mirror of
https://github.com/novatiq/packages.git
synced 2026-04-30 07:28:39 +01:00
redsocks: add new package
Redsocks is a daemon running on the local system, that will transparently tunnel any TCP connection via a remote SOCKS4, SOCKS5 or HTTP proxy server. It uses the system firewall's redirection facility to intercept TCP connections, thus the redirection is system-wide, with fine-grained control, and does not depend on LD_PRELOAD libraries. Signed-off-by: Johannes Morgenroth <jm@m-network.de>
This commit is contained in:
Johannes Morgenroth
@@ -0,0 +1,108 @@
|
||||
base {
|
||||
// debug: connection progress & client list on SIGUSR1
|
||||
log_debug = off;
|
||||
|
||||
// info: start and end of client session
|
||||
log_info = on;
|
||||
|
||||
/* possible `log' values are:
|
||||
* stderr
|
||||
* "file:/path/to/file"
|
||||
* syslog:FACILITY facility is any of "daemon", "local0"..."local7"
|
||||
*/
|
||||
// log = stderr;
|
||||
// log = "file:/path/to/file";
|
||||
log = "syslog:local7";
|
||||
|
||||
// detach from console
|
||||
daemon = on;
|
||||
|
||||
/* Change uid, gid and root directory, these options require root
|
||||
* privilegies on startup.
|
||||
* Note, your chroot may requre /etc/localtime if you write log to syslog.
|
||||
* Log is opened before chroot & uid changing.
|
||||
*/
|
||||
// user = nobody;
|
||||
// group = nobody;
|
||||
// chroot = "/var/chroot";
|
||||
|
||||
/* possible `redirector' values are:
|
||||
* iptables - for Linux
|
||||
* ipf - for FreeBSD
|
||||
* pf - for OpenBSD
|
||||
* generic - some generic redirector that MAY work
|
||||
*/
|
||||
redirector = iptables;
|
||||
}
|
||||
|
||||
redsocks {
|
||||
/* `local_ip' defaults to 127.0.0.1 for security reasons,
|
||||
* use 0.0.0.0 if you want to listen on every interface.
|
||||
* `local_*' are used as port to redirect to.
|
||||
*/
|
||||
local_ip = 127.0.0.1;
|
||||
local_port = 12345;
|
||||
|
||||
// listen() queue length. Default value is SOMAXCONN and it should be
|
||||
// good enough for most of us.
|
||||
// listenq = 128; // SOMAXCONN equals 128 on my Linux box.
|
||||
|
||||
// `max_accept_backoff` is a delay to retry `accept()` after accept
|
||||
// failure (e.g. due to lack of file descriptors). It's measured in
|
||||
// milliseconds and maximal value is 65535. `min_accept_backoff` is
|
||||
// used as initial backoff value and as a damper for `accept() after
|
||||
// close()` logic.
|
||||
// min_accept_backoff = 100;
|
||||
// max_accept_backoff = 60000;
|
||||
|
||||
// `ip' and `port' are IP and tcp-port of proxy-server
|
||||
// You can also use hostname instead of IP, only one (random)
|
||||
// address of multihomed host will be used.
|
||||
ip = example.org;
|
||||
port = 1080;
|
||||
|
||||
|
||||
// known types: socks4, socks5, http-connect, http-relay
|
||||
type = socks5;
|
||||
|
||||
// login = "foobar";
|
||||
// password = "baz";
|
||||
}
|
||||
|
||||
redudp {
|
||||
// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
|
||||
// packets that are sent as replies - and it should be fixed
|
||||
// if we want NAT to work properly.
|
||||
local_ip = 127.0.0.1;
|
||||
local_port = 10053;
|
||||
|
||||
// `ip' and `port' of socks5 proxy server.
|
||||
ip = 10.0.0.1;
|
||||
port = 1080;
|
||||
login = username;
|
||||
password = pazzw0rd;
|
||||
|
||||
// redsocks knows about two options while redirecting UDP packets at
|
||||
// linux: TPROXY and REDIRECT. TPROXY requires more complex routing
|
||||
// configuration and fresh kernel (>= 2.6.37 according to squid
|
||||
// developers[1]) but has hack-free way to get original destination
|
||||
// address, REDIRECT is easier to configure, but requires `dest_ip` and
|
||||
// `dest_port` to be set, limiting packet redirection to single
|
||||
// destination.
|
||||
// [1] http://wiki.squid-cache.org/Features/Tproxy4
|
||||
dest_ip = 8.8.8.8;
|
||||
dest_port = 53;
|
||||
|
||||
udp_timeout = 30;
|
||||
udp_timeout_stream = 180;
|
||||
}
|
||||
|
||||
dnstc {
|
||||
// fake and really dumb DNS server that returns "truncated answer" to
|
||||
// every query via UDP, RFC-compliant resolver should repeat same query
|
||||
// via TCP in this case.
|
||||
local_ip = 127.0.0.1;
|
||||
local_port = 5300;
|
||||
}
|
||||
|
||||
// you can add more `redsocks' and `redudp' sections if you need.
|
||||
@@ -0,0 +1,36 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
# Copyright (C) 2007 OpenWrt.org
|
||||
|
||||
START=90
|
||||
|
||||
# check if configuration exists
|
||||
[ -e "/etc/redsocks.conf" ] || exit 0
|
||||
|
||||
start() {
|
||||
if [ -e "/var/run/redsocks.pid" ]; then
|
||||
echo "redsocks is already running"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
/bin/echo -n "running redsocks ..."
|
||||
|
||||
# startup the safety-wrapper for the daemon
|
||||
/usr/sbin/redsocks -p /var/run/redsocks.pid
|
||||
|
||||
/bin/echo " done"
|
||||
}
|
||||
|
||||
stop() {
|
||||
if [ ! -e "/var/run/redsocks.pid" ]; then
|
||||
echo "redsocks is not running"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
/bin/echo -n "stopping redsocks ..."
|
||||
|
||||
# kill the process
|
||||
/bin/kill $(cat /var/run/redsocks.pid)
|
||||
rm /var/run/redsocks.pid
|
||||
|
||||
echo " done"
|
||||
}
|
||||
Reference in New Issue
Block a user