├── .gitignore
├── GFlist.txt
├── NoProxy.txt
├── NoProxyDoamin.txt
├── README.md
├── flushnoproxydomain.sh
├── install.sh
├── proxy.sh
├── proxyall.sh
├── redsocks-release-0.5.tar.gz
├── redsocks.conf.example
├── redsocks.service
├── redsocks_aarch64
└── redsocks_x86_64


/.gitignore:
--------------------------------------------------------------------------------
1 | redsocks.conf
2 | proxyserverinfo
3 | 


--------------------------------------------------------------------------------
/GFlist.txt:
--------------------------------------------------------------------------------
 1 | 103.245.222.0/24
 2 | 103.73.0.0/16
 3 | 104.18.0.0/16
 4 | 104.244.0.0/16
 5 | 107.23.173.87
 6 | 108.168.194.0/24
 7 | 108.177.97.82
 8 | 116.211.155.164
 9 | 117.23.61.0/24
10 | 119.28.0.0/16
11 | 119.81.184.202
12 | 128.174.246.134
13 | 129.143.116.10
14 | 131.103.20.0/24
15 | 13.229.188.59
16 | 13.250.177.223
17 | 142.251.0.0/16
18 | 151.0.0.0/8
19 | 151.101.0.0/16
20 | 159.106.121.75
21 | 172.217.0.0/16
22 | 173.194.0.0/16
23 | 180.97.33.107
24 | 185.199.0.0/16
25 | 192.30.0.0/16
26 | 199.16.0.0/16
27 | 199.27.79.0/24
28 | 199.59.0.0/16
29 | 20.205.0.0/16
30 | 203.208.52.0/24
31 | 216.239.0.0/16
32 | 216.58.0.0/16
33 | 216.58.221.0/24
34 | 31.13.0.0/16
35 | 46.0.0.0/8
36 | 52.0.0.0/8
37 | 52.7.39.0/24
38 | 52.74.223.119
39 | 52.7.63.43
40 | 52.87.0.0/16
41 | 54.152.78.181
42 | 54.164.250.255
43 | 54.173.120.94
44 | 54.186.104.15
45 | 54.192.75.144
46 | 54.192.75.43
47 | 54.192.75.69
48 | 54.230.149.20
49 | 54.247.69.204
50 | 64.233.0.0/16
51 | 69.63.0.0/16
52 | 74.125.0.0/16
53 | 74.125.204.199
54 | 75.0.0.0/8
55 | 8.0.0.0/8
56 | 8.43.84.0/24
57 | 96.6.0.0/16
58 | 101.6.15.130/16
59 | 


--------------------------------------------------------------------------------
/NoProxy.txt:
--------------------------------------------------------------------------------
 1 | 127.0.0.1
 2 | 192.168.0.0/16
 3 | 172.16.0.0/16
 4 | 218.4.136.119
 5 | 153.99.248.245
 6 | 153.99.248.244/16
 7 | 218.4.136.119
 8 | 221.6.79.43
 9 | 112.25.145.90
10 | 153.37.197.218
11 | 218.4.55.18
12 | 


--------------------------------------------------------------------------------
/NoProxyDoamin.txt:
--------------------------------------------------------------------------------
1 | obs.cn-east-3.myhuaweicloud.com
2 | oa.epoint.com.cn
3 | fdoc.epoint.com.cn
4 | mirrors.aliyun.com
5 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # 一、简介
  2 | 
  3 | 实现 Linux 下的全局翻墙，使用 redsocks 配合 iptables 实现请求流量的转发
  4 | 
  5 | 有的时候在实验环境中下载一些被`GFW`给墙掉的资源会出现下载不到的情况，好在网上有大神使用`C`写了一个库可以将将本地的流量从一个端口转向`Socket5`的端口，我们再使用一个`SSH -D`参数本地启动一个`Socket5`端口，使用`redsocks`将流量转到对应的`Socket5`上。这样就是就可以实现任何流量都可以翻墙了，由于官方的`redsocks`并没有提供`iptables`的配置方法，所以我写了一个脚本，自动的读取配置文件啥的，帮助快速使用。
  6 | 
  7 | 感谢大神的项目，详细参见[此处 Github 主页](https://github.com/darkk/redsocks)。
  8 | 
  9 | # 一、使用方法
 10 | 
 11 | 本人已经针对`redsocks`的一个稳定版本编译好了一个直接可以运行的二进制文件，使用`alpine musl gilbc`编译，因此可以不需要安装依赖直接使用，提供了`x86`和`aarch64`两个版本，使用方法如下
 12 | 
 13 | 1. 安装
 14 | 
 15 | ```bash
 16 | Shell> git clone 本仓库
 17 | Shell> ./install.sh
 18 | please tell me you sock_server:127.0.0.1 #输入socket5代理服务器的地址
 19 | please tell me you sock_port:7070        #输入socket5代理服务器的端口
 20 | ```
 21 | 
 22 | 2. 启动 redsocks
 23 | 
 24 | ```bash
 25 | Shell > service redsocks start
 26 | 
 27 | ```
 28 | 
 29 | 3. 选择代理模式
 30 | 
 31 | **全局代理模式**
 32 | 
 33 | ```bash
 34 | Shell>   proxyall      #启动全局代理模式，此模式下将代理所有的访问
 35 | 
 36 |  your iptabls OUTPUT chain like this....
 37 |  Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 38 |  num   pkts bytes target     prot opt in     out     source               destination
 39 | 
 40 |  Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 41 |  num   pkts bytes target     prot opt in     out     source               destination
 42 | 
 43 |  Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 44 |  num   pkts bytes target     prot opt in     out     source               destination
 45 |  1        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            192.168.188.0/24
 46 |  2        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            127.0.0.1
 47 |  3        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            127.0.0.1
 48 |  4        0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            redir ports 12345
 49 | 
 50 |  Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 51 |  num   pkts bytes target     prot opt in     out     source               destination
 52 | ```
 53 | 
 54 | **代理指定主机**
 55 | 
 56 | 该模式下只代理`GFlist.txt`中指定的主机
 57 | 
 58 | ```bash
 59 | Shell> proxy
 60 | 
 61 | this ip[216.58.194.99] will use proxy connected ....
 62 | this ip[180.97.33.107] will use proxy connected ....
 63 | your iptabls OUTPUT chain like this....
 64 |    Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 65 |    num   pkts bytes target     prot opt in     out     source               destination
 66 | 
 67 |    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 68 |    num   pkts bytes target     prot opt in     out     source               destination
 69 | 
 70 |    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 71 |    num   pkts bytes target     prot opt in     out     source               destination
 72 |    1        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            192.168.188.0/24
 73 |    2        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            127.0.0.1
 74 |    3        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            127.0.0.1
 75 |    4        0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            216.58.194.99        redir ports 12345
 76 |    5        0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            180.97.33.107        redir ports 12345
 77 | 
 78 |    Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 79 |    num   pkts bytes target     prot opt in     out     source               destination
 80 | 
 81 | ```
 82 | 
 83 | 4. 清理代理与关闭代理
 84 | 
 85 | ```bash
 86 | 
 87 | Shell> iptable -t nat -F                  #清理所有的代理模式
 88 | Shell> service redsocks start             #关闭代理
 89 | 
 90 | 
 91 | ```
 92 | 
 93 | # 静态编译方法
 94 | 
 95 | ```bash
 96 | 
 97 | apk --no-cache add busybox-extras musl-dev linux-headers libevent-static libevent-dev musl-dev gcc make vim bash
 98 | 
 99 | ```
100 | 


--------------------------------------------------------------------------------
/flushnoproxydomain.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | while (true); do
 4 |   cat /etc/NoProxyDoamin.txt | while read noproxydomain; do
 5 |     for ip in $(nslookup ${noproxydomain} | grep "Address" | grep -v "#" | awk '{print $2}'); do
 6 |       isexsit=$(iptables -t nat -L OUTPUT -nv --line 2>&1 | grep ${ip} | wc -l)
 7 |       if [[ ${isexsit} -eq 0 ]]; then
 8 |         iptables -t nat -I OUTPUT 1 -p tcp -d ${ip} -j RETURN   -m  comment  --comment  ${noproxydomain}
 9 |       fi
10 |     done
11 |   done
12 |   sleep 300
13 | done
14 | 


--------------------------------------------------------------------------------
/install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | binfile="redsocks_$(uname --machine)"
 3 | cp ${binfile} /usr/bin/redsocks
 4 | if [[ ! -d /etc/redsocksenv ]]; then
 5 |     touch /etc/redsocksenv
 6 | fi
 7 | 
 8 | SOCK_SERVER="127.0.0.1" #socket5代理服务器
 9 | SOCK_PORT="7070"        #socket5代理端口
10 | PROXY_PORT="12345"      #redsock的监听端口
11 | 
12 | rm -rf redsocks.conf
13 | cp redsocks.conf.example /etc/redsocks.conf
14 | if [[ ! -f proxyserverinfo ]]; then
15 |     # 本地不存在代理服务器的配置
16 |     read -p "please tell me you sock_server:" sock_server
17 |     if [[ ${sock_server} != "" ]]; then
18 |         SOCK_SERVER=$sock_server
19 |     fi
20 |     read -p "please tell me you sock_port:" sock_port
21 |     if [[ ${SOCK_PORT} != "" ]]; then
22 |         SOCK_PORT=${sock_port}
23 |     fi
24 |     echo "${SOCK_SERVER}:${SOCK_PORT}" >proxyserverinfo
25 | else
26 |     # 本地已经存在了代理服务的配置信息,直接读取就好了
27 |     SOCK_SERVER=$(head -n 1 proxyserverinfo | awk -F: '{print $1}')
28 |     SOCK_PORT=$(head -n 1 proxyserverinfo | awk -F: '{print $2}')
29 | 
30 | fi
31 | 
32 | cp redsocks.service /lib/systemd/system/
33 | sed -i '18s/daemon.*/daemon = on;/g' /etc/redsocks.conf
34 | sed -i '44s/local_port.*/local_port = '${PROXY_PORT}';/g' /etc/redsocks.conf
35 | sed -i '61s/ip.*/ip = '${SOCK_SERVER}';/g' /etc/redsocks.conf
36 | sed -i '62s/port.*/port = '${SOCK_PORT}';/g' /etc/redsocks.conf
37 | sed -i 's/SOCK_SERVER/'${SOCK_SERVER}'/g' /lib/systemd/system/redsocks.service
38 | 
39 | systemctl daemon-reload
40 | 
41 | #  cpy proxy set
42 | /bin/cp NoProxy.txt /etc/NoProxy.txt
43 | /bin/cp NoProxyDoamin.txt /etc/NoProxyDoamin.txt
44 | /bin/cp GFlist.txt /etc/GFlist.txt
45 | 
46 | /bin/cp -rf proxy.sh /usr/local/bin/proxy && chmod +x /usr/local/bin/proxy && sed -i 's/SED_SOCK_SERVER/'${SOCK_SERVER}'/g' /usr/local/bin/proxy && sed -i 's/SED_PROXY_PORT/'${PROXY_PORT}'/g' /usr/local/bin/proxy
47 | /bin/cp -rf proxyall.sh /usr/local/bin/proxyall && chmod +x /usr/local/bin/proxyall && sed -i 's/SED_SOCK_SERVER/'${SOCK_SERVER}'/g' /usr/local/bin/proxyall && sed -i 's/SED_PROXY_PORT/'${PROXY_PORT}'/g' /usr/local/bin/proxyall
48 | 


--------------------------------------------------------------------------------
/proxy.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #proxy the fwlist.txt
 4 | iptables -t nat -F
 5 | 
 6 | # always set no proxy setting
 7 | function set_no_proxy() {
 8 |     # set no need proxy
 9 |     while read line; do
10 |         echo -e "\033[32m this ip[${line}] will no connected .... \033[0m"
11 |         ${SUDO} iptables -t nat -A OUTPUT -p tcp -d ${line} -j RETURN
12 |     done </etc/NoProxy.txt
13 | }
14 | set_no_proxy
15 | 
16 | for subroute in $(ip route show | grep "/" | awk '{print $1}'); do
17 |     iptables -t nat -A OUTPUT -p tcp -d ${subroute} -j RETURN
18 | done
19 | iptables -t nat -A OUTPUT -p tcp -d ${mynetwork} -j RETURN
20 | iptables -t nat -A OUTPUT -p tcp -d SED_SOCK_SERVER -j RETURN
21 | iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 -j RETURN
22 | while read line; do
23 |     echo -e "\033[32m this ip[${line}] will use proxy connected .... \033[0m"
24 |     iptables -t nat -A OUTPUT -p tcp -d ${line} -j REDIRECT --to-ports SED_PROXY_PORT
25 | done </etc/GFlist.txt
26 | echo -e "\033[32m your iptabls OUTPUT chain like this.... \033[0m"
27 | iptables -t nat -nvL --line-numbers
28 | 


--------------------------------------------------------------------------------
/proxyall.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | function set_no_proxy() {
 4 |     # set no need proxy
 5 |     while read line; do
 6 |         echo -e "\033[32m this ip[${line}] will no connected .... \033[0m"
 7 |         iptables -t nat -A OUTPUT -p tcp -d ${line} -j RETURN
 8 |     done </etc/NoProxy.txt
 9 | }
10 | 
11 | #proxy all connection
12 | for i in $(ip route show | awk '{print $1}' | grep -v default); do
13 |     iptables -t nat -A OUTPUT -p tcp -d ${i} -j RETURN
14 | done
15 | set_no_proxy
16 | iptables -t nat -A OUTPUT -p tcp -d SED_SOCK_SERVER -j RETURN
17 | iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 -j RETURN
18 | iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports SED_PROXY_PORT
19 | echo -e "\033[32m your iptabls OUTPUT chain like this.... \033[0m"
20 | iptables -t nat -nvL --line-numbers
21 | 


--------------------------------------------------------------------------------
/redsocks-release-0.5.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liuwenru/intelliq-redsocks/efbe538be11033531455977bd17f7b0a57e4a56b/redsocks-release-0.5.tar.gz


--------------------------------------------------------------------------------
/redsocks.conf.example:
--------------------------------------------------------------------------------
  1 | base {
  2 | 	// debug: connection progress & client list on SIGUSR1
  3 | 	log_debug = on;
  4 | 
  5 | 	// info: start and end of client session
  6 | 	log_info = on;
  7 | 
  8 | 	/* possible `log' values are:
  9 | 	 *   stderr
 10 | 	 *   "file:/path/to/file"
 11 | 	 *   syslog:FACILITY  facility is any of "daemon", "local0"..."local7"
 12 | 	 */
 13 | 	log = stderr;
 14 | 	// log = "file:/path/to/file";
 15 | 	// log = "syslog:local7";
 16 | 
 17 | 	// detach from console
 18 | 	daemon = off;
 19 | 
 20 | 	/* Change uid, gid and root directory, these options require root
 21 | 	 * privilegies on startup.
 22 | 	 * Note, your chroot may requre /etc/localtime if you write log to syslog.
 23 | 	 * Log is opened before chroot & uid changing.
 24 | 	 */
 25 | 	// user = nobody;
 26 | 	// group = nobody;
 27 | 	// chroot = "/var/chroot";
 28 | 
 29 | 	/* possible `redirector' values are:
 30 | 	 *   iptables   - for Linux
 31 | 	 *   ipf        - for FreeBSD
 32 | 	 *   pf         - for OpenBSD
 33 | 	 *   generic    - some generic redirector that MAY work
 34 | 	 */
 35 | 	redirector = iptables;
 36 | }
 37 | 
 38 | redsocks {
 39 | 	/* `local_ip' defaults to 127.0.0.1 for security reasons,
 40 | 	 * use 0.0.0.0 if you want to listen on every interface.
 41 | 	 * `local_*' are used as port to redirect to.
 42 | 	 */
 43 | 	local_ip = 127.0.0.1;
 44 | 	local_port = 12345;
 45 | 
 46 | 	// listen() queue length. Default value is SOMAXCONN and it should be
 47 | 	// good enough for most of us.
 48 | 	// listenq = 128; // SOMAXCONN equals 128 on my Linux box.
 49 | 
 50 | 	// `max_accept_backoff` is a delay to retry `accept()` after accept
 51 | 	// failure (e.g. due to lack of file descriptors). It's measured in
 52 | 	// milliseconds and maximal value is 65535. `min_accept_backoff` is
 53 | 	// used as initial backoff value and as a damper for `accept() after
 54 | 	// close()` logic.
 55 | 	// min_accept_backoff = 100;
 56 | 	// max_accept_backoff = 60000;
 57 | 
 58 | 	// `ip' and `port' are IP and tcp-port of proxy-server
 59 | 	// You can also use hostname instead of IP, only one (random)
 60 | 	// address of multihomed host will be used.
 61 | 	ip = example.org;
 62 | 	port = 1080;
 63 | 
 64 | 
 65 | 	// known types: socks4, socks5, http-connect, http-relay
 66 | 	type = socks5;
 67 | 
 68 | 	// login = "foobar";
 69 | 	// password = "baz";
 70 | }
 71 | 
 72 | redudp {
 73 | 	// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
 74 | 	// packets that are sent as replies - and it should be fixed
 75 | 	// if we want NAT to work properly.
 76 | 	local_ip = 127.0.0.1;
 77 | 	local_port = 10053;
 78 | 
 79 | 	// `ip' and `port' of socks5 proxy server.
 80 | 	ip = 10.0.0.1;
 81 | 	port = 1080;
 82 | 	login = username;
 83 | 	password = pazzw0rd;
 84 | 
 85 | 	// kernel does not give us this information, so we have to duplicate it
 86 | 	// in both iptables rules and configuration file.  By the way, you can
 87 | 	// set `local_ip' to 127.45.67.89 if you need more than 65535 ports to
 88 | 	// forward ;-)
 89 | 	// This limitation may be relaxed in future versions using contrack-tools.
 90 | 	dest_ip = 8.8.8.8;
 91 | 	dest_port = 53;
 92 | 
 93 | 	udp_timeout = 30;
 94 | 	udp_timeout_stream = 180;
 95 | }
 96 | 
 97 | dnstc {
 98 | 	// fake and really dumb DNS server that returns "truncated answer" to
 99 | 	// every query via UDP, RFC-compliant resolver should repeat same query
100 | 	// via TCP in this case.
101 | 	local_ip = 127.0.0.1;
102 | 	local_port = 5300;
103 | }
104 | 
105 | // you can add more `redsocks' and `redudp' sections if you need.
106 | 


--------------------------------------------------------------------------------
/redsocks.service:
--------------------------------------------------------------------------------
 1 | [Unit]
 2 | Description=Transparent redirector of any TCP connection to proxy using your firewall
 3 | 
 4 | [Service]
 5 | Type=forking
 6 | PIDFile=/tmp/redsocks.pid
 7 | EnvironmentFile=/etc/redsocksenv
 8 | User=root
 9 | ExecStartPre= iptables -t nat -A OUTPUT -p tcp -d SOCK_SERVER -j RETURN
10 | ExecStart=/usr/bin/redsocks -c /etc/redsocks.conf -p /tmp/redsocks.pid
11 | ExecStopPost=/bin/rm /tmp/redsocks.pid && iptables -t nat -F
12 | Restart=on-abort
13 | 
14 | [Install]
15 | WantedBy=multi-user.target
16 | 


--------------------------------------------------------------------------------
/redsocks_aarch64:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liuwenru/intelliq-redsocks/efbe538be11033531455977bd17f7b0a57e4a56b/redsocks_aarch64


--------------------------------------------------------------------------------
/redsocks_x86_64:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liuwenru/intelliq-redsocks/efbe538be11033531455977bd17f7b0a57e4a56b/redsocks_x86_64


--------------------------------------------------------------------------------