如何在linux下设置socks5的全局代理
1,637 views
Skip to first unread message
Summer Blue
Sep 10, 2015, 9:44:53 AM9/10/15
to USTC_LUG
用vps的ipv6地址,ss可以代理访问只有ipv4地址的网站,所以windows可以简单地用proxifier软件做到。但linux好像不完全。用proxychains只能在终端里连个wget...
有没有什么方法可行呢。
其实只是想用vps的流量,aria2c后台下载百度网盘的东西。aria2支持http代理,不支持socks5。用proxychains配合着privoxy好像很麻烦,试了不会做。
感觉是不是要在vps上建个http服务才行。。
Zhang Cheng
Sep 10, 2015, 9:46:31 AM9/10/15
to USTC LUG
搜索关键字: tun2socks
--
-- 来自USTC LUG
请使用gmail订阅,不要灌水。
更多信息more info:http://groups.google.com/group/ustc_lug?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups "USTC_LUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ustc_lug+u...@googlegroups.com.
To post to this group, send email to ustc...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Cheng,
Best Regards
蒲肖肖
Sep 10, 2015, 12:13:20 PM9/10/15
to USTC_LUG
```
var net = require('net');
var socksClient = require('socks5-client');
var proxyConf = {
port: 80,
listenHost: '0.0.0.0'
};
var socksConf = {
host: '127.0.0.1',
port: 1080
}
var proxy = net.createServer(function(client) {
console.log('Client connected');
var clientConnected = true;
var serverConnected = false;
var serverConnecting = false;
var sendBuf = '';
var server = null;
client.on('data', function(chunk) {
if (serverConnected)
server.write(chunk);
else {
sendBuf += chunk;
if (!serverConnecting) {
var host_matches = sendBuf.match(/\r\nHost:(.*)\r\n/i);
if (!host_matches) {
if (/\r\n\r\n/.test(sendBuf)) {
client.destroy();
console.log('Client did not send Host in HTTP header');
}
return;
}
var host = host_matches[1].trim();
if (host == "") {
client.destroy();
console.log('Invalid Host in HTTP header');
return;
}
serverConnecting = true;
options = {
socksHost: socksConf.host,
socksPort: socksConf.port,
host: host,
port: 80
}
server = socksClient.createConnection(options);
server.on('connect', function() {
console.log('Server ' + host + ' connected');
serverConnected = true;
if (sendBuf) {
server.write(sendBuf);
}
if (!clientConnected)
server.destroy();
});
server.on('data', function(chunk) {
if (clientConnected) {
client.write(chunk);
}
else {
server.destroy();
}
});
server.on('close', function(had_error) {
console.log('Server closed ' + (had_error ? 'unexpectedly' : 'normally'));
if (clientConnected) {
client.destroy();
}
serverConnected = false;
});
server.on('error', function(err) {
console.log('Server error: ' + err);
});
}
}
});
client.on('close', function(had_error) {
console.log('Client closed ' + (had_error ? 'unexpectedly' : 'normally'));
if (serverConnected) {
if (sendBuf) {
server.write(sendBuf);
}
server.destroy();
}
clientConnected = false;
});
client.on('error', function(err) {
console.log('Client error: ' + err);
});
});
proxy.listen(proxyConf.port, proxyConf.listenHost, function(){
console.log('Proxy listening on ' + proxyConf.listenHost + ':' + proxyConf.port);
});
```
拿 boj 师兄的代码稍微改了改,把 SOCKS5 转成透明 HTTP 代理
Summer Blue
Sep 11, 2015, 1:20:38 AM9/11/15
to USTC_LUG
感谢以上
在 2015年9月10日星期四 UTC+8下午9:44:53,Summer Blue写道:
在 2015年9月10日星期四 UTC+8下午9:44:53,Summer Blue写道:
Wung Hugh
Sep 14, 2015, 10:51:54 AM9/14/15
to USTC_LUG
Zhen Chang
Sep 14, 2015, 10:15:42 PM9/14/15
to USTC_LUG
shadowsocks-libev有个ss-redir可以实现透明代理,借助它可以实现全局代理。
然后写个sh脚本
将其中的YOUR-SERVER-IP改成你的服务器地址,然后用sudo帐号执行就可以使用全局代理。
# create new chain on nat table
iptables -t nat -N SHADOWSOCKS
# Ignore shdowsocks's address, avoid loop
iptables -t nat -A SHADOWSOCKS -d YOUR-SERVER-IP -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports LOCAL-PORT
# Apply the rules
iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
# Start the shadowsocks-redir
ss-redir -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
--
Wung Hugh
Sep 17, 2015, 7:06:54 AM9/17/15
to USTC_LUG
But can it support udp? Without it, how to resolve dns?
YANG Boyuan
Sep 17, 2015, 8:27:22 AM9/17/15
to USTC_LUG
shadowsocks-libev can support UDP forwarding, as long as the option is enabled in both server side and client side.
See https://github.com/shadowsocks/shadowsocks-libev/ for details.
Wung Hugh
Sep 17, 2015, 9:19:36 AM9/17/15
to ustc...@googlegroups.com
I have to ask a very silly question:
I just tried it, by
ss-local -c ssconfig.txt
but it just prints the help. Am I doing anything wrong?
And is ss-redir compatible with the existing ssserver written in python on the server side?
I tried the script, it created the proxy, but I can't access anything, and my iptables was locked for a very long time, and rendered very slow.
You received this message because you are subscribed to a topic in the Google Groups "USTC_LUG" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ustc_lug/W03s1i33cUQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ustc_lug+u...@googlegroups.com.
YANG Boyuan
Sep 17, 2015, 9:30:40 AM9/17/15
to ustc...@googlegroups.com
Maybe it is better if you ask the developer directly.
I would suggest you to make the config file with the suffix of '.json', or use command options directly. As for the python shadowsocks, it should be compatible.
Wung Hugh
Sep 17, 2015, 10:07:00 AM9/17/15
to ustc...@googlegroups.com
It doesn't change anything, but thanks anyway.
YANG Boyuan
Sep 17, 2015, 11:00:57 AM9/17/15
to ustc...@googlegroups.com
Maybe you didn't complete the essential parameters inside the config file. You may see the example provided in the project.
changz...@gmail.com
Sep 17, 2015, 10:19:35 PM9/17/15
to ustc_lug
Sorry, I fogot to mention that you should change the LOCAL-PORT.
You should do some changes on the script.
1 YOUR-SERVER-IP -> your shadowsocks server ip.
2 LOCAL-PORT -> proxy port on your local pc, for example 1080.
3 /etc/shadowsocks/config.json -> your config file's path
This is my script and it works for me .
```
#创建一个叫SOCKS的链
iptables -t nat -N SHADOWSOCKS
#忽略服务器的地址,如果不属于内网IP的话一定要注意加上.
iptables -t nat -A SHADOWSOCKS -d 52.68.174.112 -j RETURN
# 忽略本地地址
iptables -t nat -A SHADOWSOCKS -d 52.68.174.112 -j RETURN
# 忽略本地地址
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080
# 最后是应用上面的规则,将OUTPUT出去的tcp流量全部经过SOCKS链
# 最后是应用上面的规则,将OUTPUT出去的tcp流量全部经过SOCKS链
iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
ss-redir -c /etc/shadowsocks/config.json
```
Wung Hugh
Sep 18, 2015, 6:31:01 AM9/18/15
to ustc...@googlegroups.com
余执行 sudo ./resiptable.sh 后执行 sudo iptables -t nat -L, 不由大吃一惊:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
SHADOWSOCKS tcp -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain SHADOWSOCKS (1 references)
target prot opt source destination
RETURN all -- anywhere 104.224.151.253.16clouds.com
RETURN all -- anywhere 0.0.0.0/8
RETURN all -- anywhere 10.0.0.0/8
RETURN all -- anywhere 127.0.0.0/8
RETURN all -- anywhere link-local/16
RETURN all -- anywhere 172.16.0.0/12
RETURN all -- anywhere 192.168.0.0/16
RETURN all -- anywhere base-address.mcast.net/4
RETURN all -- anywhere 240.0.0.0/4
REDIRECT tcp -- anywhere anywhere redir ports 1080
吾自寻思真乃古今一大奇事: 104.224.151.253.16clouds.com 自何而来,DNS 污染乎?
resiptable.sh 如是:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
SHADOWSOCKS tcp -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain SHADOWSOCKS (1 references)
target prot opt source destination
RETURN all -- anywhere 104.224.151.253.16clouds.com
RETURN all -- anywhere 0.0.0.0/8
RETURN all -- anywhere 10.0.0.0/8
RETURN all -- anywhere 127.0.0.0/8
RETURN all -- anywhere link-local/16
RETURN all -- anywhere 172.16.0.0/12
RETURN all -- anywhere 192.168.0.0/16
RETURN all -- anywhere base-address.mcast.net/4
RETURN all -- anywhere 240.0.0.0/4
REDIRECT tcp -- anywhere anywhere redir ports 1080
余另有一事不解, ss-redir 与 ss-local 究竟有何分别?
ss-redir 可直接转发tcp udp乎?
BTW, 原来ss-local 与sslocal 格式略不同, 然可用.
~
~
Message has been deleted
王冠
Sep 19, 2015, 10:38:47 AM9/19/15
to USTC_LUG
Wung Hugh
Sep 20, 2015, 7:02:19 AM9/20/15
to ustc...@googlegroups.com
可是怎么会解析成这个呢? 反向dns?
gaoyichuan
Sep 20, 2015, 9:50:16 AM9/20/15
to hugh...@gmail.com, ustc...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages