透明代理的配置
(base) afu@debian:~$ sudo iptables -t nat -A OUTPUT -d shanghai.liuwenwen.net -j RETURN(base) afu@debian:~$ sudo iptables -t nat -A OUTPUT -d 10.0.0.0/8 -j RETURN(base) afu@debian:~$ sudo iptables -t nat -A OUTPUT -d 192.168.0.0/16 -j RETURN(base) afu@debian:~$ sudo iptables -t nat -A OUTPUT -d 127.0.0.0/8 -j RETURN(base) afu@debian:~$ sudo iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 10054(base) afu@debian:~$ sudo iptables -t nat -F(base) afu@debian:~$ sudo iptables -t mangle -F(base) afu@debian:~$ sudo iptables -t raw -F
base {// debug: connection progress & client list on SIGUSR1log_debug = on;// info: start and end of client sessionlog_info = on;/* possible `log' values are:* stderr* "file:/path/to/file"* syslog:FACILITY facility is any of "daemon", "local0"..."local7"*/log = stderr;// log = "file:/path/to/file";// log = "syslog:local7";// detach from consoledaemon = off;/* Change uid, gid and root directory, these options require root* privilegies on startup.* Note, your chroot may requre /etc/localtime if you write log to syslog.* Log is opened before chroot & uid changing.*/// user = nobody;// group = nobody;// chroot = "/var/chroot";/* possible `redirector' values are:* iptables - for Linux* ipf - for FreeBSD* pf - for OpenBSD* generic - some generic redirector that MAY work*/redirector = iptables;}redsocks {/* `local_ip' defaults to 127.0.0.1 for security reasons,* use 0.0.0.0 if you want to listen on every interface.* `local_*' are used as port to redirect to.*/local_ip = 127.0.0.1;local_port = 10054; //记住这个端口,这个是redsocks运行的端口// listen() queue length. Default value is SOMAXCONN and it should be// good enough for most of us.// listenq = 128; // SOMAXCONN equals 128 on my Linux box.// `max_accept_backoff` is a delay to retry `accept()` after accept// failure (e.g. due to lack of file descriptors). It's measured in// milliseconds and maximal value is 65535. `min_accept_backoff` is// used as initial backoff value and as a damper for `accept() after// close()` logic.// min_accept_backoff = 100;// max_accept_backoff = 60000;// `ip' and `port' are IP and tcp-port of proxy-server// You can also use hostname instead of IP, only one (random)// address of multihomed host will be used.ip = 127.0.0.1; //这个是代-理服务器的端口,如果你本地运行shadows,需要将ip设置为127.0.0.1port = 8899; //编辑这个端口值,修改为本地shadowsocks运行的端口// known types: socks4, socks5, http-connect, http-relaytype = socks5;// login = "foobar";// password = "baz";}redudp {// `local_ip' should not be 0.0.0.0 as it's also used for outgoing// packets that are sent as replies - and it should be fixed// if we want NAT to work properly.local_ip = 127.0.0.1;local_port = 10055;// `ip' and `port' of socks5 proxy server.ip = 127.0.0.1;port = 1080;// redsocks knows about two options while redirecting UDP packets at// linux: TPROXY and REDIRECT. TPROXY requires more complex routing// configuration and fresh kernel (>= 2.6.37 according to squid// developers[1]) but has hack-free way to get original destination// address, REDIRECT is easier to configure, but requires `dest_ip` and// `dest_port` to be set, limiting packet redirection to single// destination.// [1] http://wiki.squid-cache.org/Features/Tproxy4dest_ip = 8.8.8.8;dest_port = 53;udp_timeout = 30;udp_timeout_stream = 180;}// you can add more `redsocks' and `redudp' sections if you need.
若有收获,就点个赞吧
0 人点赞
