richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
815 Commits
8 Branches
85 Tags
14 MiB
 
 
 
 
 
 
Tree: 6d79387715
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6d79387715'
${ noResults }
shadowsocks-libev/man/ss-redir.1

156 lines
5.2 KiB
Raw Blame History

.ig
. manual page for shadowsocks-libev
.
. Copyright (c) 2012-2015, by: Max Lv
. All rights reserved.
.
. Permission is granted to copy, distribute and/or modify this document
. under the terms of the GNU Free Documentation License, Version 1.1 or
. any later version published by the Free Software Foundation;
. with no Front-Cover Texts, no Back-Cover Texts, and with the following
. Invariant Sections (and any sub-sections therein):
. all .ig sections, including this one
. STUPID TRICKS Sampler
. AUTHOR
.
. A copy of the Free Documentation License is included in the section
. entitled "GNU Free Documentation License".
.
..
\# - these two are for chuckles, makes great grammar
.ds Lo \fBss-local\fR
.ds Re \fBss-redir\fR
.ds Se \fBss-server\fR
.ds Tu \fBss-tunnel\fR
.ds Ma \fBss-manager\fR
.ds Me \fBShadowsocks-libev\fR
.
.TH "SS-REDIR" "1" "September 10, 2015" "SHADOWSOCKS-LIBEV"
.SH NAME
ss-redir \- shadowsocks client as transparent proxy, libev port
.SH SYNOPSIS
\*(Re
[\fB\-AhuUv\fR]
[\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR]
[\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
[\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-b\fR \fIlocal_address\fR]
[\fB\-a\fR \fIuser_name\fR]
.SH DESCRIPTION
\*(Me is a lightweight and secure socks5 proxy. It is a port of the original
shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage
of \fBlibev\fP to achieve both high performance and low resource consumption.
.PP
\*(Me consists of five components. \*(Re(1) works as a transparent proxy on local
machines to proxy TCP traffic and requires netfilter's NAT module. For more
information, check out \fBshadowsocks-libev\fR(8) and the following \fBEXAMPLE\fR
section.
.SH OPTIONS
.TP
.B \-s \fIserver_host\fP
Set the server's hostname or IP.
.TP
.B \-p \fIserver_port\fP
Set the server's port number.
.TP
.B \-l \fIlocal_port\fP
Set the local port number.
.TP
.B \-k \fIpassword\fP
Set the password. The server and the client should use the same password.
.TP
.B \-m \fIencrypt_method\fP
Set the cipher.
Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
.TP
.B \-f \fIpid_file\fP
Start shadowsocks as a daemon with specific pid file.
.TP
.B \-t \fItimeout\fP
Set the socket timeout in seconds. The default value is 10.
.TP
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-b \fIlocal_address\fP
Specify local address to bind.
.TP
.B \-a \fIuser_name\fP
Run as a specific user.
.TP
.B \-u
Enable UDP relay.
TPROXY is required in redir mode.
.TP
.B \-U
Enable UDP relay and disable TCP relay.
.TP
.B \-A
Enable onetime authentication.
.TP
.B \-v
Enable verbose mode.
.SH EXAMPLE
\*(Re requires netfilter's NAT function. Here is an example:
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Add any UDP rules
root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
# Apply the rules
root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
.SH SEE ALSO
.BR \*(Lo (1),
.BR \*(Se (1),
.BR \*(Tu (1),
.BR \*(Ma (1),
.BR shadowsocks-libev (8),
.BR iptables (8),
/etc/shadowsocks-libev/config.json
.br
.SH AUTHOR
shadowsocks was created by clowwindy <clowwindy42@gmail.com> and
shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang
<laokongzi@gmail.com>.
.PP
This manual page was written by Max Lv <max.c.lv@gmail.com>.
.PP
The manual pages were rearranged by hosiet <073plan@gmail.com>.