redsocks2是一款透明socks5代理工具,能够实现智能代理的功能,这里是redsocks2在OpenWrt上的配置,配合shadowsocks使用。
redsocks.conf 是配置文件,放在/etc目录,将192.168.1.1改成路由器的地址.
redsocks2.sh 为自启动文件,改名为redsocks2放到/etc/init.d目录即可。自启动文件假设redsocks可执行文件在/opt/bin目录。
启动redsocks2: /etc/init.d/redsocks2 start
停止redsocks2: /etc/init.d/redsocks2 stop
| base { | |
| log_debug = off; | |
| log_info = off; | |
| daemon = on; | |
| redirector= iptables; | |
| } | |
| redsocks { | |
| # rename this address to local ip | |
| local_ip = 192.168.1.1; | |
| local_port = 1081; | |
| # rename this ip to socks5 ip | |
| ip = 192.168.1.1; | |
| port = 1080; | |
| type = socks5; // I use socks5 proxy for GFW'ed IP | |
| autoproxy = 1; // I want autoproxy feature enabled on this section. | |
| // The two lines above have same effect as | |
| // type = autosocks5; | |
| // in previous release. | |
| // timeout is meaningful when 'autoproxy' is non-zero. | |
| // It specified timeout value when trying to connect to destination | |
| // directly. Default is 10 seconds. When it is set to 0, default | |
| // timeout value will be used. | |
| timeout = 10; | |
| //type = http-connect; | |
| //login = username; | |
| //password = passwd; | |
| } | |
| #!/bin/sh /etc/rc.common | |
| # Copyright (C) 2006-2011 OpenWrt.org | |
| # | |
| # auto startup script for redsocks2 on OpenWrt | |
| # this file is located in directory /etc/init.d | |
| # rename this file to redsocks | |
| START=95 | |
| SERVICE_USE_PID=1 | |
| SERVICE_WRITE_PID=1 | |
| SERVICE_DAEMONIZE=1 | |
| start() { | |
| echo starting redsocks2... | |
| /opt/bin/redsocks2 -c /etc/redsocks.conf | |
| echo loading redsocks2 firewall rules... | |
| load_firewall | |
| echo done. | |
| } | |
| stop() { | |
| echo stopping redsocks2... | |
| killall -9 redsocks2 | |
| echo flushing redsocks2 firewall rules... | |
| flush_firewall | |
| echo done. | |
| } | |
| load_firewall() { | |
| # create a new chain named REDSOCKS | |
| iptables -t nat -N REDSOCKS | |
| # Ignore LANs IP address | |
| iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN | |
| iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN | |
| iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN | |
| iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN | |
| iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN | |
| iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN | |
| iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN | |
| iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN | |
| # Anything else should be redirected to redsocks's local port | |
| iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 1081 | |
| # Apply the rules | |
| iptables -t nat -I zone_lan_prerouting -j REDSOCKS | |
| } | |
| flush_firewall() { | |
| iptables -t nat -F REDSOCKS | |
| sleep 1 | |
| iptables -t nat -D zone_lan_prerouting -j REDSOCKS | |
| iptables -t nat -X REDSOCKS | |
| } |