Skip to content

Instantly share code, notes, and snippets.

@yknext

yknext/config.json

Last active December 28, 2024 16:01
Show Gist options
  • Save yknext/de7413bb38645fbca8241f7e17ac887f to your computer and use it in GitHub Desktop.
Save yknext/de7413bb38645fbca8241f7e17ac887f to your computer and use it in GitHub Desktop.
Download ZIP
使用gost和iptables实现socks5透明代理
Raw
config.json
# gost配置 /opt/gost/config.json
# https://github.com/ginuerzh/gost
{
"ServeNodes":[
"redirect://:65500"
],
"ChainNodes":[
"socks://192.168.200.144:11080"
]
}
Raw
gost.ini
#/etc/supervisor.d/gost.ini
[program:gost]
command=/opt/gost/gost -C config.json -D
directory=/opt/gost
autostart = true
startsecs = 5
autorestart = true
startretries = 30
user = root
redirect_stderr = true
stdout_logfile = /var/logs/gost.log
Raw
iptables.sh
iptables -t nat -N SHADOWSOCKS
#self ip address
iptables -t nat -A SHADOWSOCKS -d `curl http://members.3322.org/dyndns/getip` -j RETURN
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 65500
iptables -t nat -I PREROUTING -p tcp -j SHADOWSOCKS
@sshipanoo
Copy link

你好,我想问一下 最后一句iptables -t nat -I PREROUTING -p tcp -j SHADOWSOCKS是什么意思

@yknext
Copy link
Author

yknext commented Apr 15, 2019

PREROUTING
当外网的数据包进入到内网时,我们需要修改数据包中的公网 IP 为内网的主机 IP,这种 DNAT 的行为规则就要在 PREROUTING 链里添加。

把SHADOWSOCKS插入到PREROUTING

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment