CentOS ss-redir 全局代理


==shadowsocks-libev-3.1.2 支持通过 ss-redir来远程解析dns。==

rpm源安装
wget https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/epel-7/librehat-shadowsocks-epel-7.repo -P /etc/yum.repos.d/
rpm库文件内容
[librehat-shadowsocks]
name=Copr repo for shadowsocks owned by librehat
baseurl=https://copr-be.cloud.fedoraproject.org/results/librehat/shadowsocks/epel-7-$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/librehat/shadowsocks/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1
安装
yum install shadowsocks-libev.x86_64 -y
service shadowsocks-libev stop;chkconfig shadowsocks-libev off
配置
SIP=204.128.62.137
ss-redir -s $SIP -p 2627 -m chacha20 -k blizzmi.us -u -b 127.0.0.1 -l 1080 -t 120 -f /var/run/ss-redir.pid --fast-open -v

iptables -t nat -N SS
iptables -t nat -A OUTPUT -p tcp -j SS
iptables -t nat -A SS -d 127.0.0.1/8 -j RETURN
iptables -t nat -A SS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SS -d 172.16.0.0/16 -j RETURN
iptables -t nat -A SS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SS -d $SIP/32 -j RETURN
iptables -t nat -A SS -p tcp -j REDIRECT --to-ports 1080

curl ip.cn

卸载:
chkconfig shadowsocks off
iptables -t nat -D OUTPUT -p tcp -j SS
iptables -t nat -F SS
iptables -t nat -X SS
pkill -9 ss-redir

做网关使用的翻墙规则:(net.ipv4.ip_forward = 1)
# Generated by iptables-save v1.4.21 on Tue Dec  5 17:03:49 2017
*nat
:PREROUTING ACCEPT [24:2317]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [11:642]
:POSTROUTING ACCEPT [21:1795]
:SS - [0:0]
-A PREROUTING -p tcp -j SS
-A SS -d 127.0.0.0/8 -j RETURN
-A SS -d 192.168.0.0/16 -j RETURN
-A SS -d 204.128.62.137/32 -j RETURN
-A SS -s 192.168.200.100/32 -p tcp -j REDIRECT --to-ports 1080
COMMIT
# Completed on Tue Dec  5 17:03:49 2017
# Generated by iptables-save v1.4.21 on Tue Dec  5 17:03:49 2017
*filter
:INPUT ACCEPT [6349:12833881]
:FORWARD ACCEPT [59:17418]
:OUTPUT ACCEPT [5370:450257]
COMMIT
# Completed on Tue Dec  5 17:03:49 2017