Redsock2 can redirect some proxy services that do not support transparent proxies, so that transparent proxies can be implemented
Redsock2 installation is straightforward, just make it,
Ubuntu needs
Apt-get intsll libevent-2.0-5 Libssl-dev
After the installation is complete, copy the REDSOCKS2 directly to the relevant directory.
I used it to do the gateway, and then tested, HTTP and HTTPS can not go together, to separate
#http. conf
Base {log_debug = off; Log_info = off; daemon = on; Redirector= iptables;} redsocks {local_ip = 192.168.1.1; local_port = 1080; #https. conf with 1081 IP = 192.168.1.1; Port = 8787; Type = Http-relay; #https. conf with http-connect timeout = 12; Autoproxy = 1;} autoproxy {no_quick_check_seconds = 0;} Ipcache {cache_size = 4; cache_file = "/home/user/conf/cache.http"; stale_time = 7200; autosave_interval = 3600; port_che ck = 1;}
In addition the gateway also made Dnat use this after found no way to open the port. And then add one more configuration
Direct.conf
Base {log_debug = off; Log_info = off; daemon = on; Redirector= iptables;} redsocks {local_ip = 192.168.1.1; local_port = 1090; interface = eth0; type = direct; timeout = 1; autoproxy = 0; #这里就关闭自动代理了, the IP here is directly released.}
Related iptables settings
#!/bin/bashiptables-restore</etc/network/iptables.up.rulesiptables -t nat -n Rshttpsiptables -t nat -a rshttps -o lo -j returniptables -t nat -a rshttps -d 0.0.0.0/8 -j returniptables -t nat -a rshttps -d 10.0.0.0/8 -j returniptables -t nat -a rshttps - d 127.0.0.0/8 -j returniptables -t nat -a rshttps -d 169.254.0.0/ 16 -j returniptables -t nat -a rshttps -d 172.16.0.0/12 -j Returniptables -t nat -a rshttps -d 172.17.0.0/12 -j returniptables -t nat -A RSHTTPS -d 192.168.0.0/16 -j RETURNiptables -t nat -a rshttps -d 224.0.0.0/4 -j returniptables -t nat -a rshttps -d 240.0.0.0/4 -j returniptables -t nat -a rshttps -p tcp -j redirect -- to-port 1081iptables -t nat -i prerouting -p tcp --dport 443 -j RSHTTPS#iptables -t nat -I PREROUTING -p udp -j Rshttpsiptables -t nat -n rshttpiptables -t nat -a rshttp -o lo -j RETURNiptables -t nat -A RSHTTP -d 0.0.0.0/8 -j returniptables -t nat -a rshttp -d 10.0.0.0/8 -j returniptables - T nat -a rshttp -d 127.0.0.0/8 -j returniptables -t nat -a rshttp -d 169.254.0.0/16 -j returniptables -t nat -a rshttp -d 172.16.0.0/12 -j RETURNiptables -t nat -A RSHTTP -d 172.17.0.0/12 -j returniptables -t nat -a rshttp -d 192.168.0.0/16 -j returniptables -t nat -a rshttp -d 224.0.0.0/4 -j returniptables -t nat -a rshttp -d 240.0.0.0/4 -j returniptables -t nat -a rshttp -p tcp -j REDIRECT --to-port 1080iptables -t nat -I PREROUTING -p Tcp --dport 80 -j rshttpiptables -t nat -n rsdirectiptables -t nat -a rsdirect -p tcp -j redirect --to-port 1090iptables - t nat -i prerouting -p tcp -d 208.67.220.220 -j rsdirect# below this one does not add, External network is not able to connect to the relevant ipiptables -t nat -i prerouting -p tcp -s 192.168.1.12 of the Intranet --sport 3389 -j rsdirectpkill redsocks2redsocks2 -c /home/user/conf/ http.confredsocks2 -C /home/user/conf/https.confredsocks2 -c /home/user/conf/direct.conf
REDSOCKS2 Automatic proxy settings