This is a transparent proxy per app based on iptables + network classifier cgroup on Linux, and it’s more general than proxychains.
Build and install tproxy
git clone --recursive https://github.com/heiher/hev-socks5-tproxy
cd hev-socks5-tproxy
make
sudo cp bin/hev-socks5-tproxy /usr/local/bin/
sudo cp conf/main.ini /usr/local/etc/hev-socks5-tproxy.conf
Install systemd serivce
# /etc/systemd/system/hev-socks5-tproxy.service
[Unit]
Description=HevSocks5TProxy
[Service]
User=nobody
ExecStart=/usr/local/bin/hev-socks5-tproxy /usr/local/etc/hev-socks5-tproxy.conf
KillMode=process
Restart=always
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
Install tproxy wrapper
#!/bin/bash
# /usr/local/bin/tproxy
NET_CLS_DIR="/sys/fs/cgroup/net_cls/tproxy"
NET_CLS_ID=88
TP_TCP_PORT=1088
TP_DNS_PORT=5300
if [ ! -e ${NET_CLS_DIR} ]; then
sudo sh -c "mkdir -p ${NET_CLS_DIR}; \
chmod 0666 ${NET_CLS_DIR}/cgroup.procs; \
echo ${NET_CLS_ID} > ${NET_CLS_DIR}/net_cls.classid; \
iptables -t nat -D OUTPUT -p tcp \
-m cgroup --cgroup ${NET_CLS_ID} \
-j REDIRECT --to-ports ${TP_TCP_PORT}; \
iptables -t nat -D OUTPUT -p udp --dport 53 \
-m cgroup --cgroup ${NET_CLS_ID} \
-j REDIRECT --to-ports ${TP_DNS_PORT}; \
ip6tables -t nat -D OUTPUT -p tcp \
-m cgroup --cgroup ${NET_CLS_ID} \
-j REDIRECT --to-ports ${TP_TCP_PORT}; \
ip6tables -t nat -D OUTPUT -p udp --dport 53 \
-m cgroup --cgroup ${NET_CLS_ID} \
-j REDIRECT --to-ports ${TP_DNS_PORT}; \
iptables -t nat -I OUTPUT -p tcp \
-m cgroup --cgroup ${NET_CLS_ID} \
-j REDIRECT --to-ports ${TP_TCP_PORT}; \
iptables -t nat -I OUTPUT -p udp --dport 53 \
-m cgroup --cgroup ${NET_CLS_ID} \
-j REDIRECT --to-ports ${TP_DNS_PORT}; \
ip6tables -t nat -I OUTPUT -p tcp \
-m cgroup --cgroup ${NET_CLS_ID} \
-j REDIRECT --to-ports ${TP_TCP_PORT}; \
ip6tables -t nat -I OUTPUT -p udp --dport 53 \
-m cgroup --cgroup ${NET_CLS_ID} \
-j REDIRECT --to-ports ${TP_DNS_PORT};" 2>&1 2> /dev/null
fi
echo $$ > ${NET_CLS_DIR}/cgroup.procs
exec "[email protected]"
How to use?
tproxy COMMAND
# For example
tproxy wget http://xxx.com/xxx
tproxy makepkg
Over!