Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SS-REDIR(1)		   Shadowsocks-libev Manual		   SS-REDIR(1)

       ss-redir	- shadowsocks client as	transparent proxy, libev port

       ss-redir	[-uUv6]	[-h|--help] [-s	_server_host_] [-p _server_port_] [-l
       _local_port_] [-k _password_] [-m _encrypt_method_] [-f _pid_file_] [-t
       _timeout_] [-c _config_file_] [-b _local_address_] [-a _user_name_] [-n
       _nofile_] [--mtu	_MTU_] [--no-delay] [--plugin _plugin_name_]
       [--plugin-opts _plugin_options_]	[--password _password_]	[--key

       Shadowsocks-libev is a lightweight and secure socks5 proxy. It is a
       port of the original shadowsocks	created	by clowwindy.
       Shadowsocks-libev is written in pure C and takes	advantage of libev to
       achieve both high performance and low resource consumption.

       Shadowsocks-libev consists of five components. ss-redir(1) works	as a
       transparent proxy on local machines to proxy TCP	traffic	and requires
       netfilter's NAT module. For more	information, check out
       shadowsocks-libev(8) and	the following EXAMPLE section.

       -s _server_host_
	   Set the server's hostname or	IP.

       -p _server_port_
	   Set the server's port number.

       -l _local_port_
	   Set the local port number.

       -k _password_, --password _password_
	   Set the password. The server	and the	client should use the same

       --key _key_in_base64_
	   Set the key directly. The key should	be encoded with	URL-safe

       -m _encrypt_method_
	   Set the cipher.

	   Shadowsocks-libev accepts 18	different ciphers:

	   aes-128-gcm,	aes-192-gcm, aes-256-gcm, rc4-md5, aes-128-cfb,
	   aes-192-cfb,	aes-256-cfb, aes-128-ctr, aes-192-ctr, aes-256-ctr,
	   bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
	   chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.

	   The default cipher is chacha20-ietf-poly1305.

	   If built with PolarSSL or custom OpenSSL libraries, some of these
	   ciphers may not work.

       -a _user_name_
	   Run as a specific user.

       -f _pid_file_
	   Start shadowsocks as	a daemon with specific pid file.

       -t _timeout_
	   Set the socket timeout in seconds. The default value	is 60.

       -c _config_file_
	   Use a configuration file.

	   Refer to shadowsocks-libev(8) CONFIG	FILE section for more details.

       -n _number_
	   Specify max number of open files.

	   Only	available on Linux.

       -b _local_address_
	   Specify the local address to	use while this client is making
	   outbound connections	to the server.

	   Enable UDP relay.

	   TPROXY is required in redir mode. You may need root permission.

	   Enable UDP relay and	disable	TCP relay.

	   Resovle hostname to IPv6 address first.

       --mtu _MTU_
	   Specify the MTU of your network interface.

	   Enable Multipath TCP.

	   Only	available with MPTCP enabled Linux kernel.

	   Enable port reuse.

	   Only	available with Linux kernel > 3.9.0.

	   Enable TCP_NODELAY.

       --plugin	_plugin_name_
	   Enable SIP003 plugin. (Experimental)

       --plugin-opts _plugin_options_
	   Set SIP003 plugin options. (Experimental)

	   Enable verbose mode.

	   Print help message.

       ss-redir	requires netfilter's NAT function. Here	is an example:

	   # Create new	chain
	   iptables -t nat -N SHADOWSOCKS
	   iptables -t mangle -N SHADOWSOCKS

	   # Ignore your shadowsocks server's addresses
	   # It's very IMPORTANT, just be careful.
	   iptables -t nat -A SHADOWSOCKS -d -j	RETURN

	   # Ignore LANs and any other addresses you'd like to bypass the proxy
	   # See Wikipedia and RFC5735 for full	list of	reserved networks.
	   # See ashi009/bestroutetb for a highly optimized CHN	route list.
	   iptables -t nat -A SHADOWSOCKS -d -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d	-j RETURN
	   iptables -t nat -A SHADOWSOCKS -d -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d -j RETURN

	   # Anything else should be redirected	to shadowsocks's local port
	   iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports	12345

	   # Add any UDP rules
	   ip route add	local default dev lo table 100
	   ip rule add fwmark 1	lookup 100
	   iptables -t mangle -A SHADOWSOCKS -p	udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01

	   # Apply the rules
	   iptables -t nat -A PREROUTING -p tcp	-j SHADOWSOCKS
	   iptables -t mangle -A PREROUTING -j SHADOWSOCKS

	   # Start the shadowsocks-redir
	   ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/

       ss-local(1), ss-server(1), ss-tunnel(1),	ss-manager(1),
       shadowsocks-libev(8), iptables(8), /etc/shadowsocks-libev/config.json

Shadowsocks-libev 3.3.2		  08/10/2020			   SS-REDIR(1)


Want to link to this manual page? Use this URL:

home | help