wynemo · November 10, 2021 08:17
diff --git a/redsocks centos b/redsocks centos
 sudo yum install libevent-devel git gcc
 cd ~
 git clone https://github.com/semigodking/redsocks.git
 cd redsocks
 make
 nohup ./redsocks2 -c redsocks2.conf &
diff --git a/redsocks.conf b/redsocks.conf
 base {
 	// debug: connection progress & client list on SIGUSR1
 	log_debug = off;

 	// info: start and end of client session
 	log_info = on;

 	/* possible `log' values are:
 	 *   stderr
 	 *   "file:/path/to/file"
 	 *   syslog:FACILITY  facility is any of "daemon", "local0"..."local7"
 	 */
 	log = "syslog:daemon";

 	// detach from console
 	daemon = on;

 	/* Change uid, gid and root directory, these options require root
 	 * privilegies on startup.
 	 * Note, your chroot may requre /etc/localtime if you write log to syslog.
 	 * Log is opened before chroot & uid changing.
 	 */
 	user = redsocks;
 	group = redsocks;
 	// chroot = "/var/chroot";

 	/* possible `redirector' values are:
 	 *   iptables   - for Linux
 	 *   ipf        - for FreeBSD
 	 *   pf         - for OpenBSD
 	 *   generic    - some generic redirector that MAY work
 	 */
 	redirector = iptables;
 }

 redsocks {
 	/* `local_ip' defaults to 127.0.0.1 for security reasons,
 	 * use 0.0.0.0 if you want to listen on every interface.
 	 * `local_*' are used as port to redirect to.
 	 */
 	local_ip = 127.0.0.1;
 	local_port = 12345;

 	// `ip' and `port' are IP and tcp-port of proxy-server
 	// You can also use hostname instead of IP, only one (random)
 	// address of multihomed host will be used.
 	ip = 127.0.0.1;
 	port = 1080;


 	// known types: socks4, socks5, http-connect, http-relay
 	type = socks5;

 	// login = "foobar";
 	// password = "baz";
 }

 redudp {
 	// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
 	// packets that are sent as replies - and it should be fixed
 	// if we want NAT to work properly.
 	local_ip = 127.0.0.1;
 	local_port = 10053;

 	// `ip' and `port' of socks5 proxy server.
 	ip = 127.0.0.1;
 	port = 1080;
 	//login = username;
 	//password = pazzw0rd;

 	// kernel does not give us this information, so we have to duplicate it
 	// in both iptables rules and configuration file.  By the way, you can
 	// set `local_ip' to 127.45.67.89 if you need more than 65535 ports to
 	// forward ;-)
 	// This limitation may be relaxed in future versions using contrack-tools.
 	dest_ip = 8.8.8.8;
 	dest_port = 53;

 	udp_timeout = 30;
 	udp_timeout_stream = 180;
 }

 dnstc {
 	// fake and really dumb DNS server that returns "truncated answer" to
 	// every query via UDP, RFC-compliant resolver should repeat same query
 	// via TCP in this case.
 	local_ip = 127.0.0.1;
 	local_port = 5300;
 }

 // you can add more `redsocks' and `redudp' sections if you need.
diff --git a/redsocks2.conf b/redsocks2.conf
 base {
 	// debug: connection progress & client list on SIGUSR1
 	log_debug = off;

 	// info: start and end of client session
 	log_info = on;

 	/* possible `log' values are:
 	 *   stderr
 	 *   "file:/path/to/file"
 	 *   syslog:FACILITY  facility is any of "daemon", "local0"..."local7"
 	 */
 	log = stderr;
 	// log = "file:/path/to/file";
 	// log = "syslog:local7";

 	// detach from console
 	daemon = off;

 	/* Change uid, gid and root directory, these options require root
 	 * privilegies on startup.
 	 * Note, your chroot may requre /etc/localtime if you write log to syslog.
 	 * Log is opened before chroot & uid changing.
 	 * Debian, Ubuntu and some other distributions use `nogroup` instead of
 	 * `nobody`, so change it according to your system if you want redsocks
 	 * to drop root privileges.
 	 */
 	// user = nobody;
 	// group = nobody;
 	// chroot = "/var/chroot";

 	/* possible `redirector' values are:
 	 *   iptables   - for Linux
 	 *   ipf        - for FreeBSD
 	 *   pf         - for OpenBSD
 	 *   generic    - some generic redirector that MAY work
 	 */
 	redirector = iptables;

 	/* Override per-socket values for TCP_KEEPIDLE, TCP_KEEPCNT,
 	 * and TCP_KEEPINTVL. see man 7 tcp for details.
 	 * `redsocks' relies on SO_KEEPALIVE option heavily. */
 	//tcp_keepalive_time = 0;
 	//tcp_keepalive_probes = 0;
 	//tcp_keepalive_intvl = 0;
 }

 redsocks {
 	/* `local_ip' defaults to 127.0.0.1 for security reasons,
 	 * use 0.0.0.0 if you want to listen on every interface.
 	 * `local_*' are used as port to redirect to.
 	 */
 	local_ip = 127.0.0.1;
 	local_port = 12345;

 	// listen() queue length. Default value is SOMAXCONN and it should be
 	// good enough for most of us.
 	// listenq = 128; // SOMAXCONN equals 128 on my Linux box.

 	// `max_accept_backoff` is a delay to retry `accept()` after accept
 	// failure (e.g. due to lack of file descriptors). It's measured in
 	// milliseconds and maximal value is 65535. `min_accept_backoff` is
 	// used as initial backoff value and as a damper for `accept() after
 	// close()` logic.
 	// min_accept_backoff = 100;
 	// max_accept_backoff = 60000;

 	// `ip' and `port' are IP and tcp-port of proxy-server
 	// You can also use hostname instead of IP, only one (random)
 	// address of multihomed host will be used.
 	// The two fields are meaningless when proxy type is 'direct'.
 	ip = 127.0.0.1;
 	port = 1080;

 	// known types: socks4, socks5, http-connect, http-relay
 	// New types: direct, shadowsocks, https-connect
 	type = socks5;

 	// Specify interface for outgoing connections.
 	// This is useful when you have multiple connections to
 	// internet or when you have VPN connections.
 	// interface = tun0;

 	// Change this parameter to 1 if you want auto proxy feature. 
 	// When autoproxy is set to non-zero, the connection to target
 	// will be made directly first. If direct connection to target
 	// fails for timeout/connection refuse, redsocks will try to
 	// connect to target via the proxy.
 	autoproxy = 0;
 	// timeout is meaningful when 'autoproxy' is non-zero.
 	// It specified timeout value when trying to connect to destination
 	// directly. Default is 10 seconds. When it is set to 0, default
 	// timeout value will be used.
 	timeout = 10;

 	// login = "foobar";// field 'login' is reused as encryption
 					   // method of shadowsocks
 	// password = "baz";
 }

 redudp {
 	// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
 	// packets that are sent as replies - and it should be fixed
 	// if we want NAT to work properly.
 	local_ip = 127.0.0.1;
 	local_port = 10053;

 	// `ip' and `port' of socks5 proxy server.
 	ip = 127.0.0.1;
 	port = 1080;
 	//login = username;// field 'login' is reused as encryption
 					   // method of shadowsocks
 	//password = pazzw0rd;

 	// know types: socks5, shadowsocks
 	type = socks5;

 	// redsocks knows about two options while redirecting UDP packets at
 	// linux: TPROXY and REDIRECT.  TPROXY requires more complex routing
 	// configuration and fresh kernel (>= 2.6.37 according to squid
 	// developers[1]) but has hack-free way to get original destination
 	// address, REDIRECT is easier to configure, but requires `dest_ip` and
 	// `dest_port` to be set, limiting packet redirection to single
 	// destination.
 	// [1] http://wiki.squid-cache.org/Features/Tproxy4
 	dest_ip = 8.8.8.8;
 	dest_port = 53;

 	// Do not set it large if this section is for DNS requests. Otherwise,
 	// you may encounter out of file descriptor problem. For DNS requests,
 	// 10s is adequate.
 	udp_timeout = 30;
 	// udp_timeout_stream = 180;
 }


 ipcache {
    // Configure IP cache
    cache_size = 4;   // Maximum number of IP's in 1K. 
    stale_time = 900; // Seconds to stale an IP in cache since it is added
                      // into cahce.
                      // Set it to 0 to disable cache stale.
    port_check = 1;   // Whether to distinguish port number in address
    cache_file = "/tmp/ipcache.txt"; // File used to store blocked IP's in cache.
    autosave_interval = 3600; // Interval for saving ip cache into file.
                              // Set it to 0 to disable autosave.
    // When autosave_interval and stale_time are both 0, IP cache behaves like
    // a static blacklist. 
 }

 // you can add more `redsocks' and `redudp' sections if you need.
diff --git a/redsocks_iptables_start.sh b/redsocks_iptables_start.sh
 sudo iptables -t nat -N REDSOCKS

 # bypass local
 sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
 sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
 sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
 sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
 sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
 sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
 sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
 sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

 sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
 sudo iptables -t nat -A REDSOCKS -p udp --dport 53 -j REDIRECT --to-ports 10053


 sudo iptables -t nat -A OUTPUT -d 104.238.131.160 -j RETURN # bypass proxy ip
 sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDSOCKS # https
 sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDSOCKS # http
 sudo iptables -t nat -A OUTPUT -p udp --dport 53 -j REDSOCKS # dns

 content=$(cat /etc/resolv.conf) # no cat abuse this time
 echo -en "nameserver 8.8.8.8\n$content" | sudo tee /etc/resolv.conf
diff --git a/redsocks_iptables_stop.sh b/redsocks_iptables_stop.sh
 sudo iptables -L
 sudo iptables -t nat -n -L
 sudo iptables -F
 sudo iptables -X 
 sudo iptables -Z
 sudo iptables -t nat -F
 sudo iptables -t nat -X
 sudo iptables -t nat -Z
 sudo sed -i '/nameserver 8.8.8.8/d' /etc/resolv.conf
	sudo yum install libevent-devel git gcc
	cd ~
	git clone https://github.com/semigodking/redsocks.git
	cd redsocks
	make
	nohup ./redsocks2 -c redsocks2.conf &
	base {
	// debug: connection progress & client list on SIGUSR1
	log_debug = off;

	// info: start and end of client session
	log_info = on;

	/* possible `log' values are:
	* stderr
	* "file:/path/to/file"
	* syslog:FACILITY facility is any of "daemon", "local0"..."local7"
	*/
	log = "syslog:daemon";

	// detach from console
	daemon = on;

	/* Change uid, gid and root directory, these options require root
	* privilegies on startup.
	* Note, your chroot may requre /etc/localtime if you write log to syslog.
	* Log is opened before chroot & uid changing.
	*/
	user = redsocks;
	group = redsocks;
	// chroot = "/var/chroot";

	/* possible `redirector' values are:
	* iptables - for Linux
	* ipf - for FreeBSD
	* pf - for OpenBSD
	* generic - some generic redirector that MAY work
	*/
	redirector = iptables;
	}

	redsocks {
	/* `local_ip' defaults to 127.0.0.1 for security reasons,
	* use 0.0.0.0 if you want to listen on every interface.
	* `local_*' are used as port to redirect to.
	*/
	local_ip = 127.0.0.1;
	local_port = 12345;

	// `ip' and `port' are IP and tcp-port of proxy-server
	// You can also use hostname instead of IP, only one (random)
	// address of multihomed host will be used.
	ip = 127.0.0.1;
	port = 1080;


	// known types: socks4, socks5, http-connect, http-relay
	type = socks5;

	// login = "foobar";
	// password = "baz";
	}

	redudp {
	// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
	// packets that are sent as replies - and it should be fixed
	// if we want NAT to work properly.
	local_ip = 127.0.0.1;
	local_port = 10053;

	// `ip' and `port' of socks5 proxy server.
	ip = 127.0.0.1;
	port = 1080;
	//login = username;
	//password = pazzw0rd;

	// kernel does not give us this information, so we have to duplicate it
	// in both iptables rules and configuration file. By the way, you can
	// set `local_ip' to 127.45.67.89 if you need more than 65535 ports to
	// forward ;-)
	// This limitation may be relaxed in future versions using contrack-tools.
	dest_ip = 8.8.8.8;
	dest_port = 53;

	udp_timeout = 30;
	udp_timeout_stream = 180;
	}

	dnstc {
	// fake and really dumb DNS server that returns "truncated answer" to
	// every query via UDP, RFC-compliant resolver should repeat same query
	// via TCP in this case.
	local_ip = 127.0.0.1;
	local_port = 5300;
	}

	// you can add more `redsocks' and `redudp' sections if you need.
	sudo iptables -t nat -N REDSOCKS

	# bypass local
	sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

	sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
	sudo iptables -t nat -A REDSOCKS -p udp --dport 53 -j REDIRECT --to-ports 10053


	sudo iptables -t nat -A OUTPUT -d 104.238.131.160 -j RETURN # bypass proxy ip
	sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDSOCKS # https
	sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDSOCKS # http
	sudo iptables -t nat -A OUTPUT -p udp --dport 53 -j REDSOCKS # dns

	content=$(cat /etc/resolv.conf) # no cat abuse this time
	echo -en "nameserver 8.8.8.8\n$content" \| sudo tee /etc/resolv.conf
	sudo iptables -L
	sudo iptables -t nat -n -L
	sudo iptables -F
	sudo iptables -X
	sudo iptables -Z
	sudo iptables -t nat -F
	sudo iptables -t nat -X
	sudo iptables -t nat -Z
	sudo sed -i '/nameserver 8.8.8.8/d' /etc/resolv.conf