github.com/cybozu-go/transocks
transocks is a background service to redirect TCP connections transparently to a SOCKS5 server or a HTTP proxy server like Squid.
Currently, transocks supports only Linux iptables with DNAT/REDIRECT target.
IPv4 and IPv6
Both IPv4 and IPv6 are supported.
Note that nf_conntrack_ipv4 or nf_conntrack_ipv6 kernel modules
must be loaded beforehand.
SOCKS5 and HTTP proxy (CONNECT)
We recommend using SOCKS5 server if available. Take a look at our SOCKS server usocksd if you are looking for.
HTTP proxies often prohibits CONNECT method to make connections to ports other than 443. Make sure your HTTP proxy allows CONNECT to the ports you want.
Graceful stop & restart
Library and executable
transocks comes with a handy executable. You may use the library to create your own.
Use Go 1.7 or better.
go get -u github.com/cybozu-go/transocks/...
transocks [-h] [-f CONFIG]
The default configuration file path is /etc/transocks.toml.
In addition, transocks implements the common spec from cybozu-go/cmd.
transocks does not have daemon mode. Use systemd to run it as a background service.
transocks.toml is a TOML file.
proxy_url is mandatory. Other items are optional.
# listening address of transocks.
listen = "localhost:1081" # default is "localhost:1081"
proxy_url = "socks5://10.20.30.40:1080" # for SOCKS5 server
#proxy_url = "http://10.20.30.40:3128" # for HTTP proxy server
[log]
filename = "/path/to/file" # default to stderr
level = "info" # critical", error, warning, info, debug
format = "json" # plain, logfmt, json
Use DNAT or REDIRECT target in OUTPUT chain of the nat table.
Save the following example to a file, then execute:
sudo iptables-restore < FILE
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:TRANSOCKS - [0:0]
-A OUTPUT -p tcp -j TRANSOCKS
-A TRANSOCKS -d 0.0.0.0/8 -j RETURN
-A TRANSOCKS -d 10.0.0.0/8 -j RETURN
-A TRANSOCKS -d 127.0.0.0/8 -j RETURN
-A TRANSOCKS -d 169.254.0.0/16 -j RETURN
-A TRANSOCKS -d 172.16.0.0/12 -j RETURN
-A TRANSOCKS -d 192.168.0.0/16 -j RETURN
-A TRANSOCKS -d 224.0.0.0/4 -j RETURN
-A TRANSOCKS -d 240.0.0.0/4 -j RETURN
-A TRANSOCKS -p tcp -j REDIRECT --to-ports 1081
COMMIT
Use ip6tables to redirect IPv6 connections.
Read the documentation.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.