Total Pageviews

Monday 6 July 2020

linux桌面系统上的全局代理程序transproxy


transparent proxy to cross the GFW, cooperate with iptables; also see redsocks: https://github.com/darkk/redsocks
  1. compile
    go get -u -v github.com/xiqingping/transproxy/transproxyd/
  2. config the iptables:
    # create TRANSPROXYD chain
    iptables -t nat -N TRANSPROXYD
    
    # packets from nobody(transproxyd run as nobody) do not redirect
    iptables -t nat -A TRANSPROXYD -p tcp -m owner --uid-owner nobody -j RETURN
    
    # packets to private net do not redirect
    iptables -t nat -A TRANSPROXYD -d 0.0.0.0/8 -j RETURN
    iptables -t nat -A TRANSPROXYD -d 10.0.0.0/8 -j RETURN
    iptables -t nat -A TRANSPROXYD -d 127.0.0.0/8 -j RETURN
    iptables -t nat -A TRANSPROXYD -d 169.254.0.0/16 -j RETURN
    iptables -t nat -A TRANSPROXYD -d 172.16.0.0/12 -j RETURN
    iptables -t nat -A TRANSPROXYD -d 192.168.0.0/16 -j RETURN
    iptables -t nat -A TRANSPROXYD -d 224.0.0.0/4 -j RETURN
    iptables -t nat -A TRANSPROXYD -d 240.0.0.0/4 -j RETURN
    
    # redirect all tcp packets to port 12345(transproxyd listen on this port)
    iptables -t nat -A TRANSPROXYD -p tcp -j REDIRECT --to-ports 12345
    
    # all output tcp packets jump to TRANSPROXYD chain
    iptables -t nat -A OUTPUT -p tcp  -j TRANSPROXYD
    
  3. Run the transproxyd, pls ref the config file under github.com/xiqingping/transproxy/transproxyd
    sudo transproxyd -config /path/to/transproxyd.toml
    
    • Uid or Gid in the config must satify to iptables config: 
    • iptables -t nat -A TRANSPROXYD -p tcp -m owner --uid-owner nobody -j RETURN
    • ListenAddr in the config must satify to iptables config: 
    • iptables -t nat -A TRANSPROXYD -p tcp -j REDIRECT --to-ports 12345

No comments:

Post a Comment