Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 158 lines (106 sloc) 5.049 kb
a1f4ccd @darkk Added README and better configuration example.
authored
1 This tool allows you to redirect any TCP connection to SOCKS or HTTPS
2 proxy using your firewall, so redirection is system-wide.
3
4 Why is that useful? I can suggest following reasons:
5 * you use tor[1] and don't want any TCP connection to leak.
6 * you use DVB ISP and this ISP provides internet connectivity with some
7 special daemon that may be also called "Internet accelerator" and this
8 accelerator acts as proxy. Globax[2] is example of such an accelerator.
9
10 Linux/iptables, OpenBSD/pf and FreeBSD/ipfw are supported.
11 Linux/iptables is well-tested, other implementations may have bugs,
12 your bugreports are welcome.
13
14 Transocks[3] is alike project but it has noticable performance penality.
15
7cc7145 @darkk Added link to transocks_ev.
authored
16 Transsocks_ev[4] is alike project too, but it has no HTTPS-proxy support
17 and does not support authentication.
18
27dd024 @darkk Added references to android tools: ProxyDroid and sshtunnel.
authored
19 Several Andoird apps also use redsocks under-the-hood: ProxyDroid[5][6] and
20 sshtunnel[7][8]. And that's over 100'000 downloads! Wow!
21
a1f4ccd @darkk Added README and better configuration example.
authored
22 [1] http://www.torproject.org
23 [2] http://www.globax.biz
24 [3] http://transocks.sourceforge.net/
7cc7145 @darkk Added link to transocks_ev.
authored
25 [4] http://oss.tiggerswelt.net/transocks_ev/
27dd024 @darkk Added references to android tools: ProxyDroid and sshtunnel.
authored
26 [5] http://code.google.com/p/proxydroid/
27 [6] https://market.android.com/details?id=org.proxydroid
28 [7] http://code.google.com/p/sshtunnel/
29 [8] https://market.android.com/details?id=org.sshtunnel
a1f4ccd @darkk Added README and better configuration example.
authored
30
31
57a1cab @darkk Some more comments regarding DNS via TCP.
authored
32 Another related issue is DNS over TCP. Redsocks includes `dnstc' that is fake
33 and really dumb DNS server that returns "truncated answer" to every query via
34 UDP. RFC-compliant resolver should repeat same query via TCP in this case - so
35 the request can be redirected using usual redsocks facilities.
36
37 Known compliant resolvers are:
38 * bind9 (server)
39 * dig, nslookup (tools based on bind9 code)
40 Known non-compliant resolvers are:
41 * eglibc resolver fails without any attempt to send request via TCP
42 * powerdns-recursor can't properly startup without UDP connectivity as it
43 can't load root hints
44
45 On the other hand, DNS via TCP using bind9 may be painfully slow. If your bind9
27dd024 @darkk Added references to android tools: ProxyDroid and sshtunnel.
authored
46 setup is really slow, you have at least two options: pdnsd[9] caching server
47 can run in TCP-only mode, ttdnsd[10][11] has no cache but can be useful for same
57a1cab @darkk Some more comments regarding DNS via TCP.
authored
48 purpose.
49
27dd024 @darkk Added references to android tools: ProxyDroid and sshtunnel.
authored
50 [9] http://www.phys.uu.nl/~rombouts/pdnsd.html
51 [10] http://www.mulliner.org/collin/ttdnsd.php
52 [11] https://gitweb.torproject.org/ioerror/ttdnsd.git
57a1cab @darkk Some more comments regarding DNS via TCP.
authored
53
54
a1f4ccd @darkk Added README and better configuration example.
authored
55 Features
56 ========
57
58 Redirect any TCP connection to SOCKS4, SOCKS5 or HTTPS (HTTP/CONNECT)
59 proxy server.
60
f005959 @bjin update README file
bjin authored
61 Login/password authentication is supported for SOCKS5/HTTPS connections.
62 SOCKS4 supports only username, password is ignored. for HTTPS, currently
63 only Basic and Digest scheme is supported.
a1f4ccd @darkk Added README and better configuration example.
authored
64
2985413 @darkk README: comment about UDP via OpenSSH & README.html
authored
65 Redirect UDP packets via SOCKS5 proxy server. NB: UDP still goes via UDP, so
66 you can't relay UDP via OpenSSH.
a1f4ccd @darkk Added README and better configuration example.
authored
67
57a1cab @darkk Some more comments regarding DNS via TCP.
authored
68 Sends "truncated reply" as an answer to UDP DNS queries.
69
a1f4ccd @darkk Added README and better configuration example.
authored
70 Redirect any HTTP connection to proxy that does not support transparent
71 proxying (e.g. old SQUID had broken `acl myport' for such connections).
72
73
74 License
75 =======
76
79e22a6 @darkk Change license to Apache 2.0 to ensure compatibility with android stack.
authored
77 All source code is licensed under Apache 2.0 license.
78 You can get a copy at http://www.apache.org/licenses/LICENSE-2.0.html
a1f4ccd @darkk Added README and better configuration example.
authored
79
80
81 Compilation
82 ===========
83
7cc7145 @darkk Added link to transocks_ev.
authored
84 libevent[5] is required.
a1f4ccd @darkk Added README and better configuration example.
authored
85
f005959 @bjin update README file
bjin authored
86 gcc and clang are supported right now, other compilers can be used
a1f4ccd @darkk Added README and better configuration example.
authored
87 but may require some code changes.
88
89 Compilation is as easy as running `make', there is no `./configure' magic.
90
91 GNU Make works, other implementations of make were not tested.
92
2985413 @darkk README: comment about UDP via OpenSSH & README.html
authored
93 [5] http://libevent.org/ || http://www.monkey.org/~provos/libevent/
a1f4ccd @darkk Added README and better configuration example.
authored
94
95
96 Running
97 =======
98
2985413 @darkk README: comment about UDP via OpenSSH & README.html
authored
99 Program has following command-line options:
a1f4ccd @darkk Added README and better configuration example.
authored
100 -c sets proper path to config file ("./redsocks.conf" is default one)
101 -t tests config file syntax
f005959 @bjin update README file
bjin authored
102 -p set a file to write the getpid() into
a1f4ccd @darkk Added README and better configuration example.
authored
103
104 Following signals are understood:
105 SIGUSR1 dumps list of connected clients to log
106 SIGTERM and SIGINT terminates daemon, all active connections are closed
107
108 You can see configuration file example in redsocks.conf.example
109
110
111 iptables example
112 ================
113
114 You have to build iptables with connection tracking and REDIRECT target.
115
116 # Create new chain
117 iptables -t nat -N REDSOCKS
118
119 # Ignore LANs and some other reserved addresses.
120 iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
121 iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
122 iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
123 iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
124 iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
125 iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
126 iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
127 iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
128
129 # Anything else should be redirected to port 12345
130 iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
131
132 # Any tcp connection made by `darkk' should be redirected.
133 iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner darkk -j REDSOCKS
134
135
136 Homepage
137 ========
138
139 http://darkk.net.ru/redsocks/
140
ec61ed1 @darkk Hey, redsocks has its own mailing list now :)
authored
141 Mailing list: redsocks@librelist.com
142
2985413 @darkk README: comment about UDP via OpenSSH & README.html
authored
143 Mailing list also has archives[1].
144
145 [1] http://librelist.com/browser/redsocks/
146
a1f4ccd @darkk Added README and better configuration example.
authored
147
148 TODO
149 ====
150
151 Test OpenBSD (pf) and FreeBSD (ipfw) and write setup examples for those
152 firewall types.
153
154
155 Author
156 ======
157 This program was written by Leonid Evdokimov <leon@darkk.net.ru>
Something went wrong with that request. Please try again.