你好,我正在尝试在 ubuntu 16.04 中使用 redsocks,使用的配置与 debian、opensuse 和旧版 ubuntu 发行版相同。但似乎使用 ufw 后,iptable 规则就停止工作了,在 ubuntu 16.04 上也不再起作用了
红袜
base {
log_debug = on;
log_info = on;
log = "/var/log/resocks.log";
log = "syslog:daemon";
daemon = on;
user = redsocks;
group = redsocks;
redirector = iptables;
}
redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 5123;
// `ip' and `port' are IP and tcp-port of proxy-server
ip = proxy;
port = 3128;
// known types: socks4, socks5, http-connect, http-relay
type = http-relay;
login = "user";
password = "pass";
}
redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 5124;
// `ip' and `port' are IP and tcp-port of proxy-server
ip = proxy;
port = 3128;
// known types: socks4, socks5, http-connect, http-relay
type = http-connect;
login = "user";
password = "pass";
}
redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 5125;
// `ip' and `port' are IP and tcp-port of proxy-server
ip = proxy;
port = 3128;
// known types: socks4, socks5, http-connect, http-relay
type = socks5;
login = "user";
password = "pass";
}
规则.v4
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A OUTPUT -d 10.0.0.0/8 -j RETURN
-A OUTPUT -d 127.0.0.0/8 -j RETURN
-A OUTPUT -d 192.168.0.0/16 -j RETURN
-A OUTPUT -o eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:5123
-A OUTPUT -o eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 127.0.0.1:5124
-A OUTPUT -o eth0 -p tcp -m tcp --dport 465 -j DNAT --to-destination 127.0.0.1:5124
-A OUTPUT -o eth0 -p tcp -m tcp --dport 993 -j DNAT --to-destination 127.0.0.1:5124
-A OUTPUT -o eth0 -p tcp -m tcp --dport 995 -j DNAT --to-destination 127.0.0.1:5124
-A OUTPUT -o eth0 -p tcp -m tcp --dport 5222 -j DNAT --to-destination 127.0.0.1:5124
COMMIT