2016-08-31 14:56:12 +07:00
[][releases]
[][godoc]
[](https://travis-ci.org/cybozu-go/transocks)
[](https://goreportcard.com/report/github.com/cybozu-go/transocks)
[](LICENSE)
2016-03-04 07:54:59 +06:00
transocks - a transparent SOCKS5/HTTP proxy
===========================================
**transocks** is a background service to redirect TCP connections
transparently to a SOCKS5 server or a HTTP proxy server like [Squid][].
Currently, transocks supports only Linux iptables with DNAT/REDIRECT target.
Features
--------
* IPv4 and IPv6
Both IPv4 and IPv6 are supported.
Note that `nf_conntrack_ipv4` or `nf_conntrack_ipv6` kernel modules
must be loaded beforehand.
* SOCKS5 and HTTP proxy (CONNECT)
We recommend using SOCKS5 server if available.
2016-08-31 14:56:12 +07:00
Take a look at our SOCKS server [usocksd][] if you are looking for.
2016-03-04 07:54:59 +06:00
HTTP proxies often prohibits CONNECT method to make connections
to ports other than 443. Make sure your HTTP proxy allows CONNECT
to the ports you want.
2016-08-31 14:56:12 +07:00
* Graceful stop & restart
* On SIGINT/SIGTERM, transocks stops gracefully.
* On SIGHUP, transocks restarts gracefully.
2016-03-04 07:54:59 +06:00
* Library and executable
transocks comes with a handy executable.
You may use the library to create your own.
2016-08-31 14:56:12 +07:00
Install
-------
Use Go 1.7 or better.
```
go get -u github.com/cybozu-go/transocks/...
```
2016-03-04 07:54:59 +06:00
Usage
-----
`transocks [-h] [-f CONFIG]`
2016-08-31 14:56:12 +07:00
The default configuration file path is `/etc/transocks.toml` .
2016-03-04 07:54:59 +06:00
2016-08-31 14:56:12 +07:00
In addition, transocks implements [the common spec ](https://github.com/cybozu-go/cmd#specifications ) from [`cybozu-go/cmd` ](https://github.com/cybozu-go/cmd ).
2016-03-04 07:54:59 +06:00
2016-08-31 14:56:12 +07:00
transocks does not have *daemon* mode. Use systemd to run it
2017-08-03 11:21:02 +07:00
as a background service.
2016-03-04 07:54:59 +06:00
Configuration file format
-------------------------
`transocks.toml` is a [TOML][] file.
2017-08-03 11:21:02 +07:00
`proxy_url` is mandatory. Other items are optional.
2016-03-04 07:54:59 +06:00
```
# listening address of transocks.
2016-09-01 21:21:27 +07:00
listen = "localhost:1081" # default is "localhost:1081"
2016-03-04 07:54:59 +06:00
proxy_url = "socks5://10.20.30.40:1080" # for SOCKS5 server
#proxy_url = "http://10.20.30.40:3128" # for HTTP proxy server
2016-08-31 14:56:12 +07:00
[log]
filename = "/path/to/file" # default to stderr
level = "info" # critical", error, warning, info, debug
format = "json" # plain, logfmt, json
2016-03-04 07:54:59 +06:00
```
Redirecting connections by iptables
-----------------------------------
Use DNAT or REDIRECT target in OUTPUT chain of the `nat` table.
Save the following example to a file, then execute:
`sudo iptables-restore < FILE`
```
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:TRANSOCKS - [0:0]
-A OUTPUT -p tcp -j TRANSOCKS
-A TRANSOCKS -d 0.0.0.0/8 -j RETURN
-A TRANSOCKS -d 10.0.0.0/8 -j RETURN
-A TRANSOCKS -d 127.0.0.0/8 -j RETURN
-A TRANSOCKS -d 169.254.0.0/16 -j RETURN
-A TRANSOCKS -d 172.16.0.0/12 -j RETURN
-A TRANSOCKS -d 192.168.0.0/16 -j RETURN
-A TRANSOCKS -d 224.0.0.0/4 -j RETURN
-A TRANSOCKS -d 240.0.0.0/4 -j RETURN
-A TRANSOCKS -p tcp -j REDIRECT --to-ports 1081
COMMIT
```
2016-03-12 13:03:25 +06:00
Use *ip6tables* to redirect IPv6 connections.
2016-03-04 07:54:59 +06:00
Library usage
-------------
Read [the documentation][godoc].
License
-------
[MIT ](https://opensource.org/licenses/MIT )
2016-09-01 16:09:42 +07:00
[releases]: https://github.com/cybozu-go/transocks/releases
2016-03-04 07:54:59 +06:00
[godoc]: https://godoc.org/github.com/cybozu-go/transocks
[Squid]: http://www.squid-cache.org/
2016-03-09 08:28:33 +06:00
[usocksd]: https://github.com/cybozu-go/usocksd
2016-03-04 07:54:59 +06:00
[TOML]: https://github.com/toml-lang/toml
