This is a transparent proxy per app based on iptables + network classifier cgroup on Linux, and it’s more general than proxychains.
Build and install tproxy
git clone --recursive https://github.com/heiher/hev-socks5-tproxy cd hev-socks5-tproxy make sudo cp bin/hev-socks5-tproxy /usr/local/bin/ sudo cp conf/main.ini /usr/local/etc/hev-socks5-tproxy.conf |
Install systemd serivce
# /etc/systemd/system/hev-socks5-tproxy.service [Unit] Description=HevSocks5TProxy [Service] User=nobody ExecStart=/usr/local/bin/hev-socks5-tproxy /usr/local/etc/hev-socks5-tproxy.conf KillMode=process Restart=always LimitNOFILE=65536 [Install] WantedBy=multi-user.target |
Install tproxy wrapper
#!/bin/bash # /usr/local/bin/tproxy NET_CLS_DIR="/sys/fs/cgroup/net_cls/tproxy" NET_CLS_ID=88 TP_TCP_PORT=1088 TP_DNS_PORT=5300 if [ ! -e ${NET_CLS_DIR} ]; then sudo sh -c "mkdir -p ${NET_CLS_DIR}; \ chmod 0666 ${NET_CLS_DIR}/tasks; \ echo ${NET_CLS_ID} > ${NET_CLS_DIR}/net_cls.classid; \ iptables -t nat -D OUTPUT -p tcp \ -m cgroup --cgroup ${NET_CLS_ID} \ -j REDIRECT --to-ports ${TP_TCP_PORT}; \ iptables -t nat -D OUTPUT -p udp --dport 53 \ -m cgroup --cgroup ${NET_CLS_ID} \ -j REDIRECT --to-ports ${TP_DNS_PORT}; \ iptables -t nat -I OUTPUT -p tcp \ -m cgroup --cgroup ${NET_CLS_ID} \ -j REDIRECT --to-ports ${TP_TCP_PORT}; \ iptables -t nat -I OUTPUT -p udp --dport 53 \ -m cgroup --cgroup ${NET_CLS_ID} \ -j REDIRECT --to-ports ${TP_DNS_PORT};" 2>&1 2> /dev/null fi echo $$ > ${NET_CLS_DIR}/tasks exec "$@" |
How to use?
tproxy COMMAND # For example tproxy wget http://xxx.com/xxx tproxy makepkg |
Over!