Linux Global Proxy

Linux Global Proxy

Generally, in Linux, both global proxies are implemented using http_proxy and https_proxy environment variables, but the disadvantage is that this method is not a real global proxy, even if a proxy is set, for some applications, such as w3m, this method does not support the socks protocol.

I used shadowsocks as a proxy in the lab environment to access the Internet, but it was not used to flip the wall, because I personally felt that shadosocks was better deployed than other socks software, although the encryption loss point of performance, however, table encryption does not calculate much. in the windows environment, proxifity can solve the global proxy problem very well. in Linux, it is indeed a troublesome thing.

The server side of shadowsocks is not introduced. We recommend that you install C with libev. This version includes ss-server ss-redir ss-local ss-tunnel, in other versions, it seems that the ss-redir. except that the ss-server serves as the server, the other three are used as the client. ss-redir is used for transparent proxy, ss-local is used for local socks5 proxy, and ss-tunnel is used for tunnel (the actual usage is unknown currently ). this article describes how to use ss-redir and Linux's powerful iptable to implement global proxy.

The following describes the Ubuntu environment.

# Create a chain named SOCKS iptables-t nat-n socks # ignore the server address. If it does not belong to an intranet IP address, add it. # In fact, the following sentence can be omitted, because it belongs to 172.16.0.0/12 iptables-t nat-a socks-d 172.23.45.19-j RETURN # ignore the local address iptables-t nat-a socks-d 0.0.0.0/8-j RETURNiptables-t nat-a socks-d 10.0.0.0/8-j RETURNiptables-t nat-a socks-d 127.0.0.0/8-j RETURNiptables-t nat-a socks-d 169.254.0.0/16-j RETURNiptables -t nat-a socks-d 172.16.0.0/12-j RETURNiptables-t nat-a socks-d 192.168.0.0/16-j RETURNiptables-t nat-a socks-d 224.0.0.0/4- j RETURNiptables-t nat-a socks-d 240.0.0.0/4-j RETURN # Anything else shocould be redirected to shadowsocks's local port # all traffic except above will jump to socks's local port (local_port ), here, the default shadosock port 1080 iptables-t nat-a socks-p tcp-j REDIRECT -- to-ports 1080 # is used to apply the above rules, all the tcp traffic OUTPUT goes through the SOCKS chain # If it is transparent proxy on openwrt, use the rules described below # iptables-t nat-a prerouting-p tcp-j SOCKSiptables-t nat-a output-p tcp-j SOCKS

You can save this script as a sh and add it to the auto-start

After adding the firewall rules to the system, start ss-redir. In fact, it doesn't matter if the order of the two is changed.

#ss-redir -c /etc/shadosocks.json

Shadosocks. the json content is consistent with the setting of ss-local. the advantage of shadosocks is that the server/client shares a set of configurations. even if the shadosocks official website classifies client servers, the client is only a subset of the server. Therefore, we recommend that you use the server version.

After such settings, all tcp traffic on the local machine will go out through the proxy machine. Currently, ss-redir does not know udp forwarding.