碼上快樂

相關內容    簡體    繁體

SSH/SOCKS成為全局代理

本文轉載自   查看原文   2020-05-12 09:42   3388    cnns

SSH/SOCKS成為全局代理

來源 https://blog.creke.net/770.html

參考 https://www.5yun.org/curl-ce-shi-socks5-or-http-dai-li-ming-ling.html

參考 https://zhuanlan.zhihu.com/p/46804075

 

測試socks5命令:

curl --socks5 125.119.175.48:8909 http://example.com/

測試http命令:

curl --connect-timeout 2 -x 127.0.0.1:8118 http://google.com

linux curl命令可以使用下面參數設置http(s)代理、socks代理,已經設置它們的用戶名、密碼以及認證方式:

 

參數 用法
-x host:port
-x [protocol://[user:pwd@]host[:port]
--proxy [protocol://[user:pwd@]host[:port]		 使用HTTP代理訪問;如果未指定端口,默認使用8080端口;
protocol默認為http_proxy,其他可能的值包括:
http_proxy、HTTPS_PROXY、socks4、socks4a、socks5;
如:
--proxy 8.8.8.8:8080;
-x "http_proxy://aiezu:123@aiezu.com:80"
--socks4 <host[:port]>
--socks4a <host[:port]>
--socks5 <host[:port]>		 使用SOCKS4代理;
使用SOCKS4A代理;
使用SOCKS5代理;
此參數會覆蓋“-x”參數;
--proxy-anyauth
--proxy-basic
--proxy-diges
--proxy-negotiate
--proxy-ntlm		 代理認證方式,參考:
--anyauth
--basic
--diges
--negotiate
--ntlm
-U <user:password>
--proxy-user <user:password>		 設置代理的用戶名和密碼;

 

Windows下的有:

  1. Proxifier 下載地址
  2. ProxyCap 下載地址

前者比較好用,可控規則較多。我正在使用。

Linux下的有:

  1. proxychains 下載地址
  2. redsocks 下載地址
  3. tsocks 下載地址

proxychain功能較多,支持多個代理輪詢等;redsocks據說支持android;tsocks配置簡單。

 

proxychains教程

假設代理為127.0.0.1,端口為7070。我在Ubuntu下安裝。

安裝很簡單:

sudo apt-get install proxychains

配置:

sudo vi /etc/proxychains.conf

把最后的“[ProxyList]”部分配置為自己的代理即可:

socks4  127.0.0.1 7070

使用方法:

proxychains <程序名>

即可讓程序使用代理。

 

redsocks教程

嚴格意義上來說,proxychains不算自動的全局代理,有沒有像Proxifier這樣,開了之后自動讓所有啟動的程序都走系統代理呢?答案就是redsocks。

首先安裝Ubuntu編譯環境和必要的庫:

sudo apt-get install autoconf automake libtool libevent-dev g++

下載源代碼,然后編譯安裝:

./mkauto.sh

cp redsocks /usr/local/bin/

配置文件為:

base {
// debug: connection progress & client list on SIGUSR1
log_debug = off;

// info: start and end of client session
log_info = off;

/* possible `log' values are:
* stderr
* file:/path/to/file
* syslog:FACILITY facility is any of "daemon", "local0"..."local7"
*/
log = "file:/dev/null";
// log = stderr;
// log = "file:/path/to/file";
// log = "syslog:local7";

// detach from console
daemon = on;

/* Change uid, gid and root directory, these options require root
* privilegies on startup.
* Note, your chroot may requre /etc/localtime if you write log to syslog.
* Log is opened before chroot & uid changing.
*/
// user = nobody;
// group = nobody;
// chroot = "/var/chroot";

/* possible `redirector' values are:
* iptables - for Linux
* ipf - for FreeBSD
* pf - for OpenBSD
* generic - some generic redirector that MAY work
*/
redirector = iptables;
}

redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 12345;

// `ip' and `port' are IP and tcp-port of proxy-server
ip = 127.0.0.1;
port = 7070;

// known types: socks4, socks5, http-connect, http-relay
type = socks5;

// login = "foobar";
// password = "baz";
}

redudp {
// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
// packets that are sent as replies - and it should be fixed
// if we want NAT to work properly.
local_ip = 127.0.0.1;
local_port = 10053;

// `ip' and `port' of socks5 proxy server.
ip = 10.0.0.1;
port = 1080;
login = username;
password = pazzw0rd;

// kernel does not give us this information, so we have to duplicate it
// in both iptables rules and configuration file. By the way, you can
// set `local_ip' to 127.45.67.89 if you need more than 65535 ports to
// forward ;-)
// This limitation may be relaxed in future versions using contrack-tools.
dest_ip = 8.8.8.8;
dest_port = 53;

udp_timeout = 30;
udp_timeout_stream = 180;
}

dnstc {
// fake and really dumb DNS server that returns "truncated answer" to
// every query via UDP, RFC-compliant resolver should repeat same query
// via TCP in this case.
local_ip = 127.0.0.1;
local_port = 5300;
}

// you can add more `redsocks' and `redudp' sections if you need.

這里的配置沒有配置udp的代理部分,只是配置了tcp即redsocks部分。監聽端口是12345。日志關閉了,因為好像我下載的當前版本無論怎么樣都產生一堆調試日志,不知道以后會不會修復這點。

啟動關閉腳本redsocks.sh為(via):

#! /bin/bash

SSHHOST=creke
SSHPORT=22
SSHUSR=creke
SSHPWD=creke

SSHDAEMON=/usr/local/bin/plink
SSHPIDFILE=/var/run/sshtunnel.pid

start_ssh()
{
    echo "Start SSH Tunnel Daemon: "
    start-stop-daemon -b -q -m -p $SSHPIDFILE --exec $SSHDAEMON -S \
    -- -N -D 127.0.0.1:7070 -P $SSHPORT -pw $SSHPWD $SSHUSR@$SSHHOST
    echo "SSH Tunnel Daemon Started."
}

stop_ssh()
{
    #ps aux|grep "ssh -NfD 1234"|awk '{print $2}'|xargs kill
    if [ -f $SSHPIDFILE ]; then
    PID=$(cat $SSHPIDFILE)
    kill $PID
    while [ -d /proc/$PID ];
    do
    sleep 1
    done
    fi
    rm -rf $SSHPIDFILE
    echo "SSH Tunnel Daemon Stoped."
}

case "$1" in
  start)
    start_ssh
    cd /usr/local/redsocks
    if [ -e redsocks.log ] ; then
      rm redsocks.log
    fi
    ./redsocks -p /usr/local/redsocks/redsocks.pid #set daemon = on in config file
    # start redirection
    # iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to 12345
    # iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to 12345
    # Create new chain
    iptables -t nat -N REDSOCKS

    # Ignore LANs and some other reserved addresses.
    iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
    iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
    iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
    iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
    iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

    # Anything else should be redirected to port 12345
    iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
    # Any tcp connection should be redirected.
    iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
    ;;

  stop)
    stop_ssh
    cd /usr/local/redsocks
    if [ -e redsocks.pid ]; then
      kill `cat redsocks.pid`
      rm redsocks.pid
    else
      echo already killed, anyway, I will try killall
      killall -9 redsocks
    fi
    # stop redirection
    iptables -t nat -F OUTPUT
    iptables -t nat -F REDSOCKS
    iptables -t nat -X REDSOCKS
    ;;

  start_ssh)
    start_ssh
    ;;

  stop_ssh)
    stop_ssh
    ;;

  clean_dns)
    # iptables -A INPUT -p udp --sport 53 -m state --state ESTABLISHED -m you-know-who -j DROP -m comment --comment "drop you-know-who dns hijacks"
    echo this function not finished
    ;;

  *)
    echo "Usage: redsocks start|stop|start_ssh|stop_ssh|clean_dns" >&2
    exit 3
    ;;
esac

iptables的規則是讓所有的TCP包都發送到redsocks監聽的端口12345。本腳本還整合了ssh的daemon啟動,使用start-stop-daemon來實現。

啟動和關閉:

將啟動關閉腳本中的開頭的幾個變量配置好

啟動命令:sudo ./redsocks.sh start

關閉命令:sudo ./redsocks.sh stop

 

============ End

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 配置ssh使用socks代理 Xshell添加ssh隧道SOCKS代理 Xshell添加ssh隧道SOCKS代理 redsocks 將socks代理轉換成全局代理 Linux下 redsocks + iptables + socks5 實現全局代理 Linux-ssh安全隧道:動態端口轉發(SOCKS代理) 使用ssh正向連接、反向連接、做socks代理的方法 使用 SSH 隧道實現端口轉發、SOCKS 代理 windows使用proxifier全局代理-配置可用; windows10 配置全局代理走socks5 ssh代理: -L 正向代理 -R 反向代理 -D socks代理
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM