diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml
index 1b2004e..f6416b1 100644
--- a/docker-compose-prod.yml
+++ b/docker-compose-prod.yml
@@ -12,6 +12,7 @@ services:
       - SOCKS_IP=192.168.31.240  
       - N8N_PORT=5678
       - NODE_FUNCTION_ALLOW_EXTERNAL=*
+      - NODE_OPTIONS=--dns-result-order=ipv4first
     ports:
       - 7778:5678
     volumes:
diff --git a/start-n8n.sh b/start-n8n.sh
index 1b074a5..f46959e 100644
--- a/start-n8n.sh
+++ b/start-n8n.sh
@@ -14,12 +14,24 @@ echo "SOCKS proxy is ready!"
 redsocks -c /etc/redsocks.conf &
 sleep 2
 
-# Set up iptables rules (run as root)
-iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 -j RETURN 2>/dev/null || true
-iptables -t nat -A OUTPUT -p tcp -d 192.168.0.0/16 -j RETURN 2>/dev/null || true
-iptables -t nat -A OUTPUT -p tcp -d 10.0.0.0/8 -j RETURN 2>/dev/null || true
-iptables -t nat -A OUTPUT -p tcp -d 172.16.0.0/12 -j RETURN 2>/dev/null || true
-iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 12345 2>/dev/null || true
+# создать/очистить цепочку
+iptables -t nat -N REDSOCKS 2>/dev/null || true
+iptables -t nat -F REDSOCKS
+
+# гарантированно первой в OUTPUT
+iptables -t nat -D OUTPUT -p tcp -j REDSOCKS 2>/dev/null || true
+iptables -t nat -I OUTPUT 1 -p tcp -j REDSOCKS
+
+# исключения
+iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
+iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
+# (по желанию) исключить сам socks-хост точечно:
+iptables -t nat -A REDSOCKS -d "$SOCKS_HOST" -p tcp --dport 1080 -j RETURN
+
+# редирект всего остального tcp
+iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
 
 N8N_BIN="/usr/local/bin/n8n"