搭建redsocks 测试环境

1. 先来谈谈pc的测试环境

socks5代理，因为要在centos下设置，没有yum到socks, 就安装ss5，wget http://jaist.dl.sourceforge.net/project/ss5/ss5/3.8.9-8/ss5-3.8.9-8.tar.gz，参考这个网页解决：https://blog.csdn.net/zjiang1994/article/details/74925039。然后解压，./configure && make install

chmod a+x /etc/init.d/ss5
service ss5 start

vim /etc/opt/ss5/ss5.conf，把这两处的注释打开(就是auth,permit这两行)

测试，用mac的safari，把代理socks选上，填上centos的地址，端口号填上1080。测试下是否work。

版主总结了下命令集：

yum install gcc openldap-devel pam-devel openssl-devel
wget http://jaist.dl.sourceforge.net/project/ss5/ss5/3.8.9-8/ss5-3.8.9-8.tar.gz
tar -vzx -f ss5-3.8.9-8.tar.gz
cd ss5-3.8.9/
./configure
make
make install
chmod a+x /etc/init.d/ss5
service ss5 start
vim /etc/opt/ss5/ss5.conf
# 修改配置文件 service ss5 restart

其次是redsocks的配置，用缺省的example，改名为my.conf，

redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 127.0.0.1;
local_port = 1080;

// listen() queue length. Default value is SOMAXCONN and it should be
// good enough for most of us.
// listenq = 128; // SOMAXCONN equals 128 on my Linux box.

// `max_accept_backoff` is a delay to retry `accept()` after accept
// failure (e.g. due to lack of file descriptors). It's measured in
// milliseconds and maximal value is 65535. `min_accept_backoff` is
// used as initial backoff value and as a damper for `accept() after
// close()` logic.
// min_accept_backoff = 100;
// max_accept_backoff = 60000;

// `ip' and `port' are IP and tcp-port of proxy-server
// You can also use hostname instead of IP, only one (random)
// address of multihomed host will be used.
// The two fields are meaningless when proxy type is 'direct'.
ip = 192.168.1.108;
port = 1080;

剩下的udp和socks5的都给删掉。我们只需要tcp代理。

iptables文件内容是：

sudo iptables -t nat -A OUTPUT -d 192.168.1.108 -j RETURN

sudo iptables -t nat -A OUTPUT -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A OUTPUT -d 172.16.0.0/16 -j RETURN
sudo iptables -t nat -A OUTPUT -d 192.168.0.0/16 -j RETURN

sudo iptables -t nat -A OUTPUT -d 127.0.0.0/8 -j RETURN

sudo iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 1080

iptables -t nat -F, 是清除所有的设置；

iptables -t nat -L, 是列表显示目前的设置。

实际上localpot用1080不合适，应该选用个别的值，比如1081。 

iptables内容，把对1080的输出都给return掉，本地output出去的redirect到端口，1080上，而redsocks配置文件监听的就是这个端口。