forked from semigodking/redsocks
-
Notifications
You must be signed in to change notification settings - Fork 5
/
redsocks.conf.example
191 lines (164 loc) · 6.91 KB
/
redsocks.conf.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
base {
// debug: connection progress & client list on SIGUSR1
log_debug = off;
// info: start and end of client session
log_info = on;
/* possible `log' values are:
* stderr
* "file:/path/to/file"
* syslog:FACILITY facility is any of "daemon", "local0"..."local7"
*/
log = stderr;
// log = "file:/path/to/file";
// log = "syslog:local7";
// detach from console
daemon = off;
/* Change uid, gid and root directory, these options require root
* privilegies on startup.
* Note, your chroot may requre /etc/localtime if you write log to syslog.
* Log is opened before chroot & uid changing.
* Debian, Ubuntu and some other distributions use `nogroup` instead of
* `nobody`, so change it according to your system if you want redsocks
* to drop root privileges.
*/
// user = nobody;
// group = nobody;
// chroot = "/var/chroot";
/* possible `redirector' values are:
* iptables - for Linux
* ipf - for FreeBSD
* pf - for OpenBSD
* generic - some generic redirector that MAY work
*/
redirector = iptables;
/* Override per-socket values for TCP_KEEPIDLE, TCP_KEEPCNT,
* and TCP_KEEPINTVL. see man 7 tcp for details.
* `redsocks' relies on SO_KEEPALIVE option heavily. */
//tcp_keepalive_time = 0;
//tcp_keepalive_probes = 0;
//tcp_keepalive_intvl = 0;
/* Enable or disable Linux 3.9+ specific socket option SO_REUSEPORT.
* Some older versions of Linux like CentOS 6.5 (Kernel 2.6.32) also
# support this option.
* Default to off.
*/
reuseport = off;
}
redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 12345;
// listen() queue length. Default value is SOMAXCONN and it should be
// good enough for most of us.
// listenq = 128; // SOMAXCONN equals 128 on my Linux box.
// `max_accept_backoff` is a delay to retry `accept()` after accept
// failure (e.g. due to lack of file descriptors). It's measured in
// milliseconds and maximal value is 65535. `min_accept_backoff` is
// used as initial backoff value and as a damper for `accept() after
// close()` logic.
// min_accept_backoff = 100;
// max_accept_backoff = 60000;
// `ip' and `port' are IP and tcp-port of proxy-server
// You can also use hostname instead of IP, only one (random)
// address of multihomed host will be used.
// The two fields are meaningless when proxy type is 'direct'.
ip = example.org;
port = 1080;
// known types: socks4, socks5, http-connect, http-relay
// New types: direct, shadowsocks, https-connect
type = socks5;
// Specify interface for outgoing connections.
// This is useful when you have multiple connections to
// internet or when you have VPN connections.
// interface = tun0;
// Change this parameter to 1 if you want auto proxy feature.
// When autoproxy is set to non-zero, the connection to target
// will be made directly first. If direct connection to target
// fails for timeout/connection refuse, redsocks will try to
// connect to target via the proxy.
autoproxy = 0;
// timeout is meaningful when 'autoproxy' is non-zero.
// It specified timeout value when trying to connect to destination
// directly. Default is 10 seconds. When it is set to 0, default
// timeout value will be used.
timeout = 10;
// login = "foobar";// field 'login' is reused as encryption
// method of shadowsocks
// password = "baz";
}
redudp {
// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
// packets that are sent as replies - and it should be fixed
// if we want NAT to work properly.
local_ip = 127.0.0.1;
local_port = 10053;
// `ip' and `port' of socks5 proxy server.
ip = 10.0.0.1;
port = 1080;
login = username;// field 'login' is reused as encryption
// method of shadowsocks
password = pazzw0rd;
// know types: socks5, shadowsocks
type = socks5;
// redsocks knows about two options while redirecting UDP packets at
// linux: TPROXY and REDIRECT. TPROXY requires more complex routing
// configuration and fresh kernel (>= 2.6.37 according to squid
// developers[1]) but has hack-free way to get original destination
// address, REDIRECT is easier to configure, but requires `dest_ip` and
// `dest_port` to be set, limiting packet redirection to single
// destination.
// [1] http://wiki.squid-cache.org/Features/Tproxy4
dest_ip = 8.8.8.8;
dest_port = 53;
// Do not set it large if this section is for DNS requests. Otherwise,
// you may encounter out of file descriptor problem. For DNS requests,
// 10s is adequate.
udp_timeout = 30;
// udp_timeout_stream = 180;
}
tcpdns {
// Transform UDP DNS requests into TCP DNS requests.
// You can also redirect connections to external TCP DNS server to
// REDSOCKS transparent proxy via iptables.
local_ip = 192.168.1.1; // Local server to act as DNS server
local_port = 1053; // UDP port to receive UDP DNS requests
tcpdns1 = 8.8.4.4; // DNS server that supports TCP DNS requests
tcpdns1_port = 53; // DNS server port, default 53
tcpdns2 = 8.8.8.8; // DNS server that supports TCP DNS requests
tcpdns2_port = 53; // DNS server port, default 53
timeout = 4; // Timeout value for TCP DNS requests
}
autoproxy {
// Specify interface for outgoing connections.
// This is useful when you have multiple connections to
// internet or when you have VPN connections.
// interface = wlan0;
no_quick_check_seconds = 60; // Directly relay traffic to proxy if an IP
// is found blocked in cache and it has been
// added into cache no earlier than this
// specified number of seconds.
// Set it to 0 if you do not want to perform
// quick check when an IP is found in blocked
// IP cache, thus the connection will be
// redirected to proxy immediately.
quick_connect_timeout = 3; // Timeout value when performing quick
// connection check if an IP is found blocked
// in cache.
}
ipcache {
// Configure IP cache
cache_size = 4; // Maximum number of IP's in 1K.
stale_time = 900; // Seconds to stale an IP in cache since it is added
// into cahce.
// Set it to 0 to disable cache stale.
port_check = 1; // Whether to distinguish port number in address
cache_file = "/tmp/ipcache.txt"; // File used to store blocked IP's in cache.
autosave_interval = 3600; // Interval for saving ip cache into file.
// Set it to 0 to disable autosave.
// When autosave_interval and stale_time are both 0, IP cache behaves like
// a static blacklist.
}
// you can add more `redsocks' and `redudp' sections if you need.