/usr/share/doc/shadowsocks-libev/ss-redir.html is in shadowsocks-libev 3.1.3+ds-1ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="generator" content="AsciiDoc 8.6.10">
<title>ss-redir(1)</title>
</head>
<body>
<h1>ss-redir(1)</h1>
<p>
</p>
<hr>
<h2><a name="_name"></a>NAME</h2>
<p>ss-redir - shadowsocks client as transparent proxy, libev port</p>
<hr>
<h2><a name="_synopsis"></a>SYNOPSIS</h2>
<p><strong>ss-redir</strong>
[-uUv6] [-h|--help]
[-s <emphasis><server_host></emphasis>] [-p <emphasis><server_port></emphasis>] [-l <emphasis><local_port></emphasis>]
[-k <emphasis><password></emphasis>] [-m <emphasis><encrypt_method></emphasis>] [-f <emphasis><pid_file></emphasis>]
[-t <emphasis><timeout></emphasis>] [-c <emphasis><config_file></emphasis>] [-b <emphasis><local_address></emphasis>]
[-a <emphasis><user_name></emphasis>] [-n <emphasis><nofile></emphasis>] [--mtu <emphasis><MTU></emphasis>] [--no-delay]
[--plugin <emphasis><plugin_name></emphasis>] [--plugin-opts <emphasis><plugin_options></emphasis>]
[--password <emphasis><password></emphasis>] [--key <emphasis><key_in_base64></emphasis>]</p>
<hr>
<h2><a name="_description"></a>DESCRIPTION</h2>
<p><strong>Shadowsocks-libev</strong> is a lightweight and secure socks5 proxy.
It is a port of the original shadowsocks created by clowwindy.
<strong>Shadowsocks-libev</strong> is written in pure C and takes advantage of libev to
achieve both high performance and low resource consumption.</p>
<p><strong>Shadowsocks-libev</strong> consists of five components.
<code>ss-redir</code>(1) works as a transparent proxy on local machines to proxy TCP
traffic and requires netfilter’s NAT module.
For more information, check out <code>shadowsocks-libev</code>(8) and the following
<em>EXAMPLE</em> section.</p>
<hr>
<h2><a name="_options"></a>OPTIONS</h2>
<dl>
<dt>
-s <emphasis><server_host></emphasis>
</dt>
<dd>
<p>
Set the server’s hostname or IP.
</p>
</dd>
<dt>
-p <emphasis><server_port></emphasis>
</dt>
<dd>
<p>
Set the server’s port number.
</p>
</dd>
<dt>
-l <emphasis><local_port></emphasis>
</dt>
<dd>
<p>
Set the local port number.
</p>
</dd>
<dt>
-k <emphasis><password></emphasis>
</dt>
<dt>
--password <emphasis><password></emphasis>
</dt>
<dd>
<p>
Set the password. The server and the client should use the same password.
</p>
</dd>
<dt>
--key <emphasis><key_in_base64></emphasis>
</dt>
<dd>
<p>
Set the key directly. The key should be encoded with URL-safe Base64.
</p>
</dd>
<dt>
-m <emphasis><encrypt_method></emphasis>
</dt>
<dd>
<p>
Set the cipher.
</p>
<p><strong>Shadowsocks-libev</strong> accepts 18 different ciphers:</p>
<p>aes-128-gcm, aes-192-gcm, aes-256-gcm,
rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.</p>
<p>The default cipher is <em>rc4-md5</em>.</p>
<p>If built with PolarSSL or custom OpenSSL libraries, some of
these ciphers may not work.</p>
</dd>
<dt>
-a <emphasis><user_name></emphasis>
</dt>
<dd>
<p>
Run as a specific user.
</p>
</dd>
<dt>
-f <emphasis><pid_file></emphasis>
</dt>
<dd>
<p>
Start shadowsocks as a daemon with specific pid file.
</p>
</dd>
<dt>
-t <emphasis><timeout></emphasis>
</dt>
<dd>
<p>
Set the socket timeout in seconds. The default value is 60.
</p>
</dd>
<dt>
-c <emphasis><config_file></emphasis>
</dt>
<dd>
<p>
Use a configuration file.
</p>
<p>Refer to <code>shadowsocks-libev</code>(8) <em>CONFIG FILE</em> section for more details.</p>
</dd>
<dt>
-n <emphasis><number></emphasis>
</dt>
<dd>
<p>
Specify max number of open files.
</p>
<p>Only available on Linux.</p>
</dd>
<dt>
-b <emphasis><local_address></emphasis>
</dt>
<dd>
<p>
Specify local address to bind.
</p>
</dd>
<dt>
-u
</dt>
<dd>
<p>
Enable UDP relay.
</p>
<p>TPROXY is required in redir mode. You may need root permission.</p>
</dd>
<dt>
-U
</dt>
<dd>
<p>
Enable UDP relay and disable TCP relay.
</p>
</dd>
<dt>
-6
</dt>
<dd>
<p>
Resovle hostname to IPv6 address first.
</p>
</dd>
<dt>
--mtu <emphasis><MTU></emphasis>
</dt>
<dd>
<p>
Specify the MTU of your network interface.
</p>
</dd>
<dt>
--mptcp
</dt>
<dd>
<p>
Enable Multipath TCP.
</p>
<p>Only available with MPTCP enabled Linux kernel.</p>
</dd>
<dt>
--reuse-port
</dt>
<dd>
<p>
Enable port reuse.
</p>
<p>Only available with Linux kernel > 3.9.0.</p>
</dd>
<dt>
--no-delay
</dt>
<dd>
<p>
Enable TCP_NODELAY.
</p>
</dd>
<dt>
--plugin <emphasis><plugin_name></emphasis>
</dt>
<dd>
<p>
Enable SIP003 plugin. (Experimental)
</p>
</dd>
<dt>
--plugin-opts <emphasis><plugin_options></emphasis>
</dt>
<dd>
<p>
Set SIP003 plugin options. (Experimental)
</p>
</dd>
<dt>
-v
</dt>
<dd>
<p>
Enable verbose mode.
</p>
</dd>
<dt>
-h|--help
</dt>
<dd>
<p>
Print help message.
</p>
</dd>
</dl>
<hr>
<h2><a name="_example"></a>EXAMPLE</h2>
<p>ss-redir requires netfilter’s NAT function. Here is an example:</p>
<pre><code># Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
root@Wrt:~# iptables -t mangle -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Add any UDP rules
root@Wrt:~# ip route add local default dev lo table 100
root@Wrt:~# ip rule add fwmark 1 lookup 100
root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
# Apply the rules
root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid</code></pre>
<hr>
<h2><a name="_see_also"></a>SEE ALSO</h2>
<p><code>ss-local</code>(1),
<code>ss-server</code>(1),
<code>ss-tunnel</code>(1),
<code>ss-manager</code>(1),
<code>shadowsocks-libev</code>(8),
<code>iptables</code>(8),
/etc/shadowsocks-libev/config.json</p>
<p></p>
<p></p>
<hr><p><small>
Last updated
2018-01-16 01:25:03 UTC
</small></p>
</body>
</html>
|