diff options
author | Moritz Kaspar Rudert (mortzu) | 2015-05-21 16:25:47 +0200 |
---|---|---|
committer | Moritz Kaspar Rudert (mortzu) | 2015-05-21 16:25:47 +0200 |
commit | 2b7a44da0c4dead062424ac3455bf74ef2ebb2ca (patch) | |
tree | 68aebc6233d92848bbb2979e0b13989c9ef37fc9 | |
download | aur-2b7a44da0c4dead062424ac3455bf74ef2ebb2ca.tar.gz |
fixed package
-rw-r--r-- | .SRCINFO | 27 | ||||
-rw-r--r-- | PKGBUILD | 53 | ||||
-rw-r--r-- | redsocks.conf | 106 | ||||
-rw-r--r-- | redsocks.install | 33 | ||||
-rw-r--r-- | redsocks.rules | 28 | ||||
-rw-r--r-- | redsocks.tmpfiles | 1 |
6 files changed, 248 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..a8004107b7ed --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,27 @@ +pkgbase = redsocks-git + pkgdesc = Transparent redirector of any TCP connection to proxy using your firewall + pkgver = 0.1.r43.g2e3f648 + pkgrel = 1 + url = http://darkk.net.ru/redsocks/ + install = redsocks.install + arch = i686 + arch = x86_64 + license = GPL3 + makedepends = git + depends = libevent + provides = redsocks + conflicts = redsocks + backup = etc/redsocks.conf + backup = etc/conf.d/redsocks + backup = etc/iptables/redsocks.rules + source = redsocks-git::git+https://github.com/darkk/redsocks.git + source = redsocks.conf + source = redsocks.tmpfiles + source = redsocks.rules + md5sums = SKIP + md5sums = ed8b0090ded9de0940b1cd7539c78422 + md5sums = 9be5e8bea768b1a8fdec55a8e8af33fd + md5sums = 04702a7faf31d707d3df4c116bd58a6d + +pkgname = redsocks-git + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..94f5c9db4291 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,53 @@ +# Maintainer: mortzu <me@mortzu.de> +# Contributor: David Manouchehri <d@32t.ca> +# Submitter: fluffylime <fluffylime@gmail.com> + +pkgname=redsocks-git +pkgver=0.1.r43.g2e3f648 +pkgrel=1 +pkgdesc='Transparent redirector of any TCP connection to proxy using your firewall' +arch=('i686' 'x86_64') +url='http://darkk.net.ru/redsocks/' +license=('GPL3') +depends=('libevent') +makedepends=('git') +conflicts=('redsocks') +provides=('redsocks') +install=redsocks.install +backup=('etc/redsocks.conf' + 'etc/conf.d/redsocks' + 'etc/iptables/redsocks.rules') + +source=("$pkgname"::'git+https://github.com/darkk/redsocks.git' + 'redsocks.conf' + 'redsocks.tmpfiles' + 'redsocks.rules') +md5sums=('SKIP' + 'ed8b0090ded9de0940b1cd7539c78422' + '9be5e8bea768b1a8fdec55a8e8af33fd' + '04702a7faf31d707d3df4c116bd58a6d') + +pkgver() { + cd "$pkgname" + + git describe | sed -E 's/([^-]*-g)/r\1/;s/-/./g;s/release.//g' +} + +build() { + cd "$pkgname" + + make +} + +package() { + cd "$pkgname" + + install -Dm644 "$srcdir/redsocks.conf" "$pkgdir/etc/redsocks.conf" + install -Dm644 "$srcdir/redsocks.rules" "$pkgdir/etc/iptables/redsocks.rules" + install -Dm644 "$srcdir/redsocks.tmpfiles" "$pkgdir/usr/lib/tmpfiles.d/redsocks.conf" + + install -Dm755 "redsocks" "$pkgdir/usr/bin/redsocks" + install -Dm644 "README" "$pkgdir/usr/share/doc/redsocks/README" + install -Dm644 "redsocks.service" "$pkgdir/usr/lib/systemd/system/redsocks.service" + install -Dm644 "redsocks.conf.example" "$pkgdir/usr/share/doc/redsocks/redsocks.conf.example" +} diff --git a/redsocks.conf b/redsocks.conf new file mode 100644 index 000000000000..85875dc0059c --- /dev/null +++ b/redsocks.conf @@ -0,0 +1,106 @@ +base { + // debug: connection progress & client list on SIGUSR1 + log_debug = off; + + // info: start and end of client session + log_info = off; + + /* possible `log' values are: + * stderr + * "file:/path/to/file" + * syslog:FACILITY facility is any of "daemon", "local0"..."local7" + */ + // log = stderr; + // log = "file:/path/to/file"; + log = "syslog:daemon"; + + // detach from console + daemon = on; + + /* Change uid, gid and root directory, these options require root + * privilegies on startup. + * Note, your chroot may requre /etc/localtime if you write log to syslog. + * Log is opened before chroot & uid changing. + */ + user = redsocks; + group = redsocks; + // chroot = "/var/chroot"; + + /* possible `redirector' values are: + * iptables - for Linux + * ipf - for FreeBSD + * pf - for OpenBSD + * generic - some generic redirector that MAY work + */ + redirector = iptables; +} + +redsocks { + /* `local_ip' defaults to 127.0.0.1 for security reasons, + * use 0.0.0.0 if you want to listen on every interface. + * `local_*' are used as port to redirect to. + */ + local_ip = 127.0.0.1; + local_port = 31338; + + // listen() queue length. Default value is SOMAXCONN and it should be + // good enough for most of us. + // listenq = 128; // SOMAXCONN equals 128 on my Linux box. + + // `max_accept_backoff` is a delay to retry `accept()` after accept + // failure (e.g. due to lack of file descriptors). It's measured in + // milliseconds and maximal value is 65535. `min_accept_backoff` is + // used as initial backoff value and as a damper for `accept() after + // close()` logic. + // min_accept_backoff = 100; + // max_accept_backoff = 60000; + + // `ip' and `port' are IP and tcp-port of proxy-server + // You can also use hostname instead of IP, only one (random) + // address of multihomed host will be used. + ip = 127.0.0.1; + port = 4711; + + + // known types: socks4, socks5, http-connect, http-relay + type = socks5; + + // login = "foobar"; + // password = "baz"; +} + +redudp { + // `local_ip' should not be 0.0.0.0 as it's also used for outgoing + // packets that are sent as replies - and it should be fixed + // if we want NAT to work properly. + local_ip = 127.0.0.1; + local_port = 10053; + + // `ip' and `port' of socks5 proxy server. + ip = 127.0.0.1; + port = 4711; + + // login = username; + // password = pazzw0rd; + + // kernel does not give us this information, so we have to duplicate it + // in both iptables rules and configuration file. By the way, you can + // set `local_ip' to 127.45.67.89 if you need more than 65535 ports to + // forward ;-) + // This limitation may be relaxed in future versions using contrack-tools. + dest_ip = 8.8.8.8; + dest_port = 53; + + udp_timeout = 30; + udp_timeout_stream = 180; +} + +dnstc { + // fake and really dumb DNS server that returns "truncated answer" to + // every query via UDP, RFC-compliant resolver should repeat same query + // via TCP in this case. + local_ip = 127.0.0.1; + local_port = 5300; +} + +// you can add more `redsocks' and `redudp' sections if you need. diff --git a/redsocks.install b/redsocks.install new file mode 100644 index 000000000000..cbd617601ff5 --- /dev/null +++ b/redsocks.install @@ -0,0 +1,33 @@ +#!/bin/sh + +add_redsocks_user() { + getent group redsocks &>/dev/null || groupadd -r redsocks >/dev/null + getent passwd redsocks &>/dev/null || useradd -r -g redsocks -d / -s /bin/false -c redsocks redsocks >/dev/null + systemd-tmpfiles --create redsocks.conf +} + +post_install() { + add_redsocks_user + cat << EOF +To launch redsocks: + +1. Start an ssh tunnel on port 4711 +2. Start the redsocks and iptables daemons: + + rc.d start redsocks iptables + +3. Load the redsocks iptables rules: + + iptables-restore /etc/iptables/redsocks.rules +EOF +} + +post_upgrade() { + add_redsocks_user +} + +post_remove() { + getent passwd redsocks &>/dev/null && userdel redsocks >/dev/null + getent group redsocks &>/dev/null && groupdel redsocks >/dev/null + true +} diff --git a/redsocks.rules b/redsocks.rules new file mode 100644 index 000000000000..f9d979e30a4c --- /dev/null +++ b/redsocks.rules @@ -0,0 +1,28 @@ +# Transparent SOCKS proxy +# See: http://darkk.net.ru/redsocks/ + +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:REDSOCKS - [0:0] + +# Redirect all output through redsocks +-A OUTPUT -p tcp -j REDSOCKS + +# Whitelist LANs and some other reserved addresses. +# https://en.wikipedia.org/wiki/Reserved_IP_addresses#Reserved_IPv4_addresses +-A REDSOCKS -d 0.0.0.0/8 -j RETURN +-A REDSOCKS -d 10.0.0.0/8 -j RETURN +-A REDSOCKS -d 127.0.0.0/8 -j RETURN +-A REDSOCKS -d 169.254.0.0/16 -j RETURN +-A REDSOCKS -d 172.16.0.0/12 -j RETURN +-A REDSOCKS -d 192.168.0.0/16 -j RETURN +-A REDSOCKS -d 224.0.0.0/4 -j RETURN +-A REDSOCKS -d 240.0.0.0/4 -j RETURN + +# Redirect everything else to redsocks port +-A REDSOCKS -p tcp -j REDIRECT --to-ports 31338 + +COMMIT diff --git a/redsocks.tmpfiles b/redsocks.tmpfiles new file mode 100644 index 000000000000..beaa109c2f05 --- /dev/null +++ b/redsocks.tmpfiles @@ -0,0 +1 @@ +d /run/redsocks 0755 redsocks redsocks - - |