over TCP exists but is quite nonstandard for typical usage. I don't think libnsswitch can use tcp, but you could install a local nameserver speaking tcp dns. You would need to ensure you have a recursive resolver somewhere on the outside which will accept tcp.
If you are in control of a machine outside, it may be easier to set up some vpn for tunneling the UDP traffic; a tsocksified openvpn, or openssh with the -w option.