Home Sign Up Sign In
WeirdoS
V2EX  ›  问与答

请问如何使用 REDSOCKS 做 UDP 透明代理?

  •   
  •   WeirdoS · Jul 13, 2017 · 3710 views
    This topic created in 3253 days ago, the information mentioned may be changed or developed.

    LEDE 路由( 192.168.1.1 )上使用 redsocks,想让 192.168.1.100 为局域网的部分机器做透明代理。TCP 成功,UDP 搞不定。 实际应用时在 system log 中能看到 redsocks 收到 TCP 流量,没有 UDP 记录。TPROXY 已装好,使用 ProxyCap 排除了代理本身的问题。 希望各位 dalao 给予指点。

    以下为 redsocks.conf

    base {
	log_debug = off;
	log_info = on;
	log = "syslog:local7";
	daemon = on;
	redirector = iptables;
}

redsocks {
	local_ip = 0.0.0.0;
	local_port = 1080;
	ip = 192.168.1.100;
	port = 1080;
	type = socks5;
}

redudp {
	local_ip = 0.0.0.0;
	local_port = 1079;
	ip = 192.168.1.100;
	port = 1080;
	udp_timeout = 300;
	udp_timeout_stream = 500;
}

    以下为 iptables 追加内容

    #REDSOCKS TCP
iptables -t nat -N REDSOCKS

#Bypass ssserver and LAN
iptables -t nat -A REDSOCKS -s 192.168.1.100 -j RETURN
iptables -t nat -A REDSOCKS -d ***.***.***.*** -j RETURN
iptables -t nat -A REDSOCKS -d ***.***.***.*** -j RETURN

iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

#Redirect
iptables -t nat -A REDSOCKS -s 192.168.1.102/31 -p tcp -j REDIRECT --to-ports 1080

#Apply
iptables -t nat -A PREROUTING -p tcp -j REDSOCKS

#REDSOCKS UDP
ip rule add fwmark 0x01/0x01 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N REDUDP

#Bypass ssserver and LAN
iptables -t mangle -A REDUDP -s 192.168.1.100 -j RETURN
iptables -t mangle -A REDUDP -d ***.***.***.*** -j RETURN
iptables -t mangle -A REDUDP -d ***.***.***.*** -j RETURN

iptables -t mangle -A REDUDP -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A REDUDP -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A REDUDP -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A REDUDP -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A REDUDP -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A REDUDP -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A REDUDP -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A REDUDP -d 240.0.0.0/4 -j RETURN

#Redirect
iptables -t mangle -A REDUDP -s 192.168.1.102/31 -p udp -j TPROXY --on-port 1079 --tproxy-mark 0x01/0x01

#Apply
iptables -t mangle -A PREROUTING -p udp -j REDUDP
    No Comments Yet
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   977 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 44ms · UTC 19:37 · PVG 03:37 · LAX 12:37 · JFK 15:37
    ♥ Do have faith in what you're doing.