riobard
commented
7 years ago Is there any way to do UDP redirect without using TPROXY?
Open 321cyb opened 7 years ago
riobard
commented
7 years ago Is there any way to do UDP redirect without using TPROXY?
madeye
commented
7 years ago @riobard I'm afraid not.
clmul
commented
6 years ago Set up a tun device tun0.
ip link set tun0 up
ip address add 192.168.1.2/24 dev tun0
ip rule add ipproto 17 table 32765
ip route add default via 192.168.1.1 table 32765
Then you can do UDP redirection without TPROXY.
gima
commented
4 years ago @clmul
Set up a tun device tun0.
ip link set tun0 upip address add 192.168.1.2/24 dev tun0ip rule add ipproto 17 table 32765ip route add default via 192.168.1.1 table 32765Then you can do UDP redirection without TPROXY.
A bit more context, please. How can the above be used with go-shadowsocks2 (this project) to accomplish proxying UDP connections whose destination (address and port) is not known in advance (essentially a user-space UDP NAT)?
go-shadowsocks2 currently supports Netfilter TCP redirect, it would be terrific if it can support UDP redirect.
shadowsocks-libev already has it supported, and it only works on Linux kernels with TPROXY enabled. But TPROXY has one big shortcoming: it can only be used in PREROUTING chain of mangle table. This means that TPROXY can only redirect UDP packets sent from other machines, for example you can use TPROXY on a LAN gateway to forward all LAN UDP packets to SS server.
For iptables configuration example, please check https://github.com/shadowsocks/shadowsocks-libev#advanced-usage