Skip to content
Transparent SOCKS5 / HTTP proxy in Go
Branch: master
Clone or download
ymmt2005 Merge pull request #15 from jsign/fixsampletoml
Fix log section of sample config
Latest commit 4ef0675 Apr 21, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Enable Go modules. Nov 13, 2018
cmd/transocks Fix log section of sample config Apr 21, 2019
.gitignore Ignore go.sum Dec 25, 2018
CHANGELOG.md Bump version to v1.1.1 Mar 16, 2019
CONTRIBUTORS.md Add @otariidae to CONTRIBUTORS.md Mar 16, 2019
DESIGN.md Initial commit Mar 8, 2016
LICENSE
README.md Update README Nov 13, 2018
RELEASE.md Bump version to 1.1.0 Nov 13, 2018
config.go Replaced "cybozu-go/cmd" to "cybozu-go/cmd" Nov 13, 2018
defs_linux.go Enable Go modules. Nov 13, 2018
go.mod Replace syscall with golang.org/x/sys Mar 16, 2019
http_tunnel.go gofmt clean. Sep 1, 2016
http_tunnel_test.go [http_tunnel] trim rough edges. Mar 9, 2016
original_dst_linux.go Replace syscall with golang.org/x/sys Mar 16, 2019
original_dst_linux_test.go Reimplement transocks based on cybozu-go/cmd . Aug 31, 2016
original_dst_stub.go Initial commit Mar 8, 2016
server.go Replaced "cybozu-go/cmd" to "cybozu-go/cmd" Nov 13, 2018

README.md

GitHub release GoDoc CircleCI Go Report Card

transocks - a transparent SOCKS5/HTTP proxy

transocks is a background service to redirect TCP connections transparently to a SOCKS5 server or a HTTP proxy server like Squid.

Currently, transocks supports only Linux iptables with DNAT/REDIRECT target.

Features

  • IPv4 and IPv6

    Both IPv4 and IPv6 are supported. Note that nf_conntrack_ipv4 or nf_conntrack_ipv6 kernel modules must be loaded beforehand.

  • SOCKS5 and HTTP proxy (CONNECT)

    We recommend using SOCKS5 server if available. Take a look at our SOCKS server usocksd if you are looking for.

    HTTP proxies often prohibits CONNECT method to make connections to ports other than 443. Make sure your HTTP proxy allows CONNECT to the ports you want.

  • Graceful stop & restart

    • On SIGINT/SIGTERM, transocks stops gracefully.
    • On SIGHUP, transocks restarts gracefully.
  • Library and executable

    transocks comes with a handy executable. You may use the library to create your own.

Install

Use Go 1.7 or better.

go get -u github.com/cybozu-go/transocks/...

Usage

transocks [-h] [-f CONFIG]

The default configuration file path is /etc/transocks.toml.

In addition, transocks implements the common spec from cybozu-go/cmd.

transocks does not have daemon mode. Use systemd to run it as a background service.

Configuration file format

transocks.toml is a TOML file.

proxy_url is mandatory. Other items are optional.

# listening address of transocks.
listen = "localhost:1081"    # default is "localhost:1081"

proxy_url = "socks5://10.20.30.40:1080"  # for SOCKS5 server
#proxy_url = "http://10.20.30.40:3128"   # for HTTP proxy server

[log]
filename = "/path/to/file"   # default to stderr
level = "info"               # critical", error, warning, info, debug
format = "json"              # plain, logfmt, json

Redirecting connections by iptables

Use DNAT or REDIRECT target in OUTPUT chain of the nat table.

Save the following example to a file, then execute: sudo iptables-restore < FILE

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:TRANSOCKS - [0:0]
-A OUTPUT -p tcp -j TRANSOCKS
-A TRANSOCKS -d 0.0.0.0/8 -j RETURN
-A TRANSOCKS -d 10.0.0.0/8 -j RETURN
-A TRANSOCKS -d 127.0.0.0/8 -j RETURN
-A TRANSOCKS -d 169.254.0.0/16 -j RETURN
-A TRANSOCKS -d 172.16.0.0/12 -j RETURN
-A TRANSOCKS -d 192.168.0.0/16 -j RETURN
-A TRANSOCKS -d 224.0.0.0/4 -j RETURN
-A TRANSOCKS -d 240.0.0.0/4 -j RETURN
-A TRANSOCKS -p tcp -j REDIRECT --to-ports 1081
COMMIT

Use ip6tables to redirect IPv6 connections.

Library usage

Read the documentation.

License

MIT

You can’t perform that action at this time.