shadowsocks / go-shadowsocks2

Modern Shadowsocks in Go
Apache License 2.0
4.55k stars 1.42k forks source link

Feature request: support UDP redirect #73

Open 321cyb opened 7 years ago

321cyb commented 7 years ago

go-shadowsocks2 currently supports Netfilter TCP redirect, it would be terrific if it can support UDP redirect.

shadowsocks-libev already has it supported, and it only works on Linux kernels with TPROXY enabled. But TPROXY has one big shortcoming: it can only be used in PREROUTING chain of mangle table. This means that TPROXY can only redirect UDP packets sent from other machines, for example you can use TPROXY on a LAN gateway to forward all LAN UDP packets to SS server.

For iptables configuration example, please check https://github.com/shadowsocks/shadowsocks-libev#advanced-usage

riobard commented 7 years ago

Is there any way to do UDP redirect without using TPROXY?

madeye commented 7 years ago

@riobard I'm afraid not.

clmul commented 6 years ago

Set up a tun device tun0. ip link set tun0 up ip address add 192.168.1.2/24 dev tun0 ip rule add ipproto 17 table 32765 ip route add default via 192.168.1.1 table 32765

Then you can do UDP redirection without TPROXY.

gima commented 4 years ago

@clmul

Set up a tun device tun0. ip link set tun0 up ip address add 192.168.1.2/24 dev tun0 ip rule add ipproto 17 table 32765 ip route add default via 192.168.1.1 table 32765

Then you can do UDP redirection without TPROXY.

A bit more context, please. How can the above be used with go-shadowsocks2 (this project) to accomplish proxying UDP connections whose destination (address and port) is not known in advance (essentially a user-space UDP NAT)?