Permalink
Cannot retrieve contributors at this time
base { | |
// debug: connection progress | |
log_debug = off; | |
// info: start and end of client session | |
log_info = on; | |
/* possible `log' values are: | |
* stderr | |
* "file:/path/to/file" | |
* syslog:FACILITY facility is any of "daemon", "local0"..."local7" | |
*/ | |
log = stderr; | |
// log = "file:/path/to/file"; | |
// log = "syslog:local7"; | |
// detach from console | |
daemon = off; | |
/* Change uid, gid and root directory, these options require root | |
* privilegies on startup. | |
* Note, your chroot may requre /etc/localtime if you write log to syslog. | |
* Log is opened before chroot & uid changing. | |
* Debian, Ubuntu and some other distributions use `nogroup` instead of | |
* `nobody`, so change it according to your system if you want redsocks | |
* to drop root privileges. | |
*/ | |
// user = nobody; | |
// group = nobody; | |
// chroot = "/var/chroot"; | |
/* possible `redirector' values are: | |
* iptables - for Linux | |
* ipf - for FreeBSD | |
* pf - for OpenBSD | |
* generic - some generic redirector that MAY work | |
*/ | |
redirector = iptables; | |
/* Override per-socket values for TCP_KEEPIDLE, TCP_KEEPCNT, | |
* and TCP_KEEPINTVL. see man 7 tcp for details. | |
* `redsocks' relies on SO_KEEPALIVE option heavily. */ | |
//tcp_keepalive_time = 0; | |
//tcp_keepalive_probes = 0; | |
//tcp_keepalive_intvl = 0; | |
// Every `redsocks` connection needs two file descriptors for sockets. | |
// If `splice` is enabled, it also needs four file descriptors for | |
// pipes. `redudp` is not accounted at the moment. When max number of | |
// connection is reached, redsocks tries to close idle connections. If | |
// there are no idle connections, it stops accept()'ing new | |
// connections, although kernel continues to fill listenq. | |
// Set maximum number of open file descriptors (also known as `ulimit -n`). | |
// 0 -- do not modify startup limit (default) | |
// rlimit_nofile = 0; | |
// Set maximum number of served connections. Default is to deduce safe | |
// limit from `splice` setting and RLIMIT_NOFILE. | |
// redsocks_conn_max = 0; | |
// Close connections idle for N seconds when/if connection count | |
// limit is hit. | |
// 0 -- do not close idle connections | |
// 7440 -- 2 hours 4 minutes, see RFC 5382 (default) | |
// connpres_idle_timeout = 7440; | |
// `max_accept_backoff` is a delay in milliseconds to retry `accept()` | |
// after failure (e.g. due to lack of file descriptors). It's just a | |
// safety net for misconfigured `redsocks_conn_max`, you should tune | |
// redsocks_conn_max if accept backoff happens. | |
// max_accept_backoff = 60000; | |
} | |
redsocks { | |
/* `local_ip' defaults to 127.0.0.1 for security reasons, | |
* use 0.0.0.0 if you want to listen on every interface. | |
* `local_*' are used as port to redirect to. | |
*/ | |
local_ip = 127.0.0.1; | |
local_port = 12345; | |
// listen() queue length. Default value is SOMAXCONN and it should be | |
// good enough for most of us. | |
// listenq = 128; // SOMAXCONN equals 128 on my Linux box. | |
// Enable or disable faster data pump based on splice(2) syscall. | |
// Default value depends on your kernel version, true for 2.6.27.13+ | |
// splice = false; | |
// `ip' and `port' are IP and tcp-port of proxy-server | |
// You can also use hostname instead of IP, only one (random) | |
// address of multihomed host will be used. | |
ip = example.org; | |
port = 1080; | |
// known types: socks4, socks5, http-connect, http-relay | |
type = socks5; | |
// login = "foobar"; | |
// password = "baz"; | |
// known ways to disclose client IP to the proxy: | |
// false -- disclose nothing | |
// http-connect supports: | |
// X-Forwarded-For -- X-Forwarded-For: IP | |
// Forwarded_ip -- Forwarded: for=IP # see RFC7239 | |
// Forwarded_ipport -- Forwarded: for="IP:port" # see RFC7239 | |
// disclose_src = false; | |
// various ways to handle proxy failure | |
// close -- just close connection (default) | |
// forward_http_err -- forward HTTP error page from proxy as-is | |
// on_proxy_fail = close; | |
} | |
redudp { | |
// `local_ip' should not be 0.0.0.0 as it's also used for outgoing | |
// packets that are sent as replies - and it should be fixed | |
// if we want NAT to work properly. | |
local_ip = 127.0.0.1; | |
local_port = 10053; | |
// `ip' and `port' of socks5 proxy server. | |
ip = 10.0.0.1; | |
port = 1080; | |
login = username; | |
password = pazzw0rd; | |
// redsocks knows about two options while redirecting UDP packets at | |
// linux: TPROXY and REDIRECT. TPROXY requires more complex routing | |
// configuration and fresh kernel (>= 2.6.37 according to squid | |
// developers[1]) but has hack-free way to get original destination | |
// address, REDIRECT is easier to configure, but requires `dest_ip` and | |
// `dest_port` to be set, limiting packet redirection to single | |
// destination. | |
// [1] http://wiki.squid-cache.org/Features/Tproxy4 | |
dest_ip = 8.8.8.8; | |
dest_port = 53; | |
udp_timeout = 30; | |
udp_timeout_stream = 180; | |
} | |
dnstc { | |
// fake and really dumb DNS server that returns "truncated answer" to | |
// every query via UDP, RFC-compliant resolver should repeat same query | |
// via TCP in this case. | |
local_ip = 127.0.0.1; | |
local_port = 5300; | |
} | |
dnsu2t { | |
// fake and a bit less dumb DNS server that converts several UDP | |
// queries into single pipelined TCP stream of DNS queries. | |
local_ip = 127.0.0.1; | |
local_port = 5313; | |
// See https://en.wikipedia.org/wiki/Public_recursive_name_server | |
// NB: TCP connection to this ${ip}:${port} is not passed through | |
// proxy, configure your firewall rules if you want that. | |
remote_ip = 8.8.8.8; | |
remote_port = 53; | |
// Maximum amount of concurrent in-flight DNS queries sent to remote server. | |
// Some public DNS servers seem to limit it and terminate connections | |
// with high count of in-flight requests, so it's trade-off between | |
// request latency and availability. In-flight requests are not cached, | |
// so they're lost in case of DNS/TCP connection termination. | |
// inflight_max = 16; | |
// I/O timeout of remote endpoint. Default value is quite conservative and | |
// corresponds to the highest timeout among public servers from Wikipedia. | |
// remote_timeout = 30; | |
} | |
// you can add more `redsocks' and `redudp' sections if you need. |