Why do we use redsocks+iptables instead of using iptables only?

firewall iptables routing proxy

Because “all traffic” does not speak the SOCKS protocol. A SOCKS proxy expects its clients to speak SOCKS. That’s where redsocks comes in: It terminates TCP connections and speaks SOCKS “on the other end”.

SOCKS is also a TCP-based protocol. When a SOCKS client connects, the following happens:

  1. TCP handshake (SYN →, SYN-ACK ←, ACK →)
  2. Client sends a SOCKS connection request (as described on Wikipedia)
  3. Server sends SOCKS response
  4. (If successful thus far) Data exchange with actual target takes places (eg. sending an HTTP request)

If you just redirect whatever to the SOCKS proxy, this exchange will fail at step 2: The server will receive what it perceives to be garbage data (eg. the HTTP request that is supposed to come only in step 4) and terminate the connection.

Related

Copy / restore files from Time Machine Backup Volume without Permission Denied Error
Docker get a list of possible environment variables
FTP Transfers keep asking me about existing files even when they are not
Improve FFmpeg and NVENC output quality
VeraCrypt volume does not decrypt - lost the password. Error message: "Source: MountVolume:8299"
Why is iperf3 faster in one direction than the other?
Display certain values in excel if criteria is met
How is it possible for lightdm to auto login without using a tty?
Why does video conversion lower quality so much?
determining a linux filesystem drive types in powershell for automounting
MacOS Big Sur none of the start up keys are working
Can't get past character creation