cybozu-go/transocks cybozu-go/transocks

  • This repository has been archived on 21/Apr/2023
  • Stars
    star
    465
  • Rank 94,287 (Top 2 %)
  • Language
    Go
  • License
    MIT License
  • Created almost 9 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
cybozu-go/transocks
github

cybozu-go

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Transparent SOCKS5 / HTTP proxy in Go

GitHub release GoDoc CircleCI Go Report Card

transocks - a transparent SOCKS5/HTTP proxy

transocks is a background service to redirect TCP connections transparently to a SOCKS5 server or a HTTP proxy server like Squid.

Currently, transocks supports only Linux iptables with DNAT/REDIRECT target.

Features

  • IPv4 and IPv6

    Both IPv4 and IPv6 are supported. Note that nf_conntrack_ipv4 or nf_conntrack_ipv6 kernel modules must be loaded beforehand.

  • SOCKS5 and HTTP proxy (CONNECT)

    We recommend using SOCKS5 server if available. Take a look at our SOCKS server usocksd if you are looking for.

    HTTP proxies often prohibits CONNECT method to make connections to ports other than 443. Make sure your HTTP proxy allows CONNECT to the ports you want.

  • Graceful stop & restart

    • On SIGINT/SIGTERM, transocks stops gracefully.
    • On SIGHUP, transocks restarts gracefully.

  • Library and executable

    transocks comes with a handy executable. You may use the library to create your own.

Install

Use Go 1.7 or better.

go get -u github.com/cybozu-go/transocks/...

Usage

transocks [-h] [-f CONFIG]

The default configuration file path is /etc/transocks.toml.

In addition, transocks implements the common spec from cybozu-go/cmd.

transocks does not have daemon mode. Use systemd to run it as a background service.

Configuration file format

transocks.toml is a TOML file.

proxy_url is mandatory. Other items are optional.

# listening address of transocks.
listen = "localhost:1081"    # default is "localhost:1081"

proxy_url = "socks5://10.20.30.40:1080"  # for SOCKS5 server
#proxy_url = "http://10.20.30.40:3128"   # for HTTP proxy server

[log]
filename = "/path/to/file"   # default to stderr
level = "info"               # critical", error, warning, info, debug
format = "json"              # plain, logfmt, json

Redirecting connections by iptables

Use DNAT or REDIRECT target in OUTPUT chain of the nat table.

Save the following example to a file, then execute: sudo iptables-restore < FILE

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:TRANSOCKS - [0:0]
-A OUTPUT -p tcp -j TRANSOCKS
-A TRANSOCKS -d 0.0.0.0/8 -j RETURN
-A TRANSOCKS -d 10.0.0.0/8 -j RETURN
-A TRANSOCKS -d 127.0.0.0/8 -j RETURN
-A TRANSOCKS -d 169.254.0.0/16 -j RETURN
-A TRANSOCKS -d 172.16.0.0/12 -j RETURN
-A TRANSOCKS -d 192.168.0.0/16 -j RETURN
-A TRANSOCKS -d 224.0.0.0/4 -j RETURN
-A TRANSOCKS -d 240.0.0.0/4 -j RETURN
-A TRANSOCKS -p tcp -j REDIRECT --to-ports 1081
COMMIT

Use ip6tables to redirect IPv6 connections.

NOTE: If you are going to use transocks on Linux gateway to redirect transit traffic, you have to bind transocks on primary address of internal network interface because iptables REDIRECT action in PREROUTING chain changes packet destination IP to primary address of incoming interface.

Library usage

Read the documentation.

License

MIT

More Repositories

1

moco

MySQL operator on Kubernetes using GTID-based semi-synchronous replication.
Go
246
star
2

neco

Project Neco
Go
241
star
3

cke

Cybozu Kubernetes Engine
Go
193
star
4

coil

CNI plugin for Kubernetes designed for scalability and extensibility
Go
164
star
5

usocksd

SOCKS4/5 server library and command in Go
Go
142
star
6

well

Go framework for well-behaving commands
Go
125
star
7

goma

An extensible monitoring agent in Go.
Go
124
star
8

aptutil

Go utilities for Debian APT repositories
Go
123
star
9

sabakan

A versatile network boot server for large data centers
Go
122
star
10

placemat

Virtual data center construction tool
Go
82
star
11

etcdpasswd

Distributed Linux user management using etcd
Go
46
star
12

accurate

Kubernetes controller for multi-tenancy. It propagates resources between namespaces accurately and allows tenant users to create/delete sub-namespaces.
Go
28
star
13

log

Logging framework for Cybozu Go products
Go
28
star
14

contour-plus

Enhance contour for external-dns and cert-manager
Go
25
star
15

meows

Kubernetes controller for GitHub actions self-hosted runners
Go
19
star
16

netutil

Add-ons for Go networking
Go
17
star
17

kkok

Alert routing and filtering service
Go
10
star
18

scim

generic SCIM server/client library in Go
Go
7
star
19

options

A small library that provides Option[T], which represents an optional value of type T
Go
5
star
20

cat-gate

A Kubernetes controller to delay pod deployment using scheduling gates
Go
5
star
21

setup-hw

Build container image to configure BMC and BIOS
Go
5
star
22

nginx-i2c

ip2country.conf generation tool for nginx
Go
4
star
23

scim-server

Go
4
star
24

pod-security-admission

A Kubernetes admission webhook to ensure pod security standards
Go
4
star
25

nyamber

Custom controllers to create Neco environment
Go
1
star
26

neco-template

Template repository for Neco
Makefile
1
star
27

neco-gcp

GCP management tools for project Neco
Go
1
star
28

necotiator

ResourceQuota Controller for soft multi-tenancy
Go
1
star
29

etcdutil

Add-ons for etcd
Go
1
star
30

cattage

Kubernetes controller that enhances the multi-tenancy of Argo CD with Accurate.
Go
1
star
31

tenet

Tenet is a Kubernetes controller that aims to facilitate setting-up Network Policies on tenant namespaces.
Go
1
star
32

necoperf

necoperf provides the ability to easily retrieve profiles of containers running on Kubernetes.
Go
1
star
33

zombie-detector

Go
1
star