diff --git a/cgroup-tproxy.sh b/cgroup-tproxy.sh index dbd2f64..140338b 100644 --- a/cgroup-tproxy.sh +++ b/cgroup-tproxy.sh @@ -138,15 +138,6 @@ ip6tables -t mangle -A TPROXY_OUT -m cgroup --path $cgroup_proxy -j MARK --set-m ip6tables -t mangle -A OUTPUT -j TPROXY_OUT ## allow to disable, order is important -$enable_dns || iptables -t mangle -I TPROXY_PRE -p udp --dport 53 -j RETURN -$enable_dns || ip6tables -t mangle -I TPROXY_PRE -p udp --dport 53 -j RETURN -$enable_udp || iptables -t mangle -I TPROXY_PRE -p udp -j RETURN -$enable_udp || ip6tables -t mangle -I TPROXY_PRE -p udp -j RETURN -$enable_tcp || iptables -t mangle -I TPROXY_PRE -p tcp -j RETURN -$enable_tcp || ip6tables -t mangle -I TPROXY_PRE -p tcp -j RETURN -$enable_ipv4 || iptables -t mangle -I TPROXY_PRE -j RETURN -$enable_ipv6 || ip6tables -t mangle -I TPROXY_PRE -j RETURN - $enable_dns || iptables -t mangle -I TPROXY_OUT -p udp --dport 53 -j RETURN $enable_dns || ip6tables -t mangle -I TPROXY_OUT -p udp --dport 53 -j RETURN $enable_udp || iptables -t mangle -I TPROXY_OUT -p udp -j RETURN @@ -156,6 +147,17 @@ $enable_tcp || ip6tables -t mangle -I TPROXY_OUT -p tcp -j RETURN $enable_ipv4 || iptables -t mangle -I TPROXY_OUT -j RETURN $enable_ipv6 || ip6tables -t mangle -I TPROXY_OUT -j RETURN +if $enable_gateway; then +$enable_dns || iptables -t mangle -I TPROXY_PRE -p udp --dport 53 -j RETURN +$enable_dns || ip6tables -t mangle -I TPROXY_PRE -p udp --dport 53 -j RETURN +$enable_udp || iptables -t mangle -I TPROXY_PRE -p udp -j RETURN +$enable_udp || ip6tables -t mangle -I TPROXY_PRE -p udp -j RETURN +$enable_tcp || iptables -t mangle -I TPROXY_PRE -p tcp -j RETURN +$enable_tcp || ip6tables -t mangle -I TPROXY_PRE -p tcp -j RETURN +$enable_ipv4 || iptables -t mangle -I TPROXY_PRE -j RETURN +$enable_ipv6 || ip6tables -t mangle -I TPROXY_PRE -j RETURN +fi + ## message for user cat << DOC @@ -163,7 +165,7 @@ proxied cgroup: $cgroup_proxy DOC -if [ $enable_gateway=true ]; then +if $enable_gateway; then iptables -t nat -A POSTROUTING -m addrtype ! --src-type LOCAL -j MASQUERADE ip6tables -t nat -A POSTROUTING -m addrtype ! --src-type LOCAL -j MASQUERADE sysctl -w net.ipv4.ip_forward=1 diff --git a/readme.md b/readme.md index adc0084..8dd3ed5 100644 --- a/readme.md +++ b/readme.md @@ -6,16 +6,17 @@ cgproxy will transparent proxy anything running in specific cgroup. It resembles with *proxychains* and *tsock*, but without their disadvantages, and more powerfull. -It aslo supports global transparent proxy. See [Global transparent proxy](#global-transparent-proxy) - +It aslo supports global transparent proxy and gateway proxy. See [Global transparent proxy](#global-transparent-proxy) and [Gateway proxy](#gateway-proxy) + * [Transparent Proxy with cgroup v2](#transparent-proxy-with-cgroup-v2) * [Introduction](#introduction) * [Prerequest](#prerequest) * [How to install](#how-to-install) * [How to use](#how-to-use) * [Global transparent proxy](#global-transparent-proxy) + * [Gateway proxy](#gateway-proxy) * [Other useful tools provided in this project](#other-useful-tools-provided-in-this-project) * [NOTES](#notes) * [TIPS](#tips) @@ -66,7 +67,8 @@ It is alreay in [archlinux AUR](https://aur.archlinux.org/packages/cgproxy/). cgproxy curl -vIs https://www.google.com ``` -More config in `/etc/cgproxy.conf`: +
+ More config in `/etc/cgproxy.conf` (click to expand) ```bash # see how to configure @@ -102,7 +104,7 @@ mark_proxy=0x01 mark_noproxy=0xff mark_newin=0x02 ``` - +
If you changed config, remember to restart service ```bash @@ -125,6 +127,11 @@ sudo systemctl restart cgproxy.service - Finally, restart service `sudo systemctl restart cgproxy.service`, that's all +## Gateway proxy + +- set **enable_gateway=true** in `/etc/cgproxy.conf` and restart service +- other device set this host as gateway, and set public dns if necessary + ## Other useful tools provided in this project - `cgnoproxy` run program wihout proxy, very useful in global transparent proxy