Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
SS-REDIR(1)		   Shadowsocks-libev Manual		   SS-REDIR(1)

NAME
       ss-redir	- shadowsocks client as	transparent proxy, libev port

SYNOPSIS
       ss-redir	[-uUv6]	[-h|--help] [-s	_server_host_] [-p _server_port_] [-l
       _local_port_] [-k _password_] [-m _encrypt_method_] [-f _pid_file_] [-t
       _timeout_] [-c _config_file_] [-b _local_address_] [-a _user_name_] [-n
       _nofile_] [--mtu	_MTU_] [--no-delay] [--plugin _plugin_name_]
       [--plugin-opts _plugin_options_]	[--password _password_]	[--key
       _key_in_base64_]

DESCRIPTION
       Shadowsocks-libev is a lightweight and secure socks5 proxy. It is a
       port of the original shadowsocks	created	by clowwindy.
       Shadowsocks-libev is written in pure C and takes	advantage of libev to
       achieve both high performance and low resource consumption.

       Shadowsocks-libev consists of five components. ss-redir(1) works	as a
       transparent proxy on local machines to proxy TCP	traffic	and requires
       netfilter's NAT module. For more	information, check out
       shadowsocks-libev(8) and	the following EXAMPLE section.

OPTIONS
       -s _server_host_
	   Set the server's hostname or	IP.

       -p _server_port_
	   Set the server's port number.

       -l _local_port_
	   Set the local port number.

       -k _password_, --password _password_
	   Set the password. The server	and the	client should use the same
	   password.

       --key _key_in_base64_
	   Set the key directly. The key should	be encoded with	URL-safe
	   Base64.

       -m _encrypt_method_
	   Set the cipher.

	   Shadowsocks-libev accepts 18	different ciphers:

	   aes-128-gcm,	aes-192-gcm, aes-256-gcm, rc4-md5, aes-128-cfb,
	   aes-192-cfb,	aes-256-cfb, aes-128-ctr, aes-192-ctr, aes-256-ctr,
	   bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
	   chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.

	   The default cipher is chacha20-ietf-poly1305.

	   If built with PolarSSL or custom OpenSSL libraries, some of these
	   ciphers may not work.

       -a _user_name_
	   Run as a specific user.

       -f _pid_file_
	   Start shadowsocks as	a daemon with specific pid file.

       -t _timeout_
	   Set the socket timeout in seconds. The default value	is 60.

       -c _config_file_
	   Use a configuration file.

	   Refer to shadowsocks-libev(8) CONFIG	FILE section for more details.

       -n _number_
	   Specify max number of open files.

	   Only	available on Linux.

       -b _local_address_
	   Specify the local address to	use while this client is making
	   outbound connections	to the server.

       -u
	   Enable UDP relay.

	   TPROXY is required in redir mode. You may need root permission.

       -U
	   Enable UDP relay and	disable	TCP relay.

       -6
	   Resovle hostname to IPv6 address first.

       --mtu _MTU_
	   Specify the MTU of your network interface.

       --mptcp
	   Enable Multipath TCP.

	   Only	available with MPTCP enabled Linux kernel.

       --reuse-port
	   Enable port reuse.

	   Only	available with Linux kernel > 3.9.0.

       --no-delay
	   Enable TCP_NODELAY.

       --plugin	_plugin_name_
	   Enable SIP003 plugin. (Experimental)

       --plugin-opts _plugin_options_
	   Set SIP003 plugin options. (Experimental)

       -v
	   Enable verbose mode.

       -h|--help
	   Print help message.

EXAMPLE
       ss-redir	requires netfilter's NAT function. Here	is an example:

	   # Create new	chain
	   iptables -t nat -N SHADOWSOCKS
	   iptables -t mangle -N SHADOWSOCKS

	   # Ignore your shadowsocks server's addresses
	   # It's very IMPORTANT, just be careful.
	   iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j	RETURN

	   # Ignore LANs and any other addresses you'd like to bypass the proxy
	   # See Wikipedia and RFC5735 for full	list of	reserved networks.
	   # See ashi009/bestroutetb for a highly optimized CHN	route list.
	   iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8	-j RETURN
	   iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
	   iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

	   # Anything else should be redirected	to shadowsocks's local port
	   iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports	12345

	   # Add any UDP rules
	   ip route add	local default dev lo table 100
	   ip rule add fwmark 1	lookup 100
	   iptables -t mangle -A SHADOWSOCKS -p	udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01

	   # Apply the rules
	   iptables -t nat -A PREROUTING -p tcp	-j SHADOWSOCKS
	   iptables -t mangle -A PREROUTING -j SHADOWSOCKS

	   # Start the shadowsocks-redir
	   ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid

SEE ALSO
       ss-local(1), ss-server(1), ss-tunnel(1),	ss-manager(1),
       shadowsocks-libev(8), iptables(8), /etc/shadowsocks-libev/config.json

Shadowsocks-libev 3.3.2		  08/10/2020			   SS-REDIR(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ss-redir&sektion=1&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help