在 ubuntu 16.04 中使用 redsocks 时遇到 iptables 中的端口转发问题

tag-icon tag-icon iptables firewall ufw
在 ubuntu 16.04 中使用 redsocks 时遇到 iptables 中的端口转发问题

你好,我正在尝试在 ubuntu 16.04 中使用 redsocks,使用的配置与 debian、opensuse 和旧版 ubuntu 发行版相同。但似乎使用 ufw 后,iptable 规则就停止工作了,在 ubuntu 16.04 上也不再起作用了

红袜

base {
  log_debug = on;
  log_info = on;
  log = "/var/log/resocks.log";
  log = "syslog:daemon";
  daemon = on;
  user = redsocks;
  group = redsocks;
  redirector = iptables;
}

redsocks {

         /* `local_ip' defaults to 127.0.0.1 for security reasons,
          * use 0.0.0.0 if you want to listen on every interface.
          * `local_*' are used as port to redirect to.
          */

         local_ip = 127.0.0.1;
         local_port = 5123;

         // `ip' and `port' are IP and tcp-port of proxy-server
         ip = proxy;
         port = 3128;

         // known types: socks4, socks5, http-connect, http-relay
         type = http-relay;

         login = "user";
         password = "pass";
}

redsocks {

         /* `local_ip' defaults to 127.0.0.1 for security reasons,
          * use 0.0.0.0 if you want to listen on every interface.
          * `local_*' are used as port to redirect to.
          */

         local_ip = 127.0.0.1;
         local_port = 5124;

         // `ip' and `port' are IP and tcp-port of proxy-server
         ip = proxy;
         port = 3128;

         // known types: socks4, socks5, http-connect, http-relay
         type = http-connect;

         login = "user";
         password = "pass";
}

redsocks {

         /* `local_ip' defaults to 127.0.0.1 for security reasons,
          * use 0.0.0.0 if you want to listen on every interface.
          * `local_*' are used as port to redirect to.
          */

         local_ip = 127.0.0.1;
         local_port = 5125;

         // `ip' and `port' are IP and tcp-port of proxy-server
         ip = proxy;
         port = 3128;

         // known types: socks4, socks5, http-connect, http-relay
         type = socks5;

         login = "user";
         password = "pass";
}

规则.v4

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A OUTPUT -d 10.0.0.0/8 -j RETURN
-A OUTPUT -d 127.0.0.0/8 -j RETURN
-A OUTPUT -d 192.168.0.0/16 -j RETURN

-A OUTPUT -o eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:5123
-A OUTPUT -o eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 127.0.0.1:5124
-A OUTPUT -o eth0 -p tcp -m tcp --dport 465 -j DNAT --to-destination 127.0.0.1:5124
-A OUTPUT -o eth0 -p tcp -m tcp --dport 993 -j DNAT --to-destination 127.0.0.1:5124
-A OUTPUT -o eth0 -p tcp -m tcp --dport 995 -j DNAT --to-destination 127.0.0.1:5124
-A OUTPUT -o eth0 -p tcp -m tcp --dport 5222 -j DNAT --to-destination 127.0.0.1:5124

COMMIT

相关内容