search

shadowsocks / shadowsocks-libev

Bug-fix-only libev port of shadowsocks. Future development moved to shadowsocks-rust
https://github.com/shadowsocks/shadowsocks-rust
GNU General Public License v3.0
15.79k stars 5.69k forks source link

Sharing proxy for lan clients #2042

Closed Erhesar closed 6 years ago

Erhesar commented 6 years ago

Hello!

I'm interesting in launch ss-client on device like raspberry pi or something like that for sharing proxy to my lan network. Windows gui client have a option "allow clients from lan", and I can use this pc (and his ip) for configuring proxy for all devices in my network. This way is more simple than installing client on every device. Besides, its not energy-effectively, and I want try to realize this feature on Debian/Ubuntu on (as I said) raspberry pi or something. There is any option for this? Or maybe someone can give me some info where I can read about it?

ghost commented 6 years ago

Install ss-client on your router ( or use your raspiberry or something with linux as router ) and configure iptables to redirect packet to ss-client local port.

Erhesar notifications@github.com 于 2018年5月5日周六 17:19写道:

Hello!

I'm interesting in launch ss-client on device like raspberry pi or something like that for sharing proxy to my lan network. Windows gui client have a option "allow clients from lan", and I can use this pc (and his ip) for configuring proxy for all devices in my network. This way is more simple than installing client on every device. Besides, its not energy-effectively, and I want try to realize this feature on Debian/Ubuntu on (as I said) raspberry pi or something. There is any option for this? Or maybe someone can give me some info where I can read about it?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/shadowsocks/shadowsocks-libev/issues/2042, or mute the thread https://github.com/notifications/unsubscribe-auth/AQVHEu61Sb4HpBjIexQtpuZvZdFJg5IPks5tvW65gaJpZM4TzkEO .

Erhesar commented 6 years ago

I never used iptables for redirect, only for drop on my vps… If it is not so hard can you show couple examples, please?

There is scheme: (vps with ss-server) -> (Router) -> (Rb pi with ss client) AND (lan clients) I just want to use rbpi like proxy server for browsers and other applications on lan pc or devices, where I can just enter rbpi_ip:1080 in proxy settings.

Thank you

ghost commented 6 years ago

https://gist.github.com/wen-long/8644243

You may want look at this. ss-redir transparent proxy config. IP addresses in this article seems too old, so use iptables geoip module instead.

Set it on your router, you even needn't change proxy config on your device.

Erhesar commented 6 years ago

It is look like using ss for any upcoming traffic, this is what i'm exactly do no want. I chose model of using rbpi as lan proxy server because i want to use normal way to all traffic except what i manually set to use (like browsers or some another software where i can add proxy in configuration)

xnoreq commented 6 years ago

Just run ss-local on your Pi in the LAN. What's the problem?

Erhesar commented 6 years ago

What's the problem? ss-local local port not available from other devices and pc in network. Solved problem by installing privoxy near ss-local and forward privoxy proxy port to ss-local. Now it work.

xnoreq commented 6 years ago

Why?! The -b <local_address> to ss-local parameter lets you specify where to bind to. By default its 127.0.0.1 (loopback). Simply set it to the right IP of your LAN interface or for example 0.0.0.0 to listen on all interfaces.

Have you even taken a look into the manual?

Erhesar commented 6 years ago

lol! It was not worked with real local ip address, but it is works with 0.0.0.0... And now i ask myself why... Thank you so much.

xnoreq commented 6 years ago

The interface IP should work just as well provided that the interface has the IP at the time you're launching ss-server. See ip address output.

golosoff commented 5 years ago

Hi @Erhesar can you show your config? Already 10 days, I can't adjust this. Thx in advance

golosoff commented 5 years ago

@Erhesar

{ "server":"my_white_ip", "server_port":8388, "local_address":"0.0.0.0", "local_port":1080, "password":"my_password", "timeout":60, "method":"aes-256-cfb", } if i try connect from local network, I receive "The proxy server is refusing connections" but from outside when i connect to my "white IP" all perfect

Zloi78 commented 4 years ago

@Erhesar

{ "server":"my_white_ip", "server_port":8388, "local_address":"0.0.0.0", "local_port":1080, "password":"my_password", "timeout":60, "method":"aes-256-cfb", } if i try connect from local network, I receive "The proxy server is refusing connections" but from outside when i connect to my "white IP" all perfect

Add this on your device with ss-local: iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 1080 -j ACCEPT

lokiiart commented 4 years ago

I'm facing the same problem, and I've set the "local_address" to "0.0.0.0", my iptables is off by default. and I used a macbook to share the socks, everything works fine. but now, I use the archlinux to share, it doesn't work. someone help, please.