Last active
December 26, 2020 08:42
-
-
Save celeron633/e2d0586fcb383d867e47f813e4ca126f to your computer and use it in GitHub Desktop.
proxy all tcp traffic to a socks5t server use iptables and redsocks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
iptables -t nat -N REDSOCKS | |
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN | |
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN | |
iptables -t nat -A REDSOCKS -d 100.64.0.0/10 -j RETURN | |
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN | |
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN | |
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN | |
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN | |
iptables -t nat -A REDSOCKS -d 198.18.0.0/15 -j RETURN | |
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN | |
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN | |
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345 | |
iptables -t nat -I PREROUTING -p tcp -j REDSOCKS | |
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
function enable_proxy() { | |
echo "[INFO] setting up iptables rules for redsocks...." | |
iptables -t nat -N REDSOCKS | |
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN | |
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN | |
iptables -t nat -A REDSOCKS -d 100.64.0.0/10 -j RETURN | |
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN | |
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN | |
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN | |
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN | |
iptables -t nat -A REDSOCKS -d 198.18.0.0/15 -j RETURN | |
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN | |
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN | |
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345 | |
iptables -t nat -I PREROUTING -p tcp -j REDSOCKS | |
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS | |
} | |
function disable_proxy() { | |
echo "[INFO] clearing iptables nat rules..." | |
iptables -t nat -F | |
iptables -t nat -X REDSOCKS | |
} | |
function show_iptables_stat() { | |
iptables -t nat -L -n -v | |
} | |
if [ "_$1" == "_1" ]; then | |
enable_proxy | |
show_iptables_stat | |
else | |
disable_proxy | |
show_iptables_stat | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
base { | |
// debug: connection progress & client list on SIGUSR1 | |
log_debug = on; | |
// info: start and end of client session | |
log_info = on; | |
/* possible `log' values are: | |
* stderr | |
* "file:/path/to/file" | |
* syslog:FACILITY facility is any of "daemon", "local0"..."local7" | |
*/ | |
log = "file:/var/log/redsocks.log"; | |
// detach from console | |
daemon = on; | |
/* Change uid, gid and root directory, these options require root | |
* privilegies on startup. | |
* Note, your chroot may requre /etc/localtime if you write log to syslog. | |
* Log is opened before chroot & uid changing. | |
*/ | |
user = redsocks; | |
group = redsocks; | |
// chroot = "/var/chroot"; | |
/* possible `redirector' values are: | |
* iptables - for Linux | |
* ipf - for FreeBSD | |
* pf - for OpenBSD | |
* generic - some generic redirector that MAY work | |
*/ | |
redirector = iptables; | |
} | |
redsocks { | |
/* `local_ip' defaults to 127.0.0.1 for security reasons, | |
* use 0.0.0.0 if you want to listen on every interface. | |
* `local_*' are used as port to redirect to. | |
*/ | |
local_ip = 127.0.0.1; | |
local_port = 12345; | |
// `ip' and `port' are IP and tcp-port of proxy-server | |
// You can also use hostname instead of IP, only one (random) | |
// address of multihomed host will be used. | |
ip = 192.168.0.119; | |
port = 1080; | |
// known types: socks4, socks5, http-connect, http-relay | |
type = socks5; | |
// login = "foobar"; | |
// password = "baz"; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
the 'ip' and 'port' in redsocks {} should be set to a socks5 proxy server.