- Notifications
You must be signed in to change notification settings - Fork68
A socks5 transparent proxy (IPv4/IPv6/TCP/UDP)
License
NotificationsYou must be signed in to change notification settings
heiher/hev-socks5-tproxy
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
HevSocks5TProxy is a simple, lightweight transparent proxy for Linux.
Features
- IPv4/IPv6. (dual stack)
- Redirect TCP connections.
- Redirect UDP packets. (Fullcone NAT, UDP in UDP/TCP)
+---------------+ +---------------+ | Socks5 Server | | Upstream DNS | +---------------+ +---------------+ ^ ^ | | +----------+----------+ uplink | (eth1) +-------------------o<-----------------+ (direct dns) | ^ | | socks5 | |set ether daddr | dns +---------------+ |rule routing |?--------->| Socks5 TProxy |<---------+ (proxy dns)ipset/tproxy | tcp/udp +---------------+ tproxy | | | dns | | v | | +---------------+ dns | | | DNSMasq |----------+ [nat/bridge] | +---------------+ | +-------------------o downlink | (eth0) v +---------------+ | LAN Host | +---------------+git clone --recursive https://github.com/heiher/hev-socks5-tproxycd hev-socks5-tproxymakemkdir hev-socks5-tproxycd hev-socks5-tproxygit clone --recursive https://github.com/heiher/hev-socks5-tproxy jnicd jnindk-build
main:workers:1socks5:port:1080address:127.0.0.1# Socks5 UDP relay mode (tcp|udp)udp:'udp'# Socks5 handshake using pipeline mode# pipeline: false# Socks5 server usernameusername:'username'# Socks5 server passwordpassword:'password'# Socket markmark:0x438tcp:port:1088address:'::'udp:port:1088address:'::'# Proxy DNS for bridged mode# [address]:port <-> [upstream]:53 (dnsmasq)dns:# DNS portport:1053# DNS addressaddress:'::'# DNS upstreamupstream:127.0.0.1#misc:# task-stack-size: 16384 # task stack size (bytes)# connect-timeout: 5000 # connect timeout (ms)# read-write-timeout: 60000 # read-write timeout (ms)# log-file: stderr # stdout or file-path# log-level: warn # debug, info or error# pid-file: /run/hev-socks5-tproxy.pid# limit-nofile: 65535
# Capabilitiessetcap cap_net_admin,cap_net_bind_service+ep bin/hev-socks5-tproxybin/hev-socks5-tproxy conf/main.ymltable inet mangle { set byp4 { typeof ip daddr flags interval elements = { 0.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.0.0.0/24, 192.0.2.0/24, 192.88.99.0/24, 192.168.0.0/16, 198.18.0.0/15, 198.51.100.0/24, 203.0.113.0/24, 224.0.0.0/4, 240.0.0.0/4 } } set byp6 { typeof ip6 daddr flags interval elements = { ::/128, ::1/128, ::ffff:0:0:0/96, 64:ff9b::/96, 100::/64, 2001::/32, 2001:20::/28, 2001:db8::/32, 2002::/16, fc00::/7, fe80::/10, ff00::/8 } } chain prerouting { type filter hook prerouting priority mangle; policy accept; meta mark 0x438 return ip daddr @byp4 return ip6 daddr @byp6 return meta l4proto { tcp, udp } tproxy to :1088 meta mark set 0x440 accept } # Only for local mode chain output { type route hook output priority mangle; policy accept; meta mark 0x438 return ip daddr @byp4 return ip6 daddr @byp6 return meta l4proto { tcp, udp } meta mark set 0x440 }}ip rule add fwmark 1088 table 100ip route addlocal default dev lo table 100ip -6 rule add fwmark 1088 table 100ip -6 route addlocal default dev lo table 100
# IPv4ipset create byp4 hash:net family inet hashsize 2048 maxelem 65536ipset add byp4 0.0.0.0/8ipset add byp4 10.0.0.0/8ipset add byp4 100.64.0.0/10ipset add byp4 127.0.0.0/8ipset add byp4 169.254.0.0/16ipset add byp4 172.16.0.0/12ipset add byp4 192.0.0.0/24ipset add byp4 192.0.2.0/24ipset add byp4 192.88.99.0/24ipset add byp4 192.168.0.0/16ipset add byp4 198.18.0.0/15ipset add byp4 198.51.100.0/24ipset add byp4 203.0.113.0/24ipset add byp4 224.0.0.0/4ipset add byp4 240.0.0.0/4# IPv6ipset create byp6 hash:net family inet6 hashsize 1024 maxelem 65536ipset add byp6 ::/128ipset add byp6 ::1/128ipset add byp6 ::ffff:0:0:0/96ipset add byp6 64:ff9b::/96ipset add byp6 100::/64ipset add byp6 2001::/32ipset add byp6 2001:20::/28ipset add byp6 2001:db8::/32ipset add byp6 2002::/16ipset add byp6 fc00::/7ipset add byp6 fe80::/10ipset add byp6 ff00::/8
Gateway and Local modes
# IPv4iptables -t mangle -A PREROUTING -m mark --mark 0x438 -j RETURNiptables -t mangle -A PREROUTING -mset --match-set byp4 dst -j RETURNiptables -t mangle -A PREROUTING -p tcp -j TPROXY --on-port 1088 --tproxy-mark 1088iptables -t mangle -A PREROUTING -p udp -j TPROXY --on-port 1088 --tproxy-mark 1088ip rule add fwmark 1088 table 100ip route addlocal default dev lo table 100# Only for local modeiptables -t mangle -A OUTPUT -m mark --mark 0x438 -j RETURNiptables -t mangle -A OUTPUT -mset --match-set byp4 dst -j RETURNiptables -t mangle -A OUTPUT -p tcp -j MARK --set-mark 1088iptables -t mangle -A OUTPUT -p udp -j MARK --set-mark 1088# IPv6ip6tables -t mangle -A PREROUTING -m mark --mark 0x438 -j RETURNip6tables -t mangle -A PREROUTING -mset --match-set byp6 dst -j RETURNip6tables -t mangle -A PREROUTING -p tcp -j TPROXY --on-port 1088 --tproxy-mark 1088ip6tables -t mangle -A PREROUTING -p udp -j TPROXY --on-port 1088 --tproxy-mark 1088ip -6 rule add fwmark 1088 table 100ip -6 route addlocal default dev lo table 100# Only for local modeip6tables -t mangle -A OUTPUT -m mark --mark 0x438 -j RETURNip6tables -t mangle -A OUTPUT -mset --match-set byp6 dst -j RETURNip6tables -t mangle -A OUTPUT -p tcp -j MARK --set-mark 1088ip6tables -t mangle -A OUTPUT -p udp -j MARK --set-mark 1088
- hev -https://hev.cc
- ihipop -https://ihipop.com
- pexcn -i@pexcn.me
- spider84 -https://github.com/spider84
MIT
About
A socks5 transparent proxy (IPv4/IPv6/TCP/UDP)
Topics
Resources
License
Stars
Watchers
Forks
Packages0
No packages published