centos7 最小安装后,编译配置redsocks

前期准备

yum update 
yum install git
yum group install "Development Tools"	
yum install libevent libevent-devel

拉代码编译

git clone https://github.com/darkk/redsocks
cd redsocks
make
cp redsocks /usr/bin/redsocks #放到$PATH里

添加iptable规则

iptables -t nat -N REDSOCKS #在nat表里创建一个REDSOCKS的链

#不需要重定向的规则
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

#重写向规则 12345是REDSOCKS默认的端口
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345

#出去的流量重定向
iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDSOCKS
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDSOCKS

#目标地址转换(DNAT)流量重定向
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp --dport 1080 -j REDSOCKS

#可选 重定向crosp用户的tcp流量 
#iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner crosp -j REDSOCKS

#查看链nat表中的链
iptables -L -t nat

在redsocks 目录创建 redsocks.config

base {
 log_debug = on;
 log_info = on;
 log = "stderr";
 daemon = off;
 redirector = iptables;
}

redsocks {
    // Local IP listen to
    local_ip = 127.0.0.1;
    // Port to listen to
    local_port = 12345;
    // Remote proxy address
    ip = 192.168.1.106;
    port = 1080;
    // Proxy type
    //socks4, socks5, http-connect, http-relay
    type = socks5;
    // Username to authorize on proxy server
    //login = anonymous;
    // Password for a proxy user
    //password = verystrongpassword;
    // Do not disclose real IP
    disclose_src = false;
}

测试

启动redsocks

./redsocks -c ./redsocks.conf

关闭

关闭重定把这个规则修改成RETURN就行了,下次要使用再换回REDIRECT --to-ports 12345

iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345

查一下序号

iptables -L -n --line-number -t nat


iptables -R REDSOCKS 9 -j RETURN  -t nat

下次换回来就

iptables -R REDSOCKS 9 -p tcp  -j REDIRECT --to-ports 12345  -t nat
posted @ 2019-12-26 10:51  马肯尼煤牙巴骨  阅读(557)  评论(0编辑  收藏  举报