|
|
.ig. manual page for shadowsocks-libev.. Copyright (c) 2012-2015, by: Max Lv. All rights reserved. .. Permission is granted to copy, distribute and/or modify this document. under the terms of the GNU Free Documentation License, Version 1.1 or. any later version published by the Free Software Foundation;. with no Front-Cover Texts, no Back-Cover Texts, and with the following. Invariant Sections (and any sub-sections therein):. all .ig sections, including this one. STUPID TRICKS Sampler. AUTHOR.. A copy of the Free Documentation License is included in the section. entitled "GNU Free Documentation License"....
\# - these two are for chuckles, makes great grammar.ds Lo \fBss-local\fR.ds Re \fBss-redir\fR.ds Se \fBss-server\fR.ds Tu \fBss-tunnel\fR.ds Ma \fBss-manager\fR.ds Me \fBShadowsocks\fR
.TH SHADOWSOCKS-LIBEV 8 "January 7, 2015".SH NAMEshadowsocks-libev \- a lightweight and secure socks5 proxy
.SH SYNOPSIS\*(Lo|\*(Re|\*(Se|\*(Tu|\*(Ma \-s server_host \-p server_port \-l local_port \-k password \-m encrypt_method \-f pid_file \-t timeout \-c config_file
.SH DESCRIPTION\*(Me is a lightweight and secure socks5 proxy. It is a port of the originalshadowsocks created by clowwindy. \*(Me is written in pure C and takes advantageof \fBlibev\fP to achieve both high performance and low resource consumption..PP\*(Me consists of four components. One is \*(Se that runs on a remote serverto provide secured tunnel service. \*(Lo and \*(Re are clients on your localmachines to proxy TCP traffic. \*(Tu is a tool for local port forwarding..PPWhile \*(Lo works as a standard socks5 proxy, \*(Re works as a transparent proxyand requires netfilter's NAT module. For more information, check out the examplesection..PP\*(Ma is a controller for multi-user management and traffic statistics, using UNIXdomain socket to talk with \*(Se. Also, it provides a UNIX domain socket or IP basedAPI for other software. About the details of this API, please refer to the protocolsection.
.SH OPTIONS.TP.B \-s \fIserver_host\fPSet the server's hostname or IP..TP.B \-p \fIserver_port\fPSet the server's port number..TP.B \-l \fIlocal_port\fPSet the local port number..TP.B \-k \fIpassword\fPSet the password. The server and the client should use the same password..TP.B \-m \fIencrypt_method\fPSet the cipher. Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP. Ifbuilt with PolarSSL or custom OpenSSL libraries, some of these ciphers maynot work..TP.B \-f \fIpid_file\fPStart shadowsocks as a daemon with specific pid file..TP.B \-t \fItimeout\fPSet the socket timeout in seconds. The default value is 10..TP.B \-c \fIconfig_file\fPUse a configuration file..TP.B \-a \fIuser_name\fPRun as a specific user..TP.B \-d \fIaddr\fPSetup the name servers for libudns. The default server is fetched from/etc/resolv.conf..TP.B \-uEnable UDP relay..TP.B \-AEnable onetime authentication..TP.B \-vEnable verbose mode..TP.B \--fast-openEnable TCP fast open..TP.B \--acl \fIacl_config\fPEnable ACL (Access Control List)..TP.B \--manager-address \fIpath_to_unix_domain\fPEnable manager mode..TP.B \--executable \fIpath_to_server_executable\fPSpecify the executable path of ss-server for manager mode.
.SH EXAMPLE\*(Re requires netfilter's NAT function. Here is an example:
# Create new chain root@Wrt:~# iptables -t nat -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses # It's very IMPORTANT, just be careful. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy # See Wikipedia and RFC5735 for full list of reserved networks. # See ashi009/bestroutetb for a highly optimized CHN route list. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Add any UDP rules root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100 root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100 root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
# Apply the rules root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS
# Start the shadowsocks-redir root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
.SH PROTOCOL\*(Ma provides several APIs through UDP protocol:
Send UDP commands in the following format to the manager-address provided to \*(Ma.
command: [JSON data]
To add a port:
add: {"server_port": 8001, "password":"7cd308cc059"} To remove a port:
remove: {"server_port": 8001} To receive a pong:
ping Then \*(Ma will send back the traffic statistics:
stat: {"8001":11370}
.SH SEE ALSO.BR iptables (8),/etc/shadowsocks-libev/config.json.br.SH AUTHORshadowsocks was created by clowwindy <clowwindy42@gmail.com> andshadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang<laokongzi@gmail.com>..PPThis manual page was written by Max Lv <max.c.lv@gmail.com>.
|
