Transparent proxy servers for HTTP, HTTPS, DNS and TCP.
Description
go-transproxy provides transparent proxy servers for HTTP, HTTPS, DNS and TCP with single binary. Nothing needs to setup many tools. Nothing needs to configure iptables. go-transproxy will start multiple proxy servers for these protocols. Futheremore, it will configure iptables automatically.go-transproxy also provides two types of explicit proxy(not transparent proxy). One is a simple proxy delegating to upstream your proxy, another is for adding
Proxy-Authorization
header automatically.Requirement
go-transproxy supports only Linux iptables.Install
Binaly install
Download from Releases page.Source install
Use Go 1.8 and dep.dep ensure
go build -o transproxy cmd/transproxy/main.go
chmod +x transproxy
Usage
Usage:
transproxy [options]
Options:
-disable-iptables
Disable automatic iptables configuration
-dns-over-https-enabled
Use DNS-over-HTTPS service as public DNS
-dns-over-https-endpoint string
DNS-over-HTTPS endpoint URL (default "https://dns.google.com/resolve")
-dns-over-tcp-disabled
Disable DNS-over-TCP for querying to public DNS
-dns-proxy-listen [host]:port
DNS Proxy listen address, as [host]:port (default ":3131")
-dns-tcp
DNS Listen on TCP (default true)
-dns-udp
DNS Listen on UDP (default true)
-explicit-proxy-listen [host]:port
Explicit Proxy listen address for HTTP/HTTPS, as [host]:port Note: This proxy doesn't use authentication info of the `http_proxy` and `https_proxy` environment variables (default ":3132")
-explicit-proxy-only
Boot Explicit Proxies only
-explicit-proxy-with-auth-listen [host]:port
Explicit Proxy with auth listen address for HTTP/HTTPS, as [host]:port Note: This proxy uses authentication info of the `http_proxy` and `https_proxy` environment variables (default ":3133")
-http-proxy-listen [host]:port
HTTP Proxy listen address, as [host]:port (default ":3129")
-https-proxy-listen [host]:port
HTTPS Proxy listen address, as [host]:port (default ":3130")
-loglevel string
Log level, one of: debug, info, warn, error, fatal, panic (default "info")
-private-dns string
Private DNS address for no_proxy targets (IP[:port])
-public-dns string
Public DNS address (IP[:port]) Note: Your proxy needs to support CONNECT method to the Public DNS port, and the public DNS needs to support TCP
-tcp-proxy-dports port1,port2,...
TCP Proxy dports, as port1,port2,... (default "22")
-tcp-proxy-listen [host]:port
TCP Proxy listen address, as [host]:port (default ":3128")
Proxy configuration is used from standard environment variables, http_proxy
, https_proxy
and no_proxy
.
Also you can use IP Address, CIDR, Suffix Domain Name in no_proxy
.Example
# Set your proxy environment
export http_proxy=http://foo:bar@yourproxy.example.org:3128
# Set no_proxy if you need to access directly for internal
export no_proxy=example.org,192.168.0.0/24
# Start go-transproxy with admin privileges(sudo)
sudo -E transproxy -private-dns 192.168.0.100 -public-dns 8.8.8.8
For testing, using docker is easy way. Now, you can access to google
from docker container with no proxy configuration as follows.docker run --rm -it centos curl http://www.google.com
302 Moved
302 Moved
The document has moved
here.
If your proxy doesn't support CONNECT method to DNS port, it cannot resolve public domain name transparently.
Fortunately, Google privides DNS-over-HTTPS service, so you can use this service as public DNS by adding -dns-over-https-enabled
option instead of -public-dns
option as below even if your proxy supports CONNECT method to 443 port only.sudo -E transproxy -private-dns 192.168.0.100 -dns-over-https-enabled
If you can resolve all domains directly from local LAN, run command without dns related options as below.
It disables DNS-Proxy.sudo -E transproxy
If you need to use both public DNS and private DNS, and need to use public DNS directly, run command with -dns-over-tcp-disabled
option as below.
It suppresses to insert a iptables OUTPUT rule for DNS over TCP.sudo -E transproxy -private-dns 192.168.0.100 -public-dns 172.16.0.1 -dns-over-tcp-disabled
If you want to use an application which access to internet using port 5000, run command with -tcp-proxy-dports
option as below.sudo -E transproxy -private-dns 192.168.0.100 -public-dns 8.8.8.8 -tcp-proxy-dports 22,5000
Current Limitation
- HTTP proxy: Only works with HTTP host header.
- HTTPS proxy:
no_proxy
only works with IP Address and CIDR if your https client doesn't support SNI. - TCP proxy:
no_proxy
only works with IP Address and CIDR.
No comments:
Post a Comment