Iptables -t mangle -A SSREDIR -p tcp -syn -j MARK -set-mark 0x2333
# mark the first packet of the connection Iptables -t mangle -A SSREDIR -d 240.0.0.0/4 -j RETURN Iptables -t mangle -A SSREDIR -d 224.0.0.0/4 -j RETURN Iptables -t mangle -A SSREDIR -d 203.0.113.0/24 -j RETURN Iptables -t mangle -A SSREDIR -d 198.18.0.0/15 -j RETURN Iptables -t mangle -A SSREDIR -d 192.168.0.0/16 -j RETURN Iptables -t mangle -A SSREDIR -d 192.88.99.0/24 -j RETURN Iptables -t mangle -A SSREDIR -d 192.0.2.0/24 -j RETURN Iptables -t mangle -A SSREDIR -d 192.0.0.0/24 -j RETURN Iptables -t mangle -A SSREDIR -d 172.16.0.0/12 -j RETURN Iptables -t mangle -A SSREDIR -d 169.254.0.0/16 -j RETURN Iptables -t mangle -A SSREDIR -d 127.0.0.0/8 -j RETURN Iptables -t mangle -A SSREDIR -d 100.64.0.0/10 -j RETURN Iptables -t mangle -A SSREDIR -d 10.0.0.0/8 -j RETURN Iptables -t mangle -A SSREDIR -d 0.0.0.0/8 -j RETURN
# ignore traffic sent to reserved addresses Iptables -t mangle -A SSREDIR -p udp -d MyIP -dport MyPort -j RETURN
Iptables -t mangle -A SSREDIR -p tcp -d MyIP -dport MyPort -j RETURN Iptables -t mangle -A SSREDIR -m mark -mark 0x2333 -j RETURN Iptables -t mangle -A SSREDIR -j CONNMARK -restore-mark (ss-redir -s MyIP -p MyPort -m MyMethod -k MyPasswd -b 127.0.0.1 -l 60080 -no-delay -u -T -v >/var/log/ss-redir.log &) Of course, the ipv6 proxy is similar, just change iptables to ip6tables, ip to ip -6, 127.0.0.1 to ::1, and other details. Other hosts under the same LAN can also change their default gateway to the ip of this linux host (at the same time change the dns server to 1.1.1.1 or 8.8.8.8, etc.) to proxy their outgoing traffic. Ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pidĮxecuting this script on the linux host can proxy all outgoing traffic of this machine (except the traffic sent to the reserved address). Iptables -t mangle -A PREROUTING -j SHADOWSOCKS Iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS Iptables -t mangle -A SHADOWSOCKS -p udp -dport 53 -j TPROXY -on-port 12345 -tproxy-mark 0x01/0x01 Ip route add local default dev lo table 100 Iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT -to-ports 12345 # Anything else should be redirected to shadowsocks's local port Iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN Iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN Iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN Iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN Iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN Iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN Iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN Iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN # See ashi009/bestroutetb for a highly optimized CHN route list.
SHADOWSOCKS PROTOCOL FULL
# See Wikipedia and RFC5735 for full list of reserved networks. # Ignore LANs and any other addresses you'd like to bypass the proxy # Ignore your shadowsocks server's addresses You can configure your Linux-based box or router to proxy all TCP traffic transparently, which is handy if you use an OpenWRT-powered router. The latest shadowsocks-libev has provided a redir mode. Path to the working directory of ss-manager. (only available in server and manager mode) (only available in local and server mode) The default cipher is chacha20-ietf-poly1305.įor servers: Specify the local address to useĬonnections to remote servers on behalf of theįor clients: Specify the local address to use s Host name or IP address of your remote server.
SHADOWSOCKS PROTOCOL INSTALL
You can install it in either way, pkg or ports. Shadowsocks-libev is available in FreeBSD Ports Collection. You may need to manually install missing softwares. # Installation of MbedTLS export MBEDTLS_VER=2.6.0 # Installation of libsodium export LIBSODIUM_VER=1.0.16 Sudo pacman -S gettext gcc autoconf libtool automake make asciidoc xmlto c-ares libev Sudo yum install gettext gcc autoconf libtool automake make asciidoc xmlto c-ares-devel libev-devel Sudo apt-get install -no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev libc-ares-dev automake libmbedtls-dev libsodium-dev # Installation of basic build dependencies # Debian / Ubuntu
0 kommentar(er)
