Skip to content
A transparent TCP to SOCKSv5/HTTP proxy on Linux written in Rust.
Branch: master
Clone or download
Latest commit 39d28c0 Jul 30, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
conf Update systemd service to support reload Dec 16, 2018
src Fix wrong original IPv6 port number Jul 12, 2019
.gitignore Initial commit Jun 21, 2017
Cargo.lock Bump version Jul 30, 2019
Cargo.toml Bump version Jul 30, 2019
LICENSE Add LICENSE Dec 20, 2017 Mention curl & nft on readme Jul 10, 2019


A transparent TCP to SOCKSv5/HTTP proxy on Linux written in Rust.


  • Transparent TCP proxy with iptables -j REDIRECT
  • Support multiple SOCKSv5/HTTP backend proxy servers
  • SOCKS/HTTP-layer alive & latency probe
  • Prioritize backend servers according to latency
  • Full IPv6 support
  • Optional remote DNS resolving for TLS with SNI
  • Optional try-in-parallel for TLS (try multiple proxies and choose the one first response)
  • Optional status web page (latency, traffic, etc. w/ curl-friendly output)
  • Optional Graphite support (to build fancy dashborad with Grafana for example)
+------+  TCP  +----------+       SOCKSv5   +---------+
| Apps +------>+ iptables |    +------------> Proxy 1 |
+------+       +----+-----+    |            +---------+
           redirect |          |
                 to v          |      HTTP  +---------+
               +----+----+     |   +--------> Proxy 2 |
               |         +-----+   |        +---------+
               | moproxy |---------+             :
               |         +------------...        :
               +---------+  choose one  |   +---------+
                I'M HERE                +---> Proxy N |


Print usage

moproxy --help


Assume there are three SOCKSv5 servers on localhost:2001, localhost:2002, and localhost:2003, and two HTTP proxy servers listen on localhost:3128 and Following commands forward all TCP connections that connect to 80 and 443 to these proxy servers.

moproxy --port 2080 --socks5 2001 2002 2003 --http 3128

# redirect local-initiated connections
iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 2080
# redirect connections initiated by other hosts (if you are router)
iptables -t nat -A PREROUTING -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 2080

# or the nft equivalent
nft add rule nat output tcp dport {80, 443} redirect to 2080
nft add rule nat prerouting tcp dport {80, 443} redirect to 2080

Server list file

You may list all proxy servers in a text file to avoid a messy CLI arguments.

test dns= ;use other dns server to caculate delay
score base=5000 ;add 5k to pull away from preferred server.

Pass the file path to moproxy via --list argument.

Signal SIGHUP will tigger the program to reload the list.


You may download the binray executable file on releases page.

Arch Linux user can install it from AUR/moproxy.

Or complie it manually:

# Install Rust
curl -sSf | sh

# Clone source code
git clone
cd moproxy

# Build
cargo build --release
target/release/moproxy --help
You can’t perform that action at this time.