Last active
May 17, 2019 09:47
-
-
Save ChronoMonochrome/1005ca66c481691b427d23ad6dba8001 to your computer and use it in GitHub Desktop.
Socks5 proxy over SSH using transocks_ev
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #set -x | |
| SSH_SERVER=itunnel | |
| SOCKS_PORT=1080 | |
| TRANSOCKS_PORT=4445 | |
| USE_BLACKLIST=0 | |
| # | |
| # Function that starts the daemon/service | |
| # | |
| do_start() | |
| { | |
| # Return | |
| # 0 if daemon has been started | |
| # 1 if daemon was already running | |
| # 2 if daemon could not be started | |
| #start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ | |
| # || return 1 | |
| #start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ | |
| # $DAEMON_ARGS \ | |
| # || return 2 | |
| # Add code here, if necessary, that waits for the process to be ready | |
| # to handle requests from services started subsequently which depend | |
| # on this one. As a last resort, sleep for some time. | |
| #python3 login.py $SOCKS_PORT $SSH_SERVER | |
| ssh -M -fND localhost:$SOCKS_PORT $SSH_SERVER | |
| transocks_ev -p $TRANSOCKS_PORT -H 127.0.0.1 -s $SOCKS_PORT -S 127.0.0.1 | |
| sudo su -c "ipset save > /etc/ipset.rules.bkp" | |
| sudo ipset destroy | |
| [ -f /etc/ipset.rules ] && sudo su -c "ipset restore < /etc/ipset.rules" | |
| sudo su -c "iptables-save > /etc/iptables.rules.bkp" | |
| sudo iptables --flush | |
| sudo iptables --table nat --flush | |
| sudo iptables --delete-chain | |
| sudo iptables --table nat --delete-chain | |
| if [ $USE_BLACKLIST -eq 0 ] ; then | |
| sudo iptables -t nat -A PREROUTING -d 0.0.0.0/8 -j RETURN | |
| sudo iptables -t nat -A PREROUTING -d 10.0.0.0/8 -j RETURN | |
| sudo iptables -t nat -A PREROUTING -d 127.0.0.0/8 -j RETURN | |
| sudo iptables -t nat -A PREROUTING -d 169.254.0.0/16 -j RETURN | |
| sudo iptables -t nat -A PREROUTING -d 172.16.0.0/12 -j RETURN | |
| sudo iptables -t nat -A PREROUTING -d 192.168.0.0/16 -j RETURN | |
| sudo iptables -t nat -A PREROUTING -d 224.0.0.0/4 -j RETURN | |
| sudo iptables -t nat -A PREROUTING -d 240.0.0.0/4 -j RETURN | |
| sudo iptables -t nat -A OUTPUT -d 0.0.0.0/8 -j RETURN | |
| sudo iptables -t nat -A OUTPUT -d 10.0.0.0/8 -j RETURN | |
| sudo iptables -t nat -A OUTPUT -d 127.0.0.0/8 -j RETURN | |
| sudo iptables -t nat -A OUTPUT -d 169.254.0.0/16 -j RETURN | |
| sudo iptables -t nat -A OUTPUT -d 172.16.0.0/12 -j RETURN | |
| sudo iptables -t nat -A OUTPUT -d 192.168.0.0/16 -j RETURN | |
| sudo iptables -t nat -A OUTPUT -d 224.0.0.0/4 -j RETURN | |
| sudo iptables -t nat -A OUTPUT -d 240.0.0.0/4 -j RETURN | |
| sudo iptables -t nat -I OUTPUT -m set --match-set whitelist dst -p tcp -j RETURN | |
| sudo iptables -t nat -I OUTPUT -m owner --gid-owner sudo -m set ! --match-set 'whitelist' dst -p tcp -m multiport --dports 80,443 \ | |
| -j REDIRECT --to-ports $TRANSOCKS_PORT | |
| else | |
| sudo iptables -t nat -A PREROUTING -p tcp -m multiport --dports 80,443 -m set --match-set blacklist dst -j REDIRECT --to-port $TRANSOCKS_PORT | |
| sudo iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 -m set --match-set blacklist dst -j REDIRECT --to-port $TRANSOCKS_PORT | |
| fi | |
| #sudo iptables -A INPUT -p tcp --sport 80 -m u32 --u32 "0x60=0x73616665 && 0x64=0x696e6574" -m comment --comment "NCFU HTTP" -j DROP | |
| sudo iptables -A INPUT -p tcp --sport 80 -m string --algo bm --string 'safeinet' -j DROP | |
| } | |
| ssh_reconnect() | |
| { | |
| python3 /home/chrono/transocks/login.py $SOCKS_PORT $SSH_SERVER | |
| } | |
| # | |
| # Function that stops the daemon/service | |
| # | |
| do_stop() | |
| { | |
| # Return | |
| # 0 if daemon has been stopped | |
| # 1 if daemon was already stopped | |
| # 2 if daemon could not be stopped | |
| # other if a failure occurred | |
| #start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME | |
| #RETVAL="$?" | |
| #[ "$RETVAL" = 2 ] && return 2 | |
| # Wait for children to finish too if this is a daemon that forks | |
| # and if the daemon is only ever run from this initscript. | |
| # If the above conditions are not satisfied then add some other code | |
| # that waits for the process to drop all resources that could be | |
| # needed by services started subsequently. A last resort is to | |
| # sleep for some time. | |
| #start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON | |
| [ "$?" = 2 ] && return 2 | |
| # Many daemons don't delete their pidfiles when they exit. | |
| rm -f $PIDFILE | |
| ssh -O exit $SSH_SERVER | |
| sudo ipset destroy | |
| sudo su -c "ipset -! restore < /etc/ipset.rules.bkp" | |
| sudo iptables --flush | |
| sudo iptables --table nat --flush | |
| sudo iptables --delete-chain | |
| sudo iptables --table nat --delete-chain | |
| sudo su -c "iptables-restore < /etc/iptables.rules.bkp" | |
| return 0 | |
| } | |
| # | |
| # Function that sends a SIGHUP to the daemon/service | |
| # | |
| do_rotate() { | |
| # | |
| # If the daemon can reload its configuration without | |
| # restarting (for example, when it is sent a SIGHUP), | |
| # then implement that here. | |
| # | |
| #start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --name $NAME | |
| return 0 | |
| } | |
| case "$1" in | |
| start) | |
| #if [ "$RUN_DAEMON" = "no" ]; then | |
| # log_warning_msg "Not starting $DESC (disabled in $DEFAULTSFILE)." | |
| # exit 0 | |
| #fi | |
| #log_daemon_msg "Starting $DESC" "$NAME" | |
| do_start | |
| #case "$?" in | |
| # 0|1) log_end_msg 0 ;; | |
| # 2) log_end_msg 1 ;; | |
| #esac | |
| ;; | |
| reconnect) | |
| ssh_reconnect | |
| ;; | |
| stop) | |
| #log_daemon_msg "Stopping $DESC" "$NAME" | |
| do_stop | |
| #case "$?" in | |
| # 0|1) log_end_msg 0 ;; | |
| # 2) log_end_msg 1 ;; | |
| #esac | |
| ;; | |
| #reload|force-reload) | |
| # | |
| # If do_reload() is not implemented then leave this commented out | |
| # and leave 'force-reload' as an alias for 'restart'. | |
| # | |
| #log_daemon_msg "Reloading $DESC" "$NAME" | |
| #do_reload | |
| #log_end_msg $? | |
| #;; | |
| rotate) | |
| log_daemon_msg "Closing open files" "$NAME" | |
| do_rotate | |
| log_end_msg $? | |
| ;; | |
| restart|force-reload) | |
| # | |
| # If the "reload" option is implemented then remove the | |
| # 'force-reload' alias | |
| # | |
| #if [ "$RUN_DAEMON" = "no" ]; then | |
| # log_warning_msg "Not restarting $DESC (disabled in $DEFAULTSFILE)." | |
| # exit 0 | |
| #fi | |
| #log_daemon_msg "Restarting $DESC" "$NAME" | |
| do_stop | |
| #case "$?" in | |
| # 0|1) | |
| # do_start | |
| # case "$?" in | |
| # 0) log_end_msg 0 ;; | |
| # 1) log_end_msg 1 ;; # Old process is still running | |
| # *) log_end_msg 1 ;; # Failed to start | |
| # esac | |
| # ;; | |
| # *) | |
| # # Failed to stop | |
| # log_end_msg 1 | |
| # ;; | |
| #esac | |
| ;; | |
| status) | |
| #status_of_proc "$DAEMON" "$NAME" | |
| exit $? | |
| ;; | |
| *) | |
| #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 | |
| echo "Usage: $SCRIPTNAME {start|stop|rotate|restart|force-reload|status}" >&2 | |
| exit 3 | |
| ;; | |
| esac | |
| : |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment