ntzyz/ss-redir.sh

## ss-redir.sh
#!/bin/bash
# Use ss-redir to proxy all tcp connections.

RED='\033[0;31m'
NC='\033[0m'

# Options for ss-redir.
SERVER="233.com.cn"
PORT=""
METHOD="chacha20"
PASSWD="FUCK GFW"
LOCALPORT="233"
PARAM="-A -u"
PREFIX="/usr/local/bin"

# Check root permission.
if [ "$(id -u)" != "0" ]; then
  echo -e "${RED}This script must be run as root.${NC}"
  exit 1
fi

# Resolve domain name (if needed)
echo $SERVER | grep -P "\d+?\.\d+?\.\d+?\.\d+?" > /dev/null
if [ $? != 0 ]; then
  printf "Resolving $SERVER ... "
  SERVER=`dig +short $SERVER`
  if [ $? != 0 ] || [ "$SERVER" == "" ]; then
    echo -e "${RED}FAILED${NC}"
    exit 1
  else
    echo $SERVER
  fi
fi

# Create new chain in nat table
sudo iptables -t nat -N SHADOWSOCKS
iptables -t nat -A SHADOWSOCKS -d $SERVER -j RETURN

# Direct connect to all LAN subnet
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/10 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN

# Redirect all connections to shadowsocks port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports $LOCALPORT
iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS

# Clean up all on exit.
trap ctrl_c INT
function ctrl_c() {
  echo "Cleaning up..."
  iptables -t nat -F SHADOWSOCKS
  iptables -t nat -D OUTPUT -p tcp -j SHADOWSOCKS
  iptables -t nat -X SHADOWSOCKS
}

$PREFIX/ss-redir  \
  -s $SERVER      \
  -p $PORT        \
  -m $METHOD      \
  -k $PASSWD      \
  -l $LOCALPORT   \
  -b 127.0.0.1    \
  $PARAM
	#!/bin/bash
	# Use ss-redir to proxy all tcp connections.

	RED='\033[0;31m'
	NC='\033[0m'

	# Options for ss-redir.
	SERVER="233.com.cn"
	PORT=""
	METHOD="chacha20"
	PASSWD="FUCK GFW"
	LOCALPORT="233"
	PARAM="-A -u"
	PREFIX="/usr/local/bin"

	# Check root permission.
	if [ "$(id -u)" != "0" ]; then
	echo -e "${RED}This script must be run as root.${NC}"
	exit 1
	fi

	# Resolve domain name (if needed)
	echo $SERVER \| grep -P "\d+?\.\d+?\.\d+?\.\d+?" > /dev/null
	if [ $? != 0 ]; then
	printf "Resolving $SERVER ... "
	SERVER=`dig +short $SERVER`
	if [ $? != 0 ] \|\| [ "$SERVER" == "" ]; then
	echo -e "${RED}FAILED${NC}"
	exit 1
	else
	echo $SERVER
	fi
	fi

	# Create new chain in nat table
	sudo iptables -t nat -N SHADOWSOCKS
	iptables -t nat -A SHADOWSOCKS -d $SERVER -j RETURN

	# Direct connect to all LAN subnet
	iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/10 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN

	# Redirect all connections to shadowsocks port
	iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports $LOCALPORT
	iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS

	# Clean up all on exit.
	trap ctrl_c INT
	function ctrl_c() {
	echo "Cleaning up..."
	iptables -t nat -F SHADOWSOCKS
	iptables -t nat -D OUTPUT -p tcp -j SHADOWSOCKS
	iptables -t nat -X SHADOWSOCKS
	}

	$PREFIX/ss-redir \
	-s $SERVER \
	-p $PORT \
	-m $METHOD \
	-k $PASSWD \
	-l $LOCALPORT \
	-b 127.0.0.1 \
	$PARAM