https://wiki.raf.cc/index.php?action=history&feed=atom&title=Redsocks
Redsocks - 版本历史
2026-04-15T15:58:53Z
本wiki上该页面的版本历史
MediaWiki 1.43.3
https://wiki.raf.cc/index.php?title=Redsocks&diff=488&oldid=prev
Admin:创建页面,内容为“<syntaxhighlight lang="bash" line="1"> #!/usr/bin/env bash set -euo pipefail ### ================= 基本配置 ================= REDSOCKS_CONF="/etc/redsocks.conf" REDSOCKS_BIN="/usr/sbin/redsocks" # 源码版可能是 /usr/local/bin/redsocks REDSOCKS_PORT=12345 CHAIN="NETPROXY" MARK="0x1" STATE_DIR="/run/netproxy" IPTABLES_BACKUP="$STATE_DIR/iptables.bak" ### ================= 工具函数 ================= die() { echo "[ERROR] $*" >&2 exit 1…”
2026-01-19T01:47:45Z
<p>创建页面,内容为“<syntaxhighlight lang="bash" line="1"> #!/usr/bin/env bash set -euo pipefail ### ================= 基本配置 ================= REDSOCKS_CONF="/etc/redsocks.conf" REDSOCKS_BIN="/usr/sbin/redsocks" # 源码版可能是 /usr/local/bin/redsocks REDSOCKS_PORT=12345 CHAIN="NETPROXY" MARK="0x1" STATE_DIR="/run/netproxy" IPTABLES_BACKUP="$STATE_DIR/iptables.bak" ### ================= 工具函数 ================= die() { echo "[ERROR] $*" >&2 exit 1…”</p>
<p><b>新页面</b></p><div><syntaxhighlight lang="bash" line="1"><br />
#!/usr/bin/env bash<br />
set -euo pipefail<br />
<br />
### ================= 基本配置 =================<br />
REDSOCKS_CONF="/etc/redsocks.conf"<br />
REDSOCKS_BIN="/usr/sbin/redsocks" # 源码版可能是 /usr/local/bin/redsocks<br />
REDSOCKS_PORT=12345<br />
<br />
CHAIN="NETPROXY"<br />
MARK="0x1"<br />
<br />
STATE_DIR="/run/netproxy"<br />
IPTABLES_BACKUP="$STATE_DIR/iptables.bak"<br />
<br />
### ================= 工具函数 =================<br />
die() {<br />
echo "[ERROR] $*" >&2<br />
exit 1<br />
}<br />
<br />
need_root() {<br />
[[ $EUID -eq 0 ]] || die "Must run as root"<br />
}<br />
<br />
ensure_dirs() {<br />
mkdir -p "$STATE_DIR"<br />
}<br />
<br />
parse_proxy() {<br />
[[ "$1" =~ ^([^:]+):([0-9]+)$ ]] || die "Invalid proxy format: ip:port"<br />
PROXY_IP="${BASH_REMATCH[1]}"<br />
PROXY_PORT="${BASH_REMATCH[2]}"<br />
}<br />
<br />
### ================= redsocks =================<br />
write_redsocks_conf() {<br />
cat > "$REDSOCKS_CONF" <<EOF<br />
base {<br />
log_info = on;<br />
log = "syslog:daemon";<br />
daemon = on;<br />
redirector = iptables;<br />
}<br />
<br />
redsocks {<br />
local_ip = 127.0.0.1;<br />
local_port = $REDSOCKS_PORT;<br />
ip = $PROXY_IP;<br />
port = $PROXY_PORT;<br />
type = socks5;<br />
}<br />
EOF<br />
}<br />
<br />
start_redsocks() {<br />
pkill redsocks 2>/dev/null || true<br />
"$REDSOCKS_BIN" -c "$REDSOCKS_CONF"<br />
}<br />
<br />
stop_redsocks() {<br />
pkill redsocks 2>/dev/null || true<br />
}<br />
<br />
### ================= iptables =================<br />
iptables_save() {<br />
iptables-save > "$IPTABLES_BACKUP"<br />
}<br />
<br />
iptables_restore() {<br />
[[ -f "$IPTABLES_BACKUP" ]] && iptables-restore < "$IPTABLES_BACKUP"<br />
}<br />
<br />
iptables_apply() {<br />
# nat 链<br />
iptables -t nat -N $CHAIN 2>/dev/null || true<br />
iptables -t nat -F $CHAIN<br />
<br />
# 已标记流量直接放行(防回环)<br />
iptables -t nat -A $CHAIN -m mark --mark $MARK -j RETURN<br />
<br />
# 本地 & 私网放行<br />
iptables -t nat -A $CHAIN -d 127.0.0.0/8 -j RETURN<br />
<br />
# 排除代理服务器自身(关键)<br />
iptables -t nat -A $CHAIN -d "$PROXY_IP" -j RETURN<br />
<br />
# TCP 全部重定向<br />
iptables -t nat -A $CHAIN -p tcp -j REDIRECT --to-ports $REDSOCKS_PORT<br />
<br />
# 挂载到 OUTPUT(只影响本机)<br />
iptables -t nat -C OUTPUT -p tcp -j $CHAIN 2>/dev/null || \<br />
iptables -t nat -A OUTPUT -p tcp -j $CHAIN<br />
<br />
# mangle:给 redsocks 出口流量打标记<br />
iptables -t mangle -C OUTPUT -p tcp --sport $REDSOCKS_PORT -j MARK --set-mark $MARK 2>/dev/null || \<br />
iptables -t mangle -A OUTPUT -p tcp --sport $REDSOCKS_PORT -j MARK --set-mark $MARK<br />
}<br />
<br />
iptables_clear() {<br />
iptables -t nat -D OUTPUT -p tcp -j $CHAIN 2>/dev/null || true<br />
iptables -t nat -F $CHAIN 2>/dev/null || true<br />
iptables -t nat -X $CHAIN 2>/dev/null || true<br />
<br />
iptables -t mangle -D OUTPUT -p tcp --sport $REDSOCKS_PORT -j MARK --set-mark $MARK 2>/dev/null || true<br />
}<br />
<br />
### ================= 命令实现 =================<br />
cmd_start() {<br />
parse_proxy "$1"<br />
ensure_dirs<br />
iptables_save<br />
write_redsocks_conf<br />
start_redsocks<br />
iptables_apply<br />
echo "[OK] netproxy started via $PROXY_IP:$PROXY_PORT"<br />
}<br />
<br />
cmd_stop() {<br />
stop_redsocks<br />
iptables_restore || iptables_clear<br />
rm -rf "$STATE_DIR"<br />
echo "[OK] netproxy stopped and restored"<br />
}<br />
<br />
cmd_status() {<br />
echo "=== redsocks ==="<br />
pgrep redsocks >/dev/null && echo "running" || echo "stopped"<br />
<br />
echo<br />
echo "=== iptables nat ==="<br />
iptables -t nat -S | grep "$CHAIN" || echo "no netproxy nat rules"<br />
<br />
echo<br />
echo "=== iptables mangle ==="<br />
iptables -t mangle -S | grep "$REDSOCKS_PORT" || echo "no netproxy mangle rules"<br />
}<br />
<br />
### ================= 主入口 =================<br />
need_root<br />
<br />
case "${1:-}" in<br />
start)<br />
[[ $# -eq 2 ]] || die "Usage: $0 start ip:port"<br />
cmd_start "$2"<br />
;;<br />
stop)<br />
cmd_stop<br />
;;<br />
status)<br />
cmd_status<br />
;;<br />
*)<br />
echo "Usage:"<br />
echo " $0 start ip:port"<br />
echo " $0 stop"<br />
echo " $0 status"<br />
exit 1<br />
;;<br />
esac<br />
<br />
</syntaxhighlight></div>
Admin