forked from shadowsocks/shadowsocks-libev
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathshadowsocks.8
122 lines (109 loc) · 4.35 KB
/
shadowsocks.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
.ig
. manual page for shadowsocks-libev
.
. Copyright (c) 2012-2013, by: Max Lv
. All rights reserved.
.
. Permission is granted to copy, distribute and/or modify this document
. under the terms of the GNU Free Documentation License, Version 1.1 or
. any later version published by the Free Software Foundation;
. with no Front-Cover Texts, no Back-Cover Texts, and with the following
. Invariant Sections (and any sub-sections therein):
. all .ig sections, including this one
. STUPID TRICKS Sampler
. AUTHOR
.
. A copy of the Free Documentation License is included in the section
. entitled "GNU Free Documentation License".
.
..
\# - these two are for chuckles, makes great grammar
.ds Lo \fBss-local\fR
.ds Re \fBss-redir\fR
.ds Se \fBss-server\fR
.ds Me \fBshadowsocks\fR
.TH SHADOWSOCKS-LIBEV 8 "April 25, 2013"
.SH NAME
shadowsocks-libev \- a lightweight secured scoks5 proxy
.SH SYNOPSIS
\*(Lo|\*(Re|\*(Se
\-s server_host \-p server_port
\-l local_port \-k password
\-m encrypt_method \-f pid_file
\-t timeout \-c config_file
.SH DESCRIPTION
\*(Me is a lightweight secured socks5 proxy. It is a port of
the original shadowsocks created by clowwindy. \*(Me is written in pure
C and uses \fBlibev\fP to provide a both high performance and low resource
consumption socks5 proxy for users that need a secured tunnel to visit the
internet freely and privately.
.PP
\*(Me consists of three components. One is \*(Se that runs on a remote server
to provide secured tunnel service. \*(Lo and \*(Re are clients that run on your
local machines for proxying all your TCP traffic.
.PP
While \*(Lo can be used as a standard socks5 proxy, \*(Re works as a transparent
proxy and should be used with the kernel's NAT function. For more information,
check the example section.
.SH OPTIONS
.TP
.B \-s \fIserver_host\fP
Set the shadowsocks server host.
.TP
.B \-p \fIserver_port\fP
Set the shadowsocks server port.
.TP
.B \-l \fIlocal_port\fP
Listen on the local port.
.TP
.B \-k \fIpassword\fP
Set the shadowsocks password. The server and the client should use the same
password.
.TP
.B \-m \fIencrypt_method\fP
Set the shadowsocks encryption method. Currently, shadowsocks accepts several
encryption methods: table, rc4, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb,
camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
idea-cfb, rc2-cfb and seed-cfb. The default method is \fItable\fP.
.TP
.B \-f \fIpid_file\fP
Start shadowsocks as a daemon with a specific pid file.
.TP
.B \-t \fItimeout\fP
Set the socket timeout in secondes. The default value is 10.
.TP
.B \-c \fIconfig_file\fP
Use a configuration file.
.SH EXAMPLE
\*(Re needs to be used with the NAT function. Here is an example:
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Apply the rules
root@Wrt:~# iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
.SH SEE ALSO
.BR iptables (8),
/etc/shadowsocks/config.json
.br
.SH AUTHOR
shadowsocks was created by clowwindy <[email protected]> and
shadowsocks-libev was maintained by Max Lv <[email protected]>.
.PP
This manual page was written by Max Lv <[email protected]>.