1. 先来谈谈pc的测试环境
socks5代理,因为要在centos下设置,没有yum到socks, 就安装ss5,wget http://jaist.dl.sourceforge.net/project/ss5/ss5/3.8.9-8/ss5-3.8.9-8.tar.gz,参考这个网页解决:https://blog.csdn.net/zjiang1994/article/details/74925039。然后解压,./configure && make install
chmod a+x /etc/init.d/ss5
service ss5 start
vim /etc/opt/ss5/ss5.conf,把这两处的注释打开(就是auth,permit这两行)
测试,用mac的safari,把代理socks选上,填上centos的地址,端口号填上1080。测试下是否work。
版主总结了下命令集:
yum install gcc openldap-devel pam-devel openssl-devel
wget http://jaist.dl.sourceforge.net/project/ss5/ss5/3.8.9-8/ss5-3.8.9-8.tar.gz
tar -vzx -f ss5-3.8.9-8.tar.gz
cd ss5-3.8.9/
./configure
make
make install
chmod a+x /etc/init.d/ss5
service ss5 start
vim /etc/opt/ss5/ss5.conf
# 修改配置文件 service ss5 restart
其次是redsocks的配置,用缺省的example,改名为my.conf,
redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 1080;
// listen() queue length. Default value is SOMAXCONN and it should be
// good enough for most of us.
// listenq = 128; // SOMAXCONN equals 128 on my Linux box.
// `max_accept_backoff` is a delay to retry `accept()` after accept
// failure (e.g. due to lack of file descriptors). It's measured in
// milliseconds and maximal value is 65535. `min_accept_backoff` is
// used as initial backoff value and as a damper for `accept() after
// close()` logic.
// min_accept_backoff = 100;
// max_accept_backoff = 60000;
// `ip' and `port' are IP and tcp-port of proxy-server
// You can also use hostname instead of IP, only one (random)
// address of multihomed host will be used.
// The two fields are meaningless when proxy type is 'direct'.
ip = 192.168.1.108;
port = 1080;
剩下的udp和socks5的都给删掉。我们只需要tcp代理。
iptables文件内容是:
sudo iptables -t nat -A OUTPUT -d 192.168.1.108 -j RETURN
sudo iptables -t nat -A OUTPUT -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A OUTPUT -d 172.16.0.0/16 -j RETURN
sudo iptables -t nat -A OUTPUT -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A OUTPUT -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1080
iptables -t nat -F, 是清除所有的设置;
iptables -t nat -L, 是列表显示目前的设置。
实际上localpot用1080不合适,应该选用个别的值,比如1081。
iptables内容,把对1080的输出都给return掉,本地output出去的redirect到端口,1080上,而redsocks配置文件监听的就是这个端口。
redsocks配置主要是参考这个链接来做的:http://www.right.com.cn/forum/thread-138122-1-1.html