Forum Index

Board index » 计算机/电脑 » 常用软件 » iptables redsocks


Browsing this Thread:   1 Anonymous Users






eyex
iptables redsocks
#1
eyex
Just can't stay away
Just can't stay away


See User information

iptables -t nat -F
iptables -t nat -N REDSOCKS


iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port=12345

iptables -t nat -A PREROUTING -j REDSOCKS

redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 0.0.0.0;
local_port = 12345;

// `ip' and `port' are IP and tcp-port of proxy-server
// You can also use hostname instead of IP, only one (random)
// address of multihomed host will be used.
ip = 127.0.0.1;
port = 1080;


// known types: socks4, socks5, http-connect, http-relay
type = socks5;

// login = "foobar";
// password = "baz";
}


Posted on: 2021/2/23 16:46
Top


eyex
Re: iptables redsocks
#2
eyex
Just can't stay away
Just can't stay away


See User information 
## check if module could be loaded
sudo modprobe -v -n xt_TPROXY

## load module
 sudo modprobe -v xt_TPROXY



# ROUTE RULES
ip route add local default dev lo table 100
ip rule add fwmark 1 lookup 100

# CREATE TABLE
iptables -t mangle -N V2RAY

# RETURN LOCAL AND LANS
iptables -t mangle -A V2RAY -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A V2RAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A V2RAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A V2RAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A V2RAY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A V2RAY -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A V2RAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A V2RAY -d 240.0.0.0/4 -j RETURN

# FORWARD ALL
iptables -t mangle -A V2RAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
iptables -t mangle -A V2RAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01

# REDIRECT
iptables -t mangle -A PREROUTING -j V2RAY


{
"tag": "transparent",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": false,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},


Posted on: 2021/2/24 13:03
Top


eyex
Re: iptables redsocks
#3
eyex
Just can't stay away
Just can't stay away


See User information
#!/bin/bash
# -*- coding: utf-8 -*-

start() {



# TCP Redirect
# Create new chain
iptables -t nat -N V2RAY

# Ignore your V2Ray outbound traffic
# It's very IMPORTANT, just be careful.
iptables -t nat -A V2RAY -d $MY_VPS -j RETURN
iptables -t nat -A V2RAY -p tcp -j RETURN -m mark --mark 0xff
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
iptables -t nat -A V2RAY -d 0.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 10.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 127.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 169.254.0.0/16 -j RETURN
iptables -t nat -A V2RAY -d 172.16.0.0/12 -j RETURN
iptables -t nat -A V2RAY -d 192.168.0.0/16 -j RETURN
iptables -t nat -A V2RAY -d 224.0.0.0/4 -j RETURN
iptables -t nat -A V2RAY -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to Dokodemo-door's local port
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 1099

# apply redirect for traffic forworded by this proxy
iptables -t nat -A PREROUTING -p tcp -j V2RAY
# apply redirect for proxy itself
# iptables -t nat -A OUTPUT -p tcp -j V2RAY


# UDP Redirect
iptables -t mangle -N V2RAY
iptables -t mangle -A V2RAY -p udp -j RETURN -m mark --mark 0xff
iptables -t mangle -A V2RAY -p udp --dport 53 -j TPROXY --on-port 1099 --tproxy-mark 0x01/0x01
iptables -t mangle -N V2RAY_MARK
iptables -t mangle -A V2RAY_MARK -p udp -j RETURN -m mark --mark 0xff
iptables -t mangle -A V2RAY_MARK -p udp --dport 53 -j MARK --set-mark 1

# add route for udp traffic
ip route add local default dev lo table 100
ip rule add fwmark 1 lookup 100

# Apply the rules
# apply udp tproxy for traffic forworded by this proxy
iptables -t mangle -A PREROUTING -j V2RAY
# apply udp tproxy for proxy itself
# iptables -t mangle -A OUTPUT -j V2RAY_MARK
}

stop() {
iptables -t nat -D PREROUTING -p tcp -j V2RAY
iptables -t nat -D OUTPUT -p tcp -j V2RAY
iptables -t nat -F V2RAY
iptables -t nat -X V2RAY
iptables -t mangle -D PREROUTING -j V2RAY
iptables -t mangle -F V2RAY
iptables -t mangle -X V2RAY
iptables -t mangle -D OUTPUT -j V2RAY_MARK
iptables -t mangle -F V2RAY_MARK
iptables -t mangle -X V2RAY_MARK
ip rule del fwmark 1 lookup 100
ip route del local default dev lo table 100
}

case $1 in
start)
start
;;
stop)
stop
;;
*)
echo "$0 start|stop"
;;
esac



Posted on: 2021/2/24 14:17
Top



Board index » 计算机/电脑 » 常用软件 » iptables redsocks


  Register To Post



friend links
github中文 / codewhy教程 / catfly file transfer
Themes

(2 themes)
Main Menu
Login
Username:

Password:


Lost Password?
Register now!
Categories
Xoops (11)
--Modules (2)
--Themes (0)
Article (8)