ss-nat(1) ========= NAME ---- ss-nat - helper script to setup NAT rules for transparent proxy SYNOPSIS -------- *ss-nat* [-ouUfh] [-s ] [-S ] [-l ] [-L ] [-i ] [-a ] [-b ] [-w ] [-e ] DESCRIPTION ----------- *Shadowsocks-libev* is a lightweight and secure socks5 proxy. It is a port of the original shadowsocks created by clowwindy. *Shadowsocks-libev* is written in pure C and takes advantage of libev to achieve both high performance and low resource consumption. `ss-nat`(1) sets up NAT rules for `ss-redir`(1) to provide traffic redirection. It requires netfilter's NAT module and `iptables`(8). For more information, check out `shadowsocks-libev`(8) and the following 'EXAMPLE' section. OPTIONS ------- -s :: IP address of shadowsocks remote server -l :: Port number of shadowsocks local server -S :: IP address of shadowsocks remote UDP server -L :: Port number of shadowsocks local UDP server -i :: a file whose content is bypassed ip list -a :: LAN IP of access control, need a prefix to define access control mode -b :: WAN IP of will be bypassed -w :: WAN IP of will be forwarded -e :: Extra options for iptables -o:: Apply the rules to the OUTPUT chain -u:: Enable udprelay mode, TPROXY is required -U:: Enable udprelay mode, using different IP and ports for TCP and UDP -f:: Flush the rules -h:: Show this help message and exit EXAMPLE ------- `ss-nat` requires `iptables`(8). Here is an example: .... # Enable NAT rules for shadowsocks, # with both TCP and UDP redirection enabled, # and applied for both PREROUTING and OUTPUT chains root@Wrt:~# ss-nat -s 192.168.1.100 -l 1080 -u -o # Disable and flush all NAT rules for shadowsocks root@Wrt:~# ss-nat -f .... SEE ALSO -------- `ss-local`(1), `ss-server`(1), `ss-tunnel`(1), `ss-manager`(1), `shadowsocks-libev`(8), `iptables`(8), /etc/shadowsocks-libev/config.json