Debian redsocks + iptables 实现全局 SS socks5
Ads from Inoreader • Remove
本文实现全局通过 socks5 访问外部,可以使用 SS 或 ssh 通道
什么是SS? 不知道你可以不用往下看了,测试几个月下来,是目前最好用的
SS 的安装不说了
先启动 ss-local,监听7070端口
本文作者 21andy.com 未经许可请勿转载
1. 安装 redsocks
# apt-get -y install redsocks
2. 配置文件
# vim /etc/redsocks.conf
base {
log_debug = off;
log_info = on;
log = "syslog:daemon";
daemon = on;
user = redsocks;
group = redsocks;
redirector = iptables;
}
log_debug = off;
log_info = on;
log = "syslog:daemon";
daemon = on;
user = redsocks;
group = redsocks;
redirector = iptables;
}
redsocks {
local_ip = 127.0.0.1;
local_port = 12345;
ip = 127.0.0.1;
port = 7070;
type = socks5;
}
redudp {
local_ip = 127.0.0.1;
local_port = 10053;
ip = 10.0.0.1;
port = 1080;
login = username;
password = pazzw0rd;
dest_ip = 8.8.8.8;
dest_port = 53;
udp_timeout = 30;
udp_timeout_stream = 180;
}
dnstc {
local_ip = 127.0.0.1;
local_port = 5300;
}
service redsocks start
3. iptables 设置
iptables -t nat -N REDSOCKS
# 忽然内网IP段
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
# 忽略ss主机
iptables -t nat -A REDSOCKS -d VIP的IP地址/32 -j RETURN
# 流量转发
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A OUTPUT -p tcp -o eth0 -j REDSOCKS
# 忽然内网IP段
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
# 忽略ss主机
iptables -t nat -A REDSOCKS -d VIP的IP地址/32 -j RETURN
# 流量转发
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A OUTPUT -p tcp -o eth0 -j REDSOCKS
本文作者 21andy.com 未经许可请勿转载
注意要添加一条忽略SS主机的规则,不然SS不能连接
共有 0 条评论