How to Set Up a System-Wide Dual-Stack SOCKS5 Proxy on an IPv6-only VPS

1. Set up a SOCKS5 proxy on a dual-stack VPS.

Use your preferred method to set up the SOCKS5 proxy. I usually use the 3x-ui panel or gost

Install the latest version https://github.com/go-gost/gost/releases

bash <(curl -fsSL https://github.com/go-gost/gost/raw/master/install.sh) --install

Run

#Username JTBvTZ08Rw, Password OsnfPBgbZd, Port 12345

gost -L socks5://JTBvTZ08Rw:OsnfPBgbZd@:12345

If you need it to run in the background with Systemd, set it up yourself (the following steps will ignore Systemd setup). Refer to the (gost documentation) and posts from forum members.

2. Use gost to forward the proxy on an IPv6-only VPS

Install the latest version of gost https://github.com/go-gost/gost/releases

bash <(curl -fsSL https://github.com/go-gost/gost/raw/master/install.sh) --install

#Run, here my dual-stack VPS IP is [2a0b:4141:820:14b::abc]

gost -L redir://:12345 -F 'socks5://JTBvTZ08Rw:OsnfPBgbZd@[2a0b:4141:820:14b::abc]:12345'

3. Set up iptables forwarding

Enable forwarding

echo "net.ipv4.ip_forward=1" | tee -a /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" | tee -a /etc/sysctl.conf
sysctl -p

Copy

Add iptables rules

• IPv4 setup

1. Clear existing rules (if you have other rules, don't clear them carelessly):

iptables -t nat -F
iptables -t nat -X

2. Configure rules: (RETURN excludes IPs from forwarding, you can add more based on your situation):

iptables -t nat -N SOCKS
iptables -t nat -A SOCKS -d 127.0.0.1/8 -j RETURN
iptables -t nat -A SOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A OUTPUT -p tcp -j SOCKS

3. View the rules

iptables -t nat -L -v -n

4. Save the rules:

iptables-save > /etc/iptables/rules.v4

5. Disable the added SOCKS rules

iptables -t nat -D OUTPUT -p tcp -j SOCKS
iptables -t nat -F SOCKS
iptables -t nat -X SOCKS

• IPv6 setup (if you only need IPv4, you can skip IPv6 forwarding)

1. Clear existing rules:

ip6tables -t nat -F
ip6tables -t nat -X

2. Add rules

ip6tables -t nat -N SOCKS
ip6tables -t nat -A SOCKS -d ::1/128 -j RETURN
ip6tables -t nat -A SOCKS -d fc00::/7 -j RETURN
ip6tables -t nat -A SOCKS -d 2a0b:4141:820:14b::abc/128 -j RETURN
ip6tables -t nat -A SOCKS -p tcp -j REDIRECT --to-ports 12345
ip6tables -t nat -A OUTPUT -p tcp -j SOCKS

3. View the rules

ip6tables -t nat -L -v -n

4. Save the rules:

ip6tables-save > /etc/iptables/rules.v6

4. Test the IPv4 and IPv6 proxy

curl -6 ip.sb
Should return 2a0b:4141:820:14b::abc

curl -4 ip.sb
Should return 193.233.134.xxx

This means it was successful

5. Addendum: If the IPv6-only VPS doesn't even have an internal IPv4, you need to add one

My IPv6-only VPS doesn't even have an internal IPv4

Add temporarily:

# Add a temporary IPv4 address 10.0.0.2 to interface eth0:
ip addr add 10.0.0.2/24 dev eth0

# Add default gateway 10.0.0.1
sudo ip route add default via 10.0.0.1 dev eth0

To add permanently, write it into the network interface configuration file

#For Debian, edit the network configuration /etc/network/interfaces
nano /etc/network/interfaces

#Add:
auto eth0
iface eth0 inet static
s   address 10.0.0.2/24
    gateway 10.0.0.1

Other systems may be different, configure accordingly

6. Finally

Because I was using a public DNS6to4 before, I wondered if this method would be simpler. I also asked an AI for the differences between the two methods.

For the specific differences, if you're interested, you can try building it yourself (it looks more complex to set up, but is simpler for the client to use).