├── .gitignore ├── redsocks_x86_64 ├── redsocks_aarch64 ├── redsocks-release-0.5.tar.gz ├── NoProxyDoamin.txt ├── NoProxy.txt ├── redsocks.service ├── flushnoproxydomain.sh ├── proxyall.sh ├── proxy.sh ├── GFlist.txt ├── install.sh ├── redsocks.conf.example └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | redsocks.conf 2 | proxyserverinfo 3 | -------------------------------------------------------------------------------- /redsocks_x86_64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/liuwenru/intelliq-redsocks/HEAD/redsocks_x86_64 -------------------------------------------------------------------------------- /redsocks_aarch64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/liuwenru/intelliq-redsocks/HEAD/redsocks_aarch64 -------------------------------------------------------------------------------- /redsocks-release-0.5.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/liuwenru/intelliq-redsocks/HEAD/redsocks-release-0.5.tar.gz -------------------------------------------------------------------------------- /NoProxyDoamin.txt: -------------------------------------------------------------------------------- 1 | obs.cn-east-3.myhuaweicloud.com 2 | oa.epoint.com.cn 3 | fdoc.epoint.com.cn 4 | mirrors.aliyun.com 5 | -------------------------------------------------------------------------------- /NoProxy.txt: -------------------------------------------------------------------------------- 1 | 127.0.0.1 2 | 192.168.0.0/16 3 | 172.16.0.0/16 4 | 218.4.136.119 5 | 153.99.248.245 6 | 153.99.248.244/16 7 | 218.4.136.119 8 | 221.6.79.43 9 | 112.25.145.90 10 | 153.37.197.218 11 | 218.4.55.18 12 | -------------------------------------------------------------------------------- /redsocks.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Transparent redirector of any TCP connection to proxy using your firewall 3 | 4 | [Service] 5 | Type=forking 6 | PIDFile=/tmp/redsocks.pid 7 | EnvironmentFile=/etc/redsocksenv 8 | User=root 9 | ExecStartPre= iptables -t nat -A OUTPUT -p tcp -d SOCK_SERVER -j RETURN 10 | ExecStart=/usr/bin/redsocks -c /etc/redsocks.conf -p /tmp/redsocks.pid 11 | ExecStopPost=/bin/rm /tmp/redsocks.pid && iptables -t nat -F 12 | Restart=on-abort 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /flushnoproxydomain.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | while (true); do 4 | cat /etc/NoProxyDoamin.txt | while read noproxydomain; do 5 | for ip in $(nslookup ${noproxydomain} | grep "Address" | grep -v "#" | awk '{print $2}'); do 6 | isexsit=$(iptables -t nat -L OUTPUT -nv --line 2>&1 | grep ${ip} | wc -l) 7 | if [[ ${isexsit} -eq 0 ]]; then 8 | iptables -t nat -I OUTPUT 1 -p tcp -d ${ip} -j RETURN -m comment --comment ${noproxydomain} 9 | fi 10 | done 11 | done 12 | sleep 300 13 | done 14 | -------------------------------------------------------------------------------- /proxyall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function set_no_proxy() { 4 | # set no need proxy 5 | while read line; do 6 | echo -e "\033[32m this ip[${line}] will no connected .... \033[0m" 7 | iptables -t nat -A OUTPUT -p tcp -d ${line} -j RETURN 8 | done proxyserverinfo 25 | else 26 | # 本地已经存在了代理服务的配置信息,直接读取就好了 27 | SOCK_SERVER=$(head -n 1 proxyserverinfo | awk -F: '{print $1}') 28 | SOCK_PORT=$(head -n 1 proxyserverinfo | awk -F: '{print $2}') 29 | 30 | fi 31 | 32 | cp redsocks.service /lib/systemd/system/ 33 | sed -i '18s/daemon.*/daemon = on;/g' /etc/redsocks.conf 34 | sed -i '44s/local_port.*/local_port = '${PROXY_PORT}';/g' /etc/redsocks.conf 35 | sed -i '61s/ip.*/ip = '${SOCK_SERVER}';/g' /etc/redsocks.conf 36 | sed -i '62s/port.*/port = '${SOCK_PORT}';/g' /etc/redsocks.conf 37 | sed -i 's/SOCK_SERVER/'${SOCK_SERVER}'/g' /lib/systemd/system/redsocks.service 38 | 39 | systemctl daemon-reload 40 | 41 | # cpy proxy set 42 | /bin/cp NoProxy.txt /etc/NoProxy.txt 43 | /bin/cp NoProxyDoamin.txt /etc/NoProxyDoamin.txt 44 | /bin/cp GFlist.txt /etc/GFlist.txt 45 | 46 | /bin/cp -rf proxy.sh /usr/local/bin/proxy && chmod +x /usr/local/bin/proxy && sed -i 's/SED_SOCK_SERVER/'${SOCK_SERVER}'/g' /usr/local/bin/proxy && sed -i 's/SED_PROXY_PORT/'${PROXY_PORT}'/g' /usr/local/bin/proxy 47 | /bin/cp -rf proxyall.sh /usr/local/bin/proxyall && chmod +x /usr/local/bin/proxyall && sed -i 's/SED_SOCK_SERVER/'${SOCK_SERVER}'/g' /usr/local/bin/proxyall && sed -i 's/SED_PROXY_PORT/'${PROXY_PORT}'/g' /usr/local/bin/proxyall 48 | -------------------------------------------------------------------------------- /redsocks.conf.example: -------------------------------------------------------------------------------- 1 | base { 2 | // debug: connection progress & client list on SIGUSR1 3 | log_debug = on; 4 | 5 | // info: start and end of client session 6 | log_info = on; 7 | 8 | /* possible `log' values are: 9 | * stderr 10 | * "file:/path/to/file" 11 | * syslog:FACILITY facility is any of "daemon", "local0"..."local7" 12 | */ 13 | log = stderr; 14 | // log = "file:/path/to/file"; 15 | // log = "syslog:local7"; 16 | 17 | // detach from console 18 | daemon = off; 19 | 20 | /* Change uid, gid and root directory, these options require root 21 | * privilegies on startup. 22 | * Note, your chroot may requre /etc/localtime if you write log to syslog. 23 | * Log is opened before chroot & uid changing. 24 | */ 25 | // user = nobody; 26 | // group = nobody; 27 | // chroot = "/var/chroot"; 28 | 29 | /* possible `redirector' values are: 30 | * iptables - for Linux 31 | * ipf - for FreeBSD 32 | * pf - for OpenBSD 33 | * generic - some generic redirector that MAY work 34 | */ 35 | redirector = iptables; 36 | } 37 | 38 | redsocks { 39 | /* `local_ip' defaults to 127.0.0.1 for security reasons, 40 | * use 0.0.0.0 if you want to listen on every interface. 41 | * `local_*' are used as port to redirect to. 42 | */ 43 | local_ip = 127.0.0.1; 44 | local_port = 12345; 45 | 46 | // listen() queue length. Default value is SOMAXCONN and it should be 47 | // good enough for most of us. 48 | // listenq = 128; // SOMAXCONN equals 128 on my Linux box. 49 | 50 | // `max_accept_backoff` is a delay to retry `accept()` after accept 51 | // failure (e.g. due to lack of file descriptors). It's measured in 52 | // milliseconds and maximal value is 65535. `min_accept_backoff` is 53 | // used as initial backoff value and as a damper for `accept() after 54 | // close()` logic. 55 | // min_accept_backoff = 100; 56 | // max_accept_backoff = 60000; 57 | 58 | // `ip' and `port' are IP and tcp-port of proxy-server 59 | // You can also use hostname instead of IP, only one (random) 60 | // address of multihomed host will be used. 61 | ip = example.org; 62 | port = 1080; 63 | 64 | 65 | // known types: socks4, socks5, http-connect, http-relay 66 | type = socks5; 67 | 68 | // login = "foobar"; 69 | // password = "baz"; 70 | } 71 | 72 | redudp { 73 | // `local_ip' should not be 0.0.0.0 as it's also used for outgoing 74 | // packets that are sent as replies - and it should be fixed 75 | // if we want NAT to work properly. 76 | local_ip = 127.0.0.1; 77 | local_port = 10053; 78 | 79 | // `ip' and `port' of socks5 proxy server. 80 | ip = 10.0.0.1; 81 | port = 1080; 82 | login = username; 83 | password = pazzw0rd; 84 | 85 | // kernel does not give us this information, so we have to duplicate it 86 | // in both iptables rules and configuration file. By the way, you can 87 | // set `local_ip' to 127.45.67.89 if you need more than 65535 ports to 88 | // forward ;-) 89 | // This limitation may be relaxed in future versions using contrack-tools. 90 | dest_ip = 8.8.8.8; 91 | dest_port = 53; 92 | 93 | udp_timeout = 30; 94 | udp_timeout_stream = 180; 95 | } 96 | 97 | dnstc { 98 | // fake and really dumb DNS server that returns "truncated answer" to 99 | // every query via UDP, RFC-compliant resolver should repeat same query 100 | // via TCP in this case. 101 | local_ip = 127.0.0.1; 102 | local_port = 5300; 103 | } 104 | 105 | // you can add more `redsocks' and `redudp' sections if you need. 106 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 一、简介 2 | 3 | 实现 Linux 下的全局翻墙,使用 redsocks 配合 iptables 实现请求流量的转发 4 | 5 | 有的时候在实验环境中下载一些被`GFW`给墙掉的资源会出现下载不到的情况,好在网上有大神使用`C`写了一个库可以将将本地的流量从一个端口转向`Socket5`的端口,我们再使用一个`SSH -D`参数本地启动一个`Socket5`端口,使用`redsocks`将流量转到对应的`Socket5`上。这样就是就可以实现任何流量都可以翻墙了,由于官方的`redsocks`并没有提供`iptables`的配置方法,所以我写了一个脚本,自动的读取配置文件啥的,帮助快速使用。 6 | 7 | 感谢大神的项目,详细参见[此处 Github 主页](https://github.com/darkk/redsocks)。 8 | 9 | # 一、使用方法 10 | 11 | 本人已经针对`redsocks`的一个稳定版本编译好了一个直接可以运行的二进制文件,使用`alpine musl gilbc`编译,因此可以不需要安装依赖直接使用,提供了`x86`和`aarch64`两个版本,使用方法如下 12 | 13 | 1. 安装 14 | 15 | ```bash 16 | Shell> git clone 本仓库 17 | Shell> ./install.sh 18 | please tell me you sock_server:127.0.0.1 #输入socket5代理服务器的地址 19 | please tell me you sock_port:7070 #输入socket5代理服务器的端口 20 | ``` 21 | 22 | 2. 启动 redsocks 23 | 24 | ```bash 25 | Shell > service redsocks start 26 | 27 | ``` 28 | 29 | 3. 选择代理模式 30 | 31 | **全局代理模式** 32 | 33 | ```bash 34 | Shell> proxyall #启动全局代理模式,此模式下将代理所有的访问 35 | 36 | your iptabls OUTPUT chain like this.... 37 | Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) 38 | num pkts bytes target prot opt in out source destination 39 | 40 | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) 41 | num pkts bytes target prot opt in out source destination 42 | 43 | Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) 44 | num pkts bytes target prot opt in out source destination 45 | 1 0 0 RETURN tcp -- * * 0.0.0.0/0 192.168.188.0/24 46 | 2 0 0 RETURN tcp -- * * 0.0.0.0/0 127.0.0.1 47 | 3 0 0 RETURN tcp -- * * 0.0.0.0/0 127.0.0.1 48 | 4 0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 redir ports 12345 49 | 50 | Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) 51 | num pkts bytes target prot opt in out source destination 52 | ``` 53 | 54 | **代理指定主机** 55 | 56 | 该模式下只代理`GFlist.txt`中指定的主机 57 | 58 | ```bash 59 | Shell> proxy 60 | 61 | this ip[216.58.194.99] will use proxy connected .... 62 | this ip[180.97.33.107] will use proxy connected .... 63 | your iptabls OUTPUT chain like this.... 64 | Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) 65 | num pkts bytes target prot opt in out source destination 66 | 67 | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) 68 | num pkts bytes target prot opt in out source destination 69 | 70 | Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) 71 | num pkts bytes target prot opt in out source destination 72 | 1 0 0 RETURN tcp -- * * 0.0.0.0/0 192.168.188.0/24 73 | 2 0 0 RETURN tcp -- * * 0.0.0.0/0 127.0.0.1 74 | 3 0 0 RETURN tcp -- * * 0.0.0.0/0 127.0.0.1 75 | 4 0 0 REDIRECT tcp -- * * 0.0.0.0/0 216.58.194.99 redir ports 12345 76 | 5 0 0 REDIRECT tcp -- * * 0.0.0.0/0 180.97.33.107 redir ports 12345 77 | 78 | Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) 79 | num pkts bytes target prot opt in out source destination 80 | 81 | ``` 82 | 83 | 4. 清理代理与关闭代理 84 | 85 | ```bash 86 | 87 | Shell> iptable -t nat -F #清理所有的代理模式 88 | Shell> service redsocks start #关闭代理 89 | 90 | 91 | ``` 92 | 93 | # 静态编译方法 94 | 95 | ```bash 96 | 97 | apk --no-cache add busybox-extras musl-dev linux-headers libevent-static libevent-dev musl-dev gcc make vim bash 98 | 99 | ``` 100 | --------------------------------------------------------------------------------