DragonFly On-Line Manual Pages
SHADOWSOCKS-LIBEV(8) DragonFly System Manager's Manual SHADOWSOCKS-LIBEV(8)
NAME
shadowsocks-libev - a lightweight and secure scoks5 proxy
SYNOPSIS
ss-local|ss-redir|ss-server
-s server_host -p server_port
-l local_port -k password
-m encrypt_method -f pid_file
-t timeout -c config_file
DESCRIPTION
Shadowsocks is a lightweight and secure socks5 proxy. It is a port of
the original shadowsocks created by clowwindy. Shadowsocks is written
in pure C and takes advantage of libev to achieve both high performance
and low resource consumption.
Shadowsocks consists of four components. One is ss-server that runs on
a remote server to provide secured tunnel service. ss-local and ss-
redir are clients on your local machines to proxy TCP traffic. ss-
tunnel is a tool for local port forwarding.
While ss-local works as a standard socks5 proxy, ss-redir works as a
transparent proxy and requires netfilter's NAT module. For more
information, check out the example section.
OPTIONS
-s server_host
Set the server's hostname or IP.
-p server_port
Set the server's port number.
-l local_port
Set the local port number.
-k password
Set the password. The server and the client should use the same
password.
-m encrypt_method
Set the cipher. Shadowsocks accepts 16 different ciphers: table,
rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb,
camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb,
des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20 and chacha20. The
default cipher is table. If built with PolarSSL or custom
OpenSSL libraries, some of these ciphers may not work.
-f pid_file
Start shadowsocks as a daemon with specific pid file.
-t timeout
Set the socket timeout in secondes. The default value is 10.
-c config_file
Use a configuration file.
-a user_name
Run as a specific user.
-u Enable UDP relay.
-v Enable verbose mode.
--fast-open
Enable TCP fast open.
--acl acl_config
Enable ACL (Access Control List).
EXAMPLE
ss-redir requires netfilter's NAT function. Here is an example:
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j
RETURN
# Ignore LANs and any other addresses you'd like to bypass the
proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j
RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j
RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j
RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-
ports 12345
# Apply the rules
root@Wrt:~# iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -c /etc/config/shadowsocks.json -f
/var/run/shadowsocks.pid
SEE ALSO
iptables(8), /etc/shadowsocks-libev/config.json
AUTHOR
shadowsocks was created by clowwindy <clowwindy42@gmail.com> and
shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com> and
Linus Yang <laokongzi@gmail.com>.
This manual page was written by Max Lv <max.c.lv@gmail.com>.
January 7, 2015 SHADOWSOCKS-LIBEV(8)