在 Linux 平台,shadowsocks-qt5 并不强大,不能代理所有流量,我在搭建 Macaca 环境的时候,就遇到 selenium-standalone install 无法顺利完成的问题,即使设置了代理也无济于事,幸好我们还有 redsocks,它可以代理所有流量到指定端口。
首先,我们需要安装 redsocks ,这个请自行解决啊,我使用 Manjaro,打开 添加/删除软件 搜索下就OK了,下面,我们配置它。
sudo vim /etc/redsocks.conf
base {
// debug: connection progress & client list on SIGUSR1
log_debug = off;
// info: start and end of client session
log_info = off;
/* possible `log' values are:
* stderr
* "file:/path/to/file"
* syslog:FACILITY facility is any of "daemon", "local0"..."local7"
*/
// log = stderr;
// log = "file:/path/to/file";
log = "syslog:daemon";
// detach from console
daemon = on;
/* Change uid, gid and root directory, these options require root
* privilegies on startup.
* Note, your chroot may requre /etc/localtime if you write log to syslog.
* Log is opened before chroot & uid changing.
*/
user = redsocks;
group = redsocks;
// chroot = "/var/chroot";
/* possible `redirector' values are:
* iptables - for Linux
* ipf - for FreeBSD
* pf - for OpenBSD
* generic - some generic redirector that MAY work
*/
redirector = iptables;
}
redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 31338;
// listen() queue length. Default value is SOMAXCONN and it should be
// good enough for most of us.
// listenq = 128; // SOMAXCONN equals 128 on my Linux box.
// `max_accept_backoff` is a delay to retry `accept()` after accept
// failure (e.g. due to lack of file descriptors). It's measured in
// milliseconds and maximal value is 65535. `min_accept_backoff` is
// used as initial backoff value and as a damper for `accept() after
// close()` logic.
// min_accept_backoff = 100;
// max_accept_backoff = 60000;
// `ip' and `port' are IP and tcp-port of proxy-server
// You can also use hostname instead of IP, only one (random)
// address of multihomed host will be used.
ip = 127.0.0.1;
port = 1080;
// known types: socks4, socks5, http-connect, http-relay
type = socks5;
// login = "foobar";
// password = "baz";
}
redudp {
// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
// packets that are sent as replies - and it should be fixed
// if we want NAT to work properly.
local_ip = 127.0.0.1;
local_port = 10053;
// `ip' and `port' of socks5 proxy server.
ip = 127.0.0.1;
port = 1080;
// login = username;
// password = pazzw0rd;
// kernel does not give us this information, so we have to duplicate it
// in both iptables rules and configuration file. By the way, you can
// set `local_ip' to 127.45.67.89 if you need more than 65535 ports to
// forward ;-)
// This limitation may be relaxed in future versions using contrack-tools.
dest_ip = 8.8.8.8;
dest_port = 53;
udp_timeout = 30;
udp_timeout_stream = 180;
}
dnstc {
// fake and really dumb DNS server that returns "truncated answer" to
// every query via UDP, RFC-compliant resolver should repeat same query
// via TCP in this case.
local_ip = 127.0.0.1;
local_port = 5300;
}
// you can add more `redsocks' and `redudp' sections if you need.
主要修改 redsocks 节点下面的 ip、port、port 以及 redudp 节点下面的 ip 和 port,然后配置信息就OK了,但是还需要配置 iptables 规则,以下是我的规则:
1、proxy
sudo iptables -t nat -A OUTPUT -d xxx.xxx.xxx.xxx -j RETURN sudo iptables -t nat -A OUTPUT -d 10.0.0.0/8 -j RETURN sudo iptables -t nat -A OUTPUT -d 172.16.0.0/16 -j RETURN sudo iptables -t nat -A OUTPUT -d 192.168.0.0/16 -j RETURN sudo iptables -t nat -A OUTPUT -d 127.0.0.0/8 -j RETURN sudo iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 31338
这里注意两点,第一行的 xxx.xxx.xxx.xxx 改为你代理服务器的ip,即 shadowsocks 服务器的 ip,保证这个 ip 不被代理,否则死循环了,最后一行的 31338 需要和 redsocks 节点下面的 local_port 一致。你可以将以上规则保存为 proxy 并保存到 /usr/local/bin/目录下面,然后 sudo chmod a+x /usr/local/bin/proxy 之后就可以通过 proxy 来设置为全局代理了。那么,如何取消呢?
2、del_proxy
#/bin/bash sudo iptables -t nat -D OUTPUT 6 sudo iptables -t nat -D OUTPUT 5 sudo iptables -t nat -D OUTPUT 4 sudo iptables -t nat -D OUTPUT 3 sudo iptables -t nat -D OUTPUT 2 sudo iptables -t nat -D OUTPUT 1
同样的,保存到 /usr/local/bin/ 目录下面,并 sudo chmod a+x /usr/local/bin/del_proxy 之后可以通过 del_proxy 来取消全局代理了。但是记得 sudo systemctl start redsocks 以及 sudo systemctl enable redsocks 哦!