UDP透明代理配置示例 - semigodking/redsocks GitHub Wiki

说明

要实现不指定目标IP及端口的UDP透明代理，要求系统安装TPROXY内核模块。配合socks5或shadowsocks代理支持Full-cone NAT，但效果及效率不明确。

REDSOCKS配置文件

base {
 log_debug = off;
 log_info = on;
 daemon = on;
 redirector= iptables;
}

redudp {
 bind = 192.168.1.1:20000;
 relay = example.com:1500;
 type = shadowsocks;
 login = rc4-md5;
 password = "your_passwd";
 udp_timeout = 20;
}

iptables 及 ip rules

ip rule add fwmark 0x01/0x01 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N REDSOCKS2
iptables -t mangle -A REDSOCKS2 -p udp --dport 123 -j TPROXY --on-port 20000 --tproxy-mark 0x01/0x01
iptables -t mangle -A PREROUTING -j REDSOCKS2