Help: I Want to Route All LAN Traffic Through a SOCKS5 Proxy on My GL.iNet Slate 7 (GL-BE3600)

Hi everyone,

I’m trying to route all internet traffic from all devices on my LAN through a SOCKS5 proxy using my router. I’m using a GL.iNet GL-BE3600 router running OpenWRT 23.05-SNAPSHOT. The router’s LAN IP is 192.168.8.1 and the LAN subnet is 192.168.8.0/24.


:wrench: What I Want to Achieve:

I want all LAN traffic (both TCP and UDP) to go through a remote SOCKS5 proxy (hosted externally), so every connected device uses that proxy without needing to install or configure anything on the devices themselves.


:brick: My SOCKS5 Proxy Details:

  • Type: SOCKS5
  • Host: [MY_PROXY_HOST]
  • Port: [MY_PROXY_PORT]
  • Username: [MY_USERNAME]
  • Password: [MY_PASSWORD]

(I can share actual credentials privately if needed for debugging.)


:test_tube: What I’ve Tried So Far:

  • I factory reset the router to clear all old configs.
  • I looked into sing-box, TPROXY, and nftables, but realized that SOCKS5 doesn’t support transparent proxying by default.
  • I read that tools like redsocks2 are needed to make this work, but I couldn’t find a working package for OpenWRT on my BE3600.
  • I want a clean setup from scratch, without any of my past Shadowsocks configs interfering.

:red_question_mark: What I Need Help With:

  • How can I transparently redirect all LAN traffic to my SOCKS5 proxy on this router?
  • What’s the recommended setup or package I should install for this on OpenWRT?
  • If I need redsocks2, can someone provide a working binary or help me compile it for the BE3600?
  • Is there a better method than redsocks2 for doing this in OpenWRT?

:light_bulb: Important Notes:

  • I want zero DNS leaks — DNS should also be routed through the SOCKS5 proxy.
  • I don’t want to configure each LAN device manually. The router should handle everything.
  • I’m okay with using iptables or nftables, as long as it works and is stable.

Thanks in advance to anyone who can help! I’ll follow your instructions step by step.

I’m using PassWall app, no DNS leaks

Could you please share the detailed setup instructions so I don’t make any mistakes?

If you already setup a socks5 but it isn't transparant, there are some luci apps for it.

But if the socks proxy is not directly on your router, you can accomplish this with a hijacking rule.

Example:

If your proxy is on 192.168.8.12 and its port is 4444 and your device is also on the same network.

Click on advanced settings to go to luci, in luci navigate to network -> firewall.

Click on portforwarding, and create a new portforward rule as:

You could also set src to any zone, but requires editing the raw config and replacing it to: option src '*'

Now all http/80 traffic gets forwarded to proxy server on 4444 on the server client, if it is a remote proxy server just use wan as destination zone.

(Theme is different than normal luci :wink: )

Edit: fixed image ^^

Edit 2:

I realized you also want to whitelist access to the router, this can be done on the same firewall rule but then on the advanced tab please see src ip.

It is in DNS setting, and you can try by yourself, for me it works

1 Like

Yes, I understand but you just gave me the github link. Can you explain how you installed it on your router cause i tried to install it from the link but it is not working. Passwall is not listed in the plugin section sp how did you install it on your router?.

You must install the core proxy packages first (the "engines"), and then install the LuCI interface package (the "dashboard").

The quick steps look like this, sticking to the LuCI web interface for installation:

1. Install the Engine (Core Proxy Packages):

You need all the proxy clients (sing-box, x-ray, etc.) first. These are bundled by CPU type.

For my router (the Beryl AX MT3000), I downloaded the entire package set for cortex-a53 (that was the passwall_packages_ipk_aarch64_cortex-a53.zip).

Unzip that file, then go to System > Software in LuCI. Use the "Upload package..." option to install every single .ipk file inside the ZIP, one by one. If you miss one, the next step fails.

2. Install the Dashboard (LuCI App):

After all those core packages are installed, then you can install the LuCI interface package.

• I use OpenWrt 24, so I used the corresponding file: luci-24.10_luci-app-passwall_25.9.23-r1_all.ipk. Install this one through the same Upload package... method.

3. Finish Up:

• Give the router a quick reboot.

• You'll find it in LuCI under Services > PassWall.

Basically, the rule is: Install Clients (by architecture) > Install Interface > Reboot. Hope that gets you running!

Since you're on OpenWrt 23, the compatibility can be hit-or-miss with the very latest LuCI app. If you try the newest one and the interface gives you trouble (blank pages, errors), you'll need to browse the older assets on the PassWall GitHub page to find a version specifically built for the OpenWrt 23 framework.

ok thank you very much this is really helpful. i have installed it and its working fine now i just need to know how to add the sock5 to it please.

All server configurations are handled under the Nodes List section.

1. In LuCI, go to Services>PassWall.

2. Navigate to Node List Tab

3. Click the Add button.

4. Configure the settings for your SOCKS5 server:

Node Remarks: Give it an easy-to-remember name (e.g., "My Home Socks5").

Node Type: Select Socks.

Protocol Type: Choose SOCKS5.

Address: Enter the IP address or domain name of your SOCKS5 server.

Port: Enter the port number for the SOCKS5 service.

Username / Password: If your SOCKS5 requires authentication, fill in the Username and Password.

5. Click Save & Apply (or similar button) at the bottom to save the configuration.

2. Activating PassWall

Once the SOCKS5 node is saved, you need to tell PassWall to use it and route traffic.

1. Go back to the main PassWall page (Services > PassWall).

2. Navigate to the Basic Settings.

3. Find the Main Switch and Enable (checklist) the service.

4. Under the TCP Node setting (or similar main routing option):

• Select the Node Name you just created (e.g., "My Home Socks5").

5. If you want to route UDP traffic through the SOCKS5 tunnel:

• Find the UDP Node setting and also select the same SOCKS5 node.

6. Ensure other settings (like DNS mode) are set to default or your preferred configuration.

7. Click Save & Apply.

The router will take a moment to restart the services. After it's done, your router's traffic should be flowing through the newly configured SOCKS5 server!

i have done everything here exactly to the later buy then its still not running. you can see from my screenshot below that TCP, UDP and DNS are all not running. what do i do please? am i missing something?

It’s weird

I don’t have slate 7, so I can’t guide you to troubleshoot this

Maybe this link is useful

You need to start it via command line

service passwall start

1 Like

Bro this worked like magic. its fully working on my router without issues. thank you so much.

1 Like