Windows下的有:
前者比较好用,可控规则较多。我正在使用。
Linux下的有:
proxychain功能较多,支持多个代理轮询等;redsocks据说支持android;tsocks配置简单。
proxychains教程
假设代理为127.0.0.1,端口为7070。我在Ubuntu下安装。
安装很简单:
sudo apt-get install proxychains
配置:
sudo vi /etc/proxychains.conf
把最后的“[ProxyList]”部分配置为自己的代理即可:
socks4 127.0.0.1 7070
使用方法:
proxychains <程序名>
即可让程序使用代理。
redsocks教程
严格意义上来说,proxychains不算自动的全局代理,有没有像Proxifier这样,开了之后自动让所有启动的程序都走系统代理呢?答案就是redsocks。
首先安装Ubuntu编译环境和必要的库:
sudo apt-get install autoconf automake libtool libevent-dev g++
下载源代码,然后编译安装:
./mkauto.sh
cp redsocks /usr/local/bin/
配置文件为:
base {
// debug: connection progress & client list on SIGUSR1
log_debug = off;// info: start and end of client session
log_info = off;/* possible `log’ values are:
* stderr
* file:/path/to/file
* syslog:FACILITY facility is any of “daemon”, “local0”…“local7”
*/
log = “file:/dev/null”;
// log = stderr;
// log = “file:/path/to/file”;
// log = “syslog:local7”;// detach from console
daemon = on;/* Change uid, gid and root directory, these options require root
* privilegies on startup.
* Note, your chroot may requre /etc/localtime if you write log to syslog.
* Log is opened before chroot & uid changing.
*/
// user = nobody;
// group = nobody;
// chroot = “/var/chroot”;/* possible `redirector’ values are:
* iptables - for Linux
* ipf - for FreeBSD
* pf - for OpenBSD
* generic - some generic redirector that MAY work
*/
redirector = iptables;
}redsocks {
/*local_ip' defaults to 127.0.0.1 for security reasons, * use 0.0.0.0 if you want to listen on every interface. *
local_*’ are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 12345;//
ip' and
port’ are IP and tcp-port of proxy-server
ip = 127.0.0.1;
port = 7070;// known types: socks4, socks5, http-connect, http-relay
type = socks5;// login = “foobar”;
// password = “baz”;
}redudp {
// `local_ip’ should not be 0.0.0.0 as it’s also used for outgoing
// packets that are sent as replies - and it should be fixed
// if we want NAT to work properly.
local_ip = 127.0.0.1;
local_port = 10053;//
ip' and
port’ of socks5 proxy server.
ip = 10.0.0.1;
port = 1080;
login = username;
password = pazzw0rd;// kernel does not give us this information, so we have to duplicate it
// in both iptables rules and configuration file. By the way, you can
// set `local_ip’ to 127.45.67.89 if you need more than 65535 ports to
// forward ;-)
// This limitation may be relaxed in future versions using contrack-tools.
dest_ip = 8.8.8.8;
dest_port = 53;udp_timeout = 30;
udp_timeout_stream = 180;
}dnstc {
// fake and really dumb DNS server that returns “truncated answer” to
// every query via UDP, RFC-compliant resolver should repeat same query
// via TCP in this case.
local_ip = 127.0.0.1;
local_port = 5300;
}// you can add more
redsocks' and
redudp’ sections if you need.
这里的配置没有配置udp的代理部分,只是配置了tcp即redsocks部分。监听端口是12345。日志关闭了,因为好像我下载的当前版本无论怎么样都产生一堆调试日志,不知道以后会不会修复这点。
启动关闭脚本redsocks.sh为(via):
#! /bin/bash
SSHHOST=creke
SSHPORT=22
SSHUSR=creke
SSHPWD=crekeSSHDAEMON=/usr/local/bin/plink
SSHPIDFILE=/var/run/sshtunnel.pidstart_ssh()
{
echo “Start SSH Tunnel Daemon: ”
start-stop-daemon -b -q -m -p $SSHPIDFILE –exec $SSHDAEMON -S \
– -N -D 127.0.0.1:7070 -P $SSHPORT -pw $SSHPWD $SSHUSR@$SSHHOST
echo “SSH Tunnel Daemon Started.”
}stop_ssh()
{
#ps aux|grep “ssh -NfD 1234”|awk ‘{print $2}’|xargs kill
if [ -f $SSHPIDFILE ]; then
PID=$(cat $SSHPIDFILE)
kill $PID
while [ -d /proc/$PID ];
do
sleep 1
done
fi
rm -rf $SSHPIDFILE
echo “SSH Tunnel Daemon Stoped.”
}case “$1” in
start)
start_ssh
cd /usr/local/redsocks
if [ -e redsocks.log ] ; then
rm redsocks.log
fi
./redsocks -p /usr/local/redsocks/redsocks.pid #set daemon = on in config file
# start redirection
# iptables -t nat -A OUTPUT -p tcp –dport 80 -j REDIRECT –to 12345
# iptables -t nat -A OUTPUT -p tcp –dport 443 -j REDIRECT –to 12345
# Create new chain
iptables -t nat -N REDSOCKS# Ignore LANs and some other reserved addresses. iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN # Anything else should be redirected to port 12345 iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345 # Any tcp connection should be redirected. iptables -t nat -A OUTPUT -p tcp -j REDSOCKS ;;
stop)
stop_ssh
cd /usr/local/redsocks
if [ -e redsocks.pid ]; then
killcat redsocks.pid
rm redsocks.pid
else
echo already killed, anyway, I will try killall
killall -9 redsocks
fi
# stop redirection
iptables -t nat -F OUTPUT
iptables -t nat -F REDSOCKS
iptables -t nat -X REDSOCKS
;;start_ssh)
start_ssh
;;stop_ssh)
stop_ssh
;;clean_dns)
# iptables -A INPUT -p udp –sport 53 -m state –state ESTABLISHED -m you-know-who -j DROP -m comment –comment “drop you-know-who dns hijacks”
echo this function not finished
;;*)
echo “Usage: redsocks start|stop|start_ssh|stop_ssh|clean_dns” >&2
exit 3
;;
esac
iptables的规则是让所有的TCP包都发送到redsocks监听的端口12345。本脚本还整合了ssh的daemon启动,使用start-stop-daemon来实现。
启动和关闭:
将启动关闭脚本中的开头的几个变量配置好
启动命令:sudo ./redsocks.sh start
关闭命令:sudo ./redsocks.sh stop