DragonFly On-Line Manual Pages
SHADOWSOCKS-LIBEV(8) DragonFly System Manager's Manual SHADOWSOCKS-LIBEV(8)
NAME
shadowsocks-libev - a lightweight secured scoks5 proxy
SYNOPSIS
ss-local|ss-redir|ss-server
-s server_host -p server_port
-l local_port -k password
-m encrypt_method -f pid_file
-t timeout -c config_file
DESCRIPTION
shadowsocks is a lightweight secured socks5 proxy. It is a port of the
original shadowsocks created by clowwindy. shadowsocks is written in
pure C and uses libev to provide a both high performance and low
resource consumption socks5 proxy for users that need a secured tunnel
to visit the internet freely and privately.
shadowsocks consists of three components. One is ss-server that runs on
a remote server to provide secured tunnel service. ss-local and ss-
redir are clients that run on your local machines for proxying all your
TCP traffic.
While ss-local can be used as a standard socks5 proxy, ss-redir works
as a transparent proxy and should be used with the kernel's NAT
function. For more information, check the example section.
OPTIONS
-s server_host
Set the shadowsocks server host.
-p server_port
Set the shadowsocks server port.
-l local_port
Listen on the local port.
-k password
Set the shadowsocks password. The server and the client should
use the same password.
-m encrypt_method
Set the shadowsocks encryption method. Currently, shadowsocks
accepts several encryption methods: table, rc4, aes-128-cfb,
aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-
cfb, rc2-cfb and seed-cfb. The default method is table.
-f pid_file
Start shadowsocks as a daemon with a specific pid file.
-t timeout
Set the socket timeout in secondes. The default value is 10.
-c config_file
Use a configuration file.
EXAMPLE
ss-redir needs to be used with the NAT function. Here is an example:
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j
RETURN
# Ignore LANs and any other addresses you'd like to bypass the
proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j
RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j
RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j
RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-
ports 12345
# Apply the rules
root@Wrt:~# iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -c /etc/config/shadowsocks.json -f
/var/run/shadowsocks.pid
SEE ALSO
iptables(8), /etc/shadowsocks/config.json
AUTHOR
shadowsocks was created by clowwindy <clowwindy42@gmail.com> and
shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com>.
This manual page was written by Max Lv <max.c.lv@gmail.com>.
April 25, 2013 SHADOWSOCKS-LIBEV(8)