Configure Iptables rules?

Good evening, everyone. Problem of following character. Can't configure iptables rules for redsocks. TCP traffic is filtered, ip sock, but dns is still mine. So they replaced, need to set udp. I don't quite understand what and where to send. Correct me if I'm wrong. As I understand it, you first need to send traffic to "redudp", that is, then redirect it with the address "dnstc", that is and to send it to the local address of the computer where coming out all udp traffic, i.e., The question, whether correctly I think? And possible example of the command filter udp in my case. And if you don't correctly to explain what is wrong and suggest how to solve this problem. Thanks in advance. Redsocks.conf
base {
 // debug: connection progress & client list on SIGUSR1
 log_debug = on;

 // info: start and end of client session
 log_info = on;

 /* possible `log' values are:
 * stderr
 * "file:/path/to/file"
 * syslog:FACILITY facility is any of "daemon", "local0"..."local7"
 log = "file:/tmp/reddi.log";

 // detach from console
 daemon = on;

 /* Change uid, gid and root directory, these options require root
 * privilegies on startup.
 * Note, your chroot may requre /etc/localtime if you write log to syslog.
 * Log is opened before chroot & uid changing.
 user = redsocks;
 group = redsocks;
 // chroot = "/var/chroot";

 /* possible `redirector' values are:
 * iptables - for Linux
 * ipf - for FreeBSD
 * pf - for OpenBSD
 * generic - some generic redirector that MAY work
 redirector = iptables;

redsocks {
 /* `local_ip' defaults to for security reasons,
 * use if you want to listen on every interface.
 * `local_*' are used as port to redirect to.
 local_ip =;
 local_port = 31330;

 // `ip' and `port' are IP and tcp-port of proxy-server
 // You can also use hostname instead of IP, only one (random)
 // address of multihomed host will be used.
 ip =;
 port = 45554;

 // known types: socks4, socks5, http-connect, http-relay
 type = socks5;

 // login = "foobar";
 // password = "baz";

redudp {
 // `local_ip' should not be as it's also used for outgoing
 // packets that are sent as replies - and it should be fixed
 // if we want NAT to work properly.
 local_ip =;
 local_port = 10053;

 // `ip' and `port' of socks5 proxy server.
 ip =;
 port = 45554;
 // login = username;
 // password = pazzw0rd;

 // kernel does not give us this information, so we have to duplicate it
 // in both iptables rules and configuration file. By the way, you can
 // set `local_ip' to if you need more than 65535 ports to
 // forward ;-)
 // This limitation may be relaxed in future versions using contrack-tools.
 dest_ip =;
 dest_port = 53;

 udp_timeout = 30;
 udp_timeout_stream = 180;

dnstc {
 // fake and really dumb DNS server that returns "truncated answer" to
 // every query via UDP, RFC-compliant resolver should repeat same query
 // via TCP in this case.
 local_ip =;
 local_port = 5300;

// you can add more `redsocks' and `redudp' sections if you need.

Iptables rules
iptables-t nat-N REDSOCKS
iptables-t nat -A REDSOCKS-d -j RETURN
iptables-t nat -A REDSOCKS-d -j RETURN
iptables-t nat -A REDSOCKS-d -j RETURN
iptables-t nat -A REDSOCKS-d -j RETURN
iptables-t nat -A REDSOCKS-d -j RETURN
iptables-t nat -A REDSOCKS-d -j RETURN
iptables-t nat -A REDSOCKS-d -j RETURN
iptables-t nat -A REDSOCKS-d -j RETURN
iptables-t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 31338
iptables-t nat -A OUTPUT-p tcp -m owner --uid-owner username-j REDSOCKS
July 2nd 19 at 13:24
2 answers
July 2nd 19 at 13:26
I recommend to use dnsmasq.

The config was not looking, just tcp traffic goes, it works.
July 2nd 19 at 13:28
Also UDP 53 should be allowed

Find more questions by tags * nix-like systemsIptablesLinuxSystem administration