Linux Global Agent

The general use of Linux words are used by the global proxy http_proxy and https_proxy These two environment variables to achieve, but the disadvantage is that this is not a real global agent, even if the agent is set, for some applications are not valid, such as w3m, And this approach does not support the SOCKS protocol.

I use Shadowsocks as a proxy in the lab environment to access the extranet, not used to flip the wall, because the personal feeling shadosocks than other socks software good deployment, although encryption loss point performance, But table encryption does not count as much. In the Windows environment with proxifity can be very good to solve the problem of global agent, on Linux, above also said, is indeed a more troublesome thing.

Shadowsocks server side is not introduced, recommended to install C with Libev version, this version contains Ss-server Ss-redir ss-local Ss-tunnel, other versions seemingly did not implement the functionality of this article Ss-redir. In addition to Ss-server as a server, the remaining three are done as clients. Ss-redir is used to do transparent proxy, ss-local is to do the local SOCKS5 agent, Ss-tunnel is to do the tunnel (this is not known the actual use). What this article is to say is to use Ss-redir with Linux powerful iptable to implement the global agent.

The following is a ubuntu14.04 environment to introduce

#创建一个叫SOCKS的链Iptables-t Nat-n SOCKS#忽略服务器的地址, if does not belong to the intranet IP, must pay attention to add.#其实下面这句可以省略的 because it belongs to 172.16.0.0/12Iptables-t nat-a SOCKS- D 172.23.45.19-j RETURN# Ignore local addressesIptables-t nat-a SOCKS- D 0.0.0.0/8-j returniptables-t nat-a SOCKS- D 10.0.0.0/8-j returniptables-t nat-a SOCKS- D 127.0.0.0/8-j returniptables-t nat-a SOCKS- D 169.254.0.0/ --j returniptables-t nat-a SOCKS- D 172.16.0.0/ A-j returniptables-t nat-a SOCKS- D 192.168.0.0/ --j returniptables-t nat-a SOCKS- D 224.0.0.0/4-j returniptables-t nat-a SOCKS- D 240.0.0.0/4-j RETURN# Anything else should is redirected to Shadowsocks ' s local port#除上面之外的所有流量都跳转到socks的本地端口 (Local_port), where shadosock default port is usedIptables-t nat-a socks-p tcp-j REDIRECT--to-ports the# Finally, the application of the above rules, the output of the TCP traffic all go through the socks chain#如果是在openwrt上实现透明代理的话, use the rules that are commented out below#iptables-T nat-a prerouting-p tcp-j SOCKSIptables-t nat-a output-p tcp-j SOCKS

This script can be saved as an SH, added to boot

After the firewall rules are added to the system, start the ss-redir, in fact, the order of the exchange is also irrelevant

#ss-redir -c /etc/shadosocks.json

Shadosocks.json content and Settings ss-local are consistent. The benefit of shadosocks is that Server/client has a common set of configurations. Shadosocks official Website Even if the client server is categorized, but the client is only a subset of the server side, So the server version is recommended.

After such a setup, all TCP traffic on this machine goes through the agent machine, and at present Ss-redir does not know where to forward UDP.

Linux Global Agent