с локальной машины в интернет через прокси

Был собран «роутер»,где eth0 - выход в интернет,wlan0 - локальная сеть.Стояла задача пускать локальные машины в интернет через прокси,что бы был ip и днс от прокси.

Был взят redsocks2,у него более обширный функционал,разраб сказал,что он умеет посылать dns по upd.

Был применен ряд правил,по итогу у меня на «роутере» - при проверке ip и dns от прокси,а на локальной машине - ip прокси и dns - мой.

resolv.conf

127.0.0.1

dnsmasq.conf

no-resolv
no-hosts
server=127.0.0.1#10053
server=127.0.0.1#20053
listen-address=127.0.0.1

правила iptables,думаю причина в них

• # Generated by iptables-save v1.4.21 on Sun Jun 24 10:24:42 2018
• *nat
• :PREROUTING ACCEPT [1356:114843]
• :INPUT ACCEPT [31:3493]
• :OUTPUT ACCEPT [291:17436]
• :POSTROUTING ACCEPT [476:28902]
• :REDSOCKS - [0:0]
• -A PREROUTING -p tcp -m tcp --dport 443 -j REDSOCKS
• -A PREROUTING -p tcp -m tcp --dport 80 -j REDSOCKS
• -A PREROUTING -p tcp -m tcp --dport 1080 -j REDSOCKS
• -A PREROUTING -i wlp2s0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 12345
• -A PREROUTING -i wlp2s0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 12345
• -A OUTPUT -p tcp -m tcp --dport 443 -j REDSOCKS
• -A OUTPUT -p tcp -m tcp --dport 80 -j REDSOCKS
• #-A OUTPUT -p udp -j DNAT --to-destination 192.168.1.5:10053
• -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 192.168.1.5:10053
• -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
• -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
• -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
• -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
• -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
• -A POSTROUTING -s 10.42.0.0/24 ! -d 10.42.0.0/24 -j MASQUERADE
• -A REDSOCKS -d 169.254.0.0/16 -j RETURN
• -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
• -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
• -A REDSOCKS -i wlp2s0 -j REDIRECT COMMIT
• # Completed on Sun Jun 24 10:24:42 2018
• # Generated by iptables-save v1.4.21 on Sun Jun 24 10:24:42 2018
• *mangle
• :PREROUTING ACCEPT [133222:79329129]
• :INPUT ACCEPT [130956:79099379]
• :FORWARD ACCEPT [663:93637]
• :OUTPUT ACCEPT [121499:45110667]
• :POSTROUTING ACCEPT [122356:45220995]
• :FORWARD_direct - [0:0]
• :INPUT_direct - [0:0]
• :OUTPUT_direct - [0:0]
• :POSTROUTING_direct - [0:0]
• :PREROUTING_ZONES - [0:0]
• :PREROUTING_ZONES_SOURCE - [0:0]
• :PREROUTING_direct - [0:0]
• :PRE_public - [0:0]
• :PRE_public_allow - [0:0]
• :PRE_public_deny - [0:0]
• :PRE_public_log - [0:0]
• -A PREROUTING -j PREROUTING_direct
• -A PREROUTING -j PREROUTING_ZONES_SOURCE
• -A PREROUTING -j PREROUTING_ZONES
• -A INPUT -j INPUT_direct
• -A FORWARD -j FORWARD_direct
• -A OUTPUT -j OUTPUT_direct
• -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
• -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
• -A POSTROUTING -j POSTROUTING_direct
• -A PREROUTING_ZONES -i wlp2s0 -g PRE_public
• -A PREROUTING_ZONES -i enp3s0 -g PRE_public
• -A PREROUTING_ZONES -g PRE_public
• -A PRE_public -j PRE_public_log
• -A PRE_public -j PRE_public_deny
• -A PRE_public -j PRE_public_allow COMMIT
• # Completed on Sun Jun 24 10:24:42 2018
• # Generated by iptables-save v1.4.21 on Sun Jun 24 10:24:42 2018
• *security
• :INPUT ACCEPT [131062:79115429]
• :FORWARD ACCEPT [663:93637]
• :OUTPUT ACCEPT [121607:45121803]
• :FORWARD_direct - [0:0]
• :INPUT_direct - [0:0]
• :OUTPUT_direct - [0:0]
• -A INPUT -j INPUT_direct
• -A FORWARD -j FORWARD_direct
• -A OUTPUT -j OUTPUT_direct COMMIT
• # Completed on Sun Jun 24 10:24:42 2018
• # Generated by iptables-save v1.4.21 on Sun Jun 24 10:24:42 2018
• *raw
• :PREROUTING ACCEPT [133329:79345493]
• :OUTPUT ACCEPT [121607:45121803]
• :OUTPUT_direct - [0:0]
• :PREROUTING_ZONES - [0:0]
• :PREROUTING_ZONES_SOURCE - [0:0]
• :PREROUTING_direct - [0:0]
• :PRE_public - [0:0]
• :PRE_public_allow - [0:0]
• :PRE_public_deny - [0:0]
• :PRE_public_log - [0:0]
• -A PREROUTING -j PREROUTING_direct
• -A PREROUTING -j PREROUTING_ZONES_SOURCE
• -A PREROUTING -j PREROUTING_ZONES
• -A OUTPUT -j OUTPUT_direct
• -A PREROUTING_ZONES -i wlp2s0 -g PRE_public
• -A PREROUTING_ZONES -i enp3s0 -g PRE_public
• -A PREROUTING_ZONES -g PRE_public
• -A PRE_public -j PRE_public_log
• -A PRE_public -j PRE_public_deny
• -A PRE_public -j PRE_public_allow COMMIT
• # Completed on Sun Jun 24 10:24:42 2018
• # Generated by iptables-save v1.4.21 on Sun Jun 24 10:24:42 2018
• *filter
• :INPUT ACCEPT [130441:79058905]
• :FORWARD ACCEPT [0:0]
• :OUTPUT ACCEPT [121499:45110667]
• -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
• -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
• -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
• -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
• -A INPUT -i wlp2s0 -p udp -m udp --dport 67 -j ACCEPT
• -A INPUT -i wlp2s0 -p tcp -m tcp --dport 67 -j ACCEPT
• -A INPUT -i wlp2s0 -p udp -m udp --dport 53 -j ACCEPT
• -A INPUT -i wlp2s0 -p tcp -m tcp --dport 53 -j ACCEPT
• -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
• -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
• -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
• -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
• -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
• -A FORWARD -d 10.42.0.0/24 -o wlp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
• -A FORWARD -s 10.42.0.0/24 -i wlp2s0 -j ACCEPT
• -A FORWARD -i wlp2s0 -o wlp2s0 -j ACCEPT
• -A FORWARD -o wlp2s0 -j REJECT --reject-with icmp-port-unreachable
• -A FORWARD -i wlp2s0 -j REJECT --reject-with icmp-port-unreachable
• -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT COMMIT
• # Completed on Sun Jun 24 10:24:42 2018

В каком месте ошибся?