forked from shadowsocksr-backup/shadowsocksr-libev
-
Notifications
You must be signed in to change notification settings - Fork 0
/
shadowsocks-libev.8
138 lines (125 loc) · 4.58 KB
/
shadowsocks-libev.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
.ig
. manual page for shadowsocks-libev
.
. Copyright (c) 2012-2013, by: Max Lv
. All rights reserved.
.
. Permission is granted to copy, distribute and/or modify this document
. under the terms of the GNU Free Documentation License, Version 1.1 or
. any later version published by the Free Software Foundation;
. with no Front-Cover Texts, no Back-Cover Texts, and with the following
. Invariant Sections (and any sub-sections therein):
. all .ig sections, including this one
. STUPID TRICKS Sampler
. AUTHOR
.
. A copy of the Free Documentation License is included in the section
. entitled "GNU Free Documentation License".
.
..
\# - these two are for chuckles, makes great grammar
.ds Lo \fBss-local\fR
.ds Re \fBss-redir\fR
.ds Se \fBss-server\fR
.ds Me \fBshadowsocks\fR
.TH SHADOWSOCKS-LIBEV 8 "August 18, 2014"
.SH NAME
shadowsocks-libev \- a lightweight secured scoks5 proxy
.SH SYNOPSIS
\*(Lo|\*(Re|\*(Se
\-s server_host \-p server_port
\-l local_port \-k password
\-m encrypt_method \-f pid_file
\-t timeout \-c config_file
.SH DESCRIPTION
\*(Me is a lightweight secured socks5 proxy. It is a port of
the original shadowsocks created by clowwindy. \*(Me is written in pure
C and takes advantage of \fBlibev\fP to provide a socks5 proxy with both high
performance and low resource consumption.
.PP
\*(Me consists of three components. One is \*(Se that runs on a remote server
to provide secured tunnel service. \*(Lo and \*(Re are clients that run on your
local machines for proxying all your TCP traffic.
.PP
While \*(Lo is a standard socks5 proxy, \*(Re works as a transparent proxy and
requires netfilter's NAT function. For more information, check out the example
section.
.SH OPTIONS
.TP
.B \-s \fIserver_host\fP
Set the shadowsocks server host.
.TP
.B \-p \fIserver_port\fP
Set the shadowsocks server port.
.TP
.B \-l \fIlocal_port\fP
Listen on the local port.
.TP
.B \-k \fIpassword\fP
Set the shadowsocks password. The server and the client should use the same
password.
.TP
.B \-m \fIencrypt_method\fP
Set the cipher. Shadowsocks accepts 14 different ciphers: table, rc4,
rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb
and seed-cfb. The default method is \fItable\fP. If compiled with PolarSSL
or custom OpenSSL builds, some of these ciphers may not work.
.TP
.B \-f \fIpid_file\fP
Start shadowsocks as a daemon with a specific pid file.
.TP
.B \-t \fItimeout\fP
Set the socket timeout in secondes. The default value is 10.
.TP
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-a \fIuser_name\fP
Run as a specific user.
.TP
.B \-u
Enable UDP relay.
.TP
.B \-v
Enable verbose mode.
.TP
.B \--fast-open
Enable TCP fast open.
.TP
.B \--acl \fIacl_config\fP
Enable ACL (Access Control List).
.SH EXAMPLE
\*(Re requires netfilter's NAT function. Here is an example:
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Apply the rules
root@Wrt:~# iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
.SH SEE ALSO
.BR iptables (8),
/etc/shadowsocks-libev/config.json
.br
.SH AUTHOR
shadowsocks was created by clowwindy <[email protected]> and
shadowsocks-libev was maintained by Max Lv <[email protected]> and Linus Yang
.PP
This manual page was written by Max Lv <[email protected]>.