redsock2 可以把一些不支持透明代理的代理服务器重定向一下,这样可以实现透明代理了
redsock2安装很简单直接make就可以了,
ubuntu需要
apt-get intsll libevent-2.0-5 libssl-dev
安装完成后,直接把 redsocks2 复制到相关目录即可。
我这用它做网关, 然后测试了一下,http 和 https 不能一起走,要分开
#http.conf
base {
log_debug = off;
log_info = off;
daemon = on;
redirector= iptables;
}
redsocks {
local_ip = 192.168.1.1;
local_port = 1080; #https.conf 用的 1081
ip = 192.168.1.1;
port = 8787;
type = http-relay; #https.conf 用的 http-connect
timeout = 12;
autoproxy = 1;
}
autoproxy {
no_quick_check_seconds = 0;
}
ipcache {
cache_size = 4;
cache_file = "/home/user/conf/cache.http";
stale_time = 7200;
autosave_interval = 3600;
port_check = 1;
}另外网关还做了DNAT用了这个后发现没办法开放端口了。然后再添加一个配置
direct.conf
base {
log_debug = off;
log_info = off;
daemon = on;
redirector= iptables;
}
redsocks {
local_ip = 192.168.1.1;
local_port = 1090;
interface = eth0;
type = direct;
timeout = 1;
autoproxy = 0; #这里就关闭自动代理了,这里的IP都是直接放行的.
}相关iptables 设置
#!/bin/bash iptables-restore</etc/network/iptables.up.rules iptables -t nat -N RSHTTPS iptables -t nat -A RSHTTPS -o lo -j RETURN iptables -t nat -A RSHTTPS -d 0.0.0.0/8 -j RETURN iptables -t nat -A RSHTTPS -d 10.0.0.0/8 -j RETURN iptables -t nat -A RSHTTPS -d 127.0.0.0/8 -j RETURN iptables -t nat -A RSHTTPS -d 169.254.0.0/16 -j RETURN iptables -t nat -A RSHTTPS -d 172.16.0.0/12 -j RETURN iptables -t nat -A RSHTTPS -d 172.17.0.0/12 -j RETURN iptables -t nat -A RSHTTPS -d 192.168.0.0/16 -j RETURN iptables -t nat -A RSHTTPS -d 224.0.0.0/4 -j RETURN iptables -t nat -A RSHTTPS -d 240.0.0.0/4 -j RETURN iptables -t nat -A RSHTTPS -p tcp -j REDIRECT --to-port 1081 iptables -t nat -I PREROUTING -p tcp --dport 443 -j RSHTTPS #iptables -t nat -I PREROUTING -p udp -j RSHTTPS iptables -t nat -N RSHTTP iptables -t nat -A RSHTTP -o lo -j RETURN iptables -t nat -A RSHTTP -d 0.0.0.0/8 -j RETURN iptables -t nat -A RSHTTP -d 10.0.0.0/8 -j RETURN iptables -t nat -A RSHTTP -d 127.0.0.0/8 -j RETURN iptables -t nat -A RSHTTP -d 169.254.0.0/16 -j RETURN iptables -t nat -A RSHTTP -d 172.16.0.0/12 -j RETURN iptables -t nat -A RSHTTP -d 172.17.0.0/12 -j RETURN iptables -t nat -A RSHTTP -d 192.168.0.0/16 -j RETURN iptables -t nat -A RSHTTP -d 224.0.0.0/4 -j RETURN iptables -t nat -A RSHTTP -d 240.0.0.0/4 -j RETURN iptables -t nat -A RSHTTP -p tcp -j REDIRECT --to-port 1080 iptables -t nat -I PREROUTING -p tcp --dport 80 -j RSHTTP iptables -t nat -N RSDIRECT iptables -t nat -A RSDIRECT -p tcp -j REDIRECT --to-port 1090 iptables -t nat -I PREROUTING -p tcp -d 208.67.220.220 -j RSDIRECT #下面这条不添加,外网没办法连接到内网的相关IP iptables -t nat -I PREROUTING -p tcp -s 192.168.1.12 --sport 3389 -j RSDIRECT pkill redsocks2 redsocks2 -c /home/user/conf/http.conf redsocks2 -c /home/user/conf/https.conf redsocks2 -c /home/user/conf/direct.conf
原文地址:http://abian.blog.51cto.com/751059/1787673
