redsocks.conf 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. base {
  2. // debug: connection progress & client list on SIGUSR1
  3. log_debug = off;
  4. // info: start and end of client session
  5. log_info = on;
  6. /* possible `log' values are:
  7. * stderr
  8. * "file:/path/to/file"
  9. * syslog:FACILITY facility is any of "daemon", "local0"..."local7"
  10. */
  11. // log = stderr;
  12. // log = "file:/path/to/file";
  13. log = "syslog:local7";
  14. // detach from console
  15. daemon = on;
  16. /* Change uid, gid and root directory, these options require root
  17. * privilegies on startup.
  18. * Note, your chroot may requre /etc/localtime if you write log to syslog.
  19. * Log is opened before chroot & uid changing.
  20. */
  21. // user = nobody;
  22. // group = nobody;
  23. // chroot = "/var/chroot";
  24. /* possible `redirector' values are:
  25. * iptables - for Linux
  26. * ipf - for FreeBSD
  27. * pf - for OpenBSD
  28. * generic - some generic redirector that MAY work
  29. */
  30. redirector = iptables;
  31. }
  32. redsocks {
  33. /* `local_ip' defaults to 127.0.0.1 for security reasons,
  34. * use 0.0.0.0 if you want to listen on every interface.
  35. * `local_*' are used as port to redirect to.
  36. */
  37. local_ip = 127.0.0.1;
  38. local_port = 12345;
  39. // listen() queue length. Default value is SOMAXCONN and it should be
  40. // good enough for most of us.
  41. // listenq = 128; // SOMAXCONN equals 128 on my Linux box.
  42. // `max_accept_backoff` is a delay to retry `accept()` after accept
  43. // failure (e.g. due to lack of file descriptors). It's measured in
  44. // milliseconds and maximal value is 65535. `min_accept_backoff` is
  45. // used as initial backoff value and as a damper for `accept() after
  46. // close()` logic.
  47. // min_accept_backoff = 100;
  48. // max_accept_backoff = 60000;
  49. // `ip' and `port' are IP and tcp-port of proxy-server
  50. // You can also use hostname instead of IP, only one (random)
  51. // address of multihomed host will be used.
  52. ip = example.org;
  53. port = 1080;
  54. // known types: socks4, socks5, http-connect, http-relay
  55. type = socks5;
  56. // login = "foobar";
  57. // password = "baz";
  58. }
  59. redudp {
  60. // `local_ip' should not be 0.0.0.0 as it's also used for outgoing
  61. // packets that are sent as replies - and it should be fixed
  62. // if we want NAT to work properly.
  63. local_ip = 127.0.0.1;
  64. local_port = 10053;
  65. // `ip' and `port' of socks5 proxy server.
  66. ip = 10.0.0.1;
  67. port = 1080;
  68. login = username;
  69. password = pazzw0rd;
  70. // redsocks knows about two options while redirecting UDP packets at
  71. // linux: TPROXY and REDIRECT. TPROXY requires more complex routing
  72. // configuration and fresh kernel (>= 2.6.37 according to squid
  73. // developers[1]) but has hack-free way to get original destination
  74. // address, REDIRECT is easier to configure, but requires `dest_ip` and
  75. // `dest_port` to be set, limiting packet redirection to single
  76. // destination.
  77. // [1] http://wiki.squid-cache.org/Features/Tproxy4
  78. dest_ip = 8.8.8.8;
  79. dest_port = 53;
  80. udp_timeout = 30;
  81. udp_timeout_stream = 180;
  82. }
  83. dnstc {
  84. // fake and really dumb DNS server that returns "truncated answer" to
  85. // every query via UDP, RFC-compliant resolver should repeat same query
  86. // via TCP in this case.
  87. local_ip = 127.0.0.1;
  88. local_port = 5300;
  89. }
  90. // you can add more `redsocks' and `redudp' sections if you need.