LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11221 Commits
1 Branch
46 MiB
Tree: f1acc00ce9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f1acc00ce9'
${ noResults }
openwrt-packages-dist/net/redsocks/files/redsocks.conf

108 lines
3.1 KiB
Raw Normal View History

redsocks: add new package Redsocks is a daemon running on the local system, that will transparently tunnel any TCP connection via a remote SOCKS4, SOCKS5 or HTTP proxy server. It uses the system firewall's redirection facility to intercept TCP connections, thus the redirection is system-wide, with fine-grained control, and does not depend on LD_PRELOAD libraries. Signed-off-by: Johannes Morgenroth <jm@m-network.de>
10 years ago
 
  1. base {
  2. 	// debug: connection progress & client list on SIGUSR1
  3. 	log_debug = off;
  4. 

  5. 	// info: start and end of client session
  6. 	log_info = on;
  7. 

  8. 	/* possible `log' values are:
  9. 	 *   stderr
  10. 	 *   "file:/path/to/file"
  11. 	 *   syslog:FACILITY  facility is any of "daemon", "local0"..."local7"
  12. 	 */
  13. 	// log = stderr;
  14. 	// log = "file:/path/to/file";
  15. 	log = "syslog:local7";
  16. 

  17. 	// detach from console
  18. 	daemon = on;
  19. 

  20. 	/* Change uid, gid and root directory, these options require root
  21. 	 * privilegies on startup.
  22. 	 * Note, your chroot may requre /etc/localtime if you write log to syslog.
  23. 	 * Log is opened before chroot & uid changing.
  24. 	 */
  25. 	// user = nobody;
  26. 	// group = nobody;
  27. 	// chroot = "/var/chroot";
  28. 

  29. 	/* possible `redirector' values are:
  30. 	 *   iptables   - for Linux
  31. 	 *   ipf        - for FreeBSD
  32. 	 *   pf         - for OpenBSD
  33. 	 *   generic    - some generic redirector that MAY work
  34. 	 */
  35. 	redirector = iptables;
  36. }
  37. 

  38. redsocks {
  39. 	/* `local_ip' defaults to 127.0.0.1 for security reasons,
  40. 	 * use 0.0.0.0 if you want to listen on every interface.
  41. 	 * `local_*' are used as port to redirect to.
  42. 	 */
  43. 	local_ip = 127.0.0.1;
  44. 	local_port = 12345;
  45. 

  46. 	// listen() queue length. Default value is SOMAXCONN and it should be
  47. 	// good enough for most of us.
  48. 	// listenq = 128; // SOMAXCONN equals 128 on my Linux box.
  49. 

  50. 	// `max_accept_backoff` is a delay to retry `accept()` after accept
  51. 	// failure (e.g. due to lack of file descriptors). It's measured in
  52. 	// milliseconds and maximal value is 65535. `min_accept_backoff` is
  53. 	// used as initial backoff value and as a damper for `accept() after
  54. 	// close()` logic.
  55. 	// min_accept_backoff = 100;
  56. 	// max_accept_backoff = 60000;
  57. 

  58. 	// `ip' and `port' are IP and tcp-port of proxy-server
  59. 	// You can also use hostname instead of IP, only one (random)
  60. 	// address of multihomed host will be used.
  61. 	ip = example.org;
  62. 	port = 1080;
  63. 

  64. 

  65. 	// known types: socks4, socks5, http-connect, http-relay
  66. 	type = socks5;
  67. 

  68. 	// login = "foobar";
  69. 	// password = "baz";
  70. }
  71. 

  72. redudp {
  73. 	// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
  74. 	// packets that are sent as replies - and it should be fixed
  75. 	// if we want NAT to work properly.
  76. 	local_ip = 127.0.0.1;
  77. 	local_port = 10053;
  78. 

  79. 	// `ip' and `port' of socks5 proxy server.
  80. 	ip = 10.0.0.1;
  81. 	port = 1080;
  82. 	login = username;
  83. 	password = pazzw0rd;
  84. 

  85. 	// redsocks knows about two options while redirecting UDP packets at
  86. 	// linux: TPROXY and REDIRECT.  TPROXY requires more complex routing
  87. 	// configuration and fresh kernel (>= 2.6.37 according to squid
  88. 	// developers[1]) but has hack-free way to get original destination
  89. 	// address, REDIRECT is easier to configure, but requires `dest_ip` and
  90. 	// `dest_port` to be set, limiting packet redirection to single
  91. 	// destination.
  92. 	// [1] http://wiki.squid-cache.org/Features/Tproxy4
  93. 	dest_ip = 8.8.8.8;
  94. 	dest_port = 53;
  95. 

  96. 	udp_timeout = 30;
  97. 	udp_timeout_stream = 180;
  98. }
  99. 

  100. dnstc {
  101. 	// fake and really dumb DNS server that returns "truncated answer" to
  102. 	// every query via UDP, RFC-compliant resolver should repeat same query
  103. 	// via TCP in this case.
  104. 	local_ip = 127.0.0.1;
  105. 	local_port = 5300;
  106. }
  107. 

  108. // you can add more `redsocks' and `redudp' sections if you need.