【阿权的第一篇翻译/aslibra.com】
这是Linux/Ubuntu下的Freecap

如果你想通过socks5代理服务器透明的转发所有的TCP流量,那下面就是你需要的 :)
(特别对于linux的wow游戏者,这个特别方便)

你需要先在linux系统安装一些东西。大部分通过apt就可以,另外还需要下载一个文件。
打开命令行,然后敲打下面的命令:

cd
sudo apt-get install iptables git-core libevent-1.4-2 libevent-dev
git clone http://github.com/darkk/redsocks.git
cd redsocks/
make
echo 'base{log_debug = on; log_info = on; log = "file:/tmp/reddi.log";
       daemon = on; redirector = iptables;}
       redsocks { local_ip = 127.0.0.1; local_port = 31338; ip = 127.0.0.1;
       port = 31337; type = socks5; }' > redsocks.conf
./redsocks -c redsocks.conf


现在保证你的socks5代理服务器是正常运行的。如果你是用wowtunnels.com,那你可以用你的账号通过SSH连接上。或者你有另外一个linux服务器,可以用ssh登录。又或者,你有一个现成的socks5服务器也可以。
下面是一个命令的例子,本地监听31337端口:
ssh -fqND 31337 yourusername@tunnel4.wowtunnels.com


那现在用iptables通过我们的redsocks转换器转发所有流量,复制下面的命令,粘贴到命令行就可以:

sudo iptables -t nat -N REDSOCKS
sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -p tcp -o eth0 -j DNAT --to 127.0.0.1:31338
sudo iptables -t nat -A OUTPUT -p tcp -j REDSOCKS


但是,我们不希望转发那些连接我们的代理服务器的流量,所以我们需要找到它的ip,添加一个例外:

ping tunnel4.wowtunnels.com    
(这可以知道socks5服务器的ip,比如是67.220.203.130)


那就执行如下命令:
sudo iptables -t nat -I REDSOCKS -d 67.220.203.130 -j RETURN


喔~ 所有流量都透明地通过redsocks映射到socks5服务器啦~ 不需要调整任何的程序配置!
本例子2010-07-19在 ubuntu10.04 测试通过。

关闭此代理模式,可以输入以下命令:
sudo iptables -F
sudo iptables -X
sudo iptables -Z
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t nat -Z
killall redsocks


还有问题?可以配置firefox连接socks5代理(本地的31337端口)去检查代理服务器是否正常。
就我所知,什么是对UDP/ICMP无效的。

Redirect all (TCP) traffic through transparent socks5 proxy in Linux


附加一份redsocks的官方iptables指导

引用
iptables example
================

You have to build iptables with connection tracking and REDIRECT target.

# Create new chain
root# iptables -t nat -N REDSOCKS

# Ignore LANs and some other reserved addresses.
# See http://en.wikipedia.org/wiki/Reserved_IP_addresses#Reserved_IPv4_addresses
# and http://tools.ietf.org/html/rfc5735 for full list of reserved networks.
root# iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
root# iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
root# iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
root# iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
root# iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
root# iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
root# iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
root# iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

# Anything else should be redirected to port 12345
root# iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345

# Any tcp connection made by `luser' should be redirected.
root# iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner luser -j REDSOCKS

# You can also control that in more precise way using `gid-owner` from
# iptables.
root# groupadd socksified
root# usermod --append --groups socksified luser
root# iptables -t nat -A OUTPUT -p tcp -m owner --gid-owner socksified -j REDSOCKS

# Now you can launch your specific application with GID `socksified` and it
# will be... socksified. See following commands (numbers may vary).
# Note: you may have to relogin to apply `usermod` changes.
luser$ id
uid=1000(luser) gid=1000(luser) groups=1000(luser),1001(socksified)
luser$ sg socksified -c id
uid=1000(luser) gid=1001(socksified) groups=1000(luser),1001(socksified)
luser$ sg socksified -c "firefox"

# If you want to configure socksifying router, you should look at
# doc/iptables-packet-flow.png and doc/iptables-packet-flow-ng.png
# Note, you should have proper `local_ip' value to get external packets with
# redsocks, default 127.0.0.1 will not go. See iptables(8) manpage regarding
# REDIRECT target for details.
# Depending on your network configuration iptables conf. may be as easy as:
root# iptables -t nat -A PREROUTING --in-interface eth_int -p tcp -j REDSOCKS



原创内容如转载请注明:来自 阿权的书房
收藏本文到网摘
发表评论
AD
表情
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
打开HTML 打开UBB 打开表情 隐藏
昵称   密码   游客无需密码
网址   电邮   [注册]
               

验证码 不区分大小写
 

阅读推荐

服务器相关推荐

开发相关推荐

应用软件推荐