DragonFly On-Line Manual Pages

Search: Section:  


SHADOWSOCKS-LIBEV(8)   DragonFly System Manager's Manual  SHADOWSOCKS-LIBEV(8)

NAME

shadowsocks-libev - a lightweight secured scoks5 proxy

SYNOPSIS

ss-local|ss-redir|ss-server -s server_host -p server_port -l local_port -k password -m encrypt_method -f pid_file -t timeout -c config_file

DESCRIPTION

shadowsocks is a lightweight secured socks5 proxy. It is a port of the original shadowsocks created by clowwindy. shadowsocks is written in pure C and uses libev to provide a both high performance and low resource consumption socks5 proxy for users that need a secured tunnel to visit the internet freely and privately. shadowsocks consists of three components. One is ss-server that runs on a remote server to provide secured tunnel service. ss-local and ss- redir are clients that run on your local machines for proxying all your TCP traffic. While ss-local can be used as a standard socks5 proxy, ss-redir works as a transparent proxy and should be used with the kernel's NAT function. For more information, check the example section.

OPTIONS

-s server_host Set the shadowsocks server host. -p server_port Set the shadowsocks server port. -l local_port Listen on the local port. -k password Set the shadowsocks password. The server and the client should use the same password. -m encrypt_method Set the shadowsocks encryption method. Currently, shadowsocks accepts several encryption methods: table, rc4, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea- cfb, rc2-cfb and seed-cfb. The default method is table. -f pid_file Start shadowsocks as a daemon with a specific pid file. -t timeout Set the socket timeout in secondes. The default value is 10. -c config_file Use a configuration file.

EXAMPLE

ss-redir needs to be used with the NAT function. Here is an example: # Create new chain root@Wrt:~# iptables -t nat -N SHADOWSOCKS # Ignore your shadowsocks server's addresses # It's very IMPORTANT, just be careful. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN # Ignore LANs and any other addresses you'd like to bypass the proxy # See Wikipedia and RFC5735 for full list of reserved networks. # See ashi009/bestroutetb for a highly optimized CHN route list. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN # Anything else should be redirected to shadowsocks's local port root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to- ports 12345 # Apply the rules root@Wrt:~# iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS # Start the shadowsocks-redir root@Wrt:~# ss-redir -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid

SEE ALSO

iptables(8), /etc/shadowsocks/config.json

AUTHOR

shadowsocks was created by clowwindy <clowwindy42@gmail.com> and shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com>. This manual page was written by Max Lv <max.c.lv@gmail.com>. April 25, 2013 SHADOWSOCKS-LIBEV(8)

Search: Section: