Підключити proxy до OpenWrt та направити локальний трафік

Posted on Dec 16, 2023 12:02:00 UTC. Last Edited on Dec 28, 2023 16:00:28 UTC

#OpenWrt #redsocks

 

Перевірено на прошивці OpenWrt 22.03.5 r20134-5f15225c1e

  1. Оновлюємо package manager: opkg update
  2. Встановлюємо потрібні пакети: opkg install iptables iptables-mod-nat-extra redsocks
  3. Запускаємо команду: service redsocks stop && mv /etc/redsocks.conf /etc/redsocks.conf.bkp && cd /etc && wget https://github.com/emonbhuiyan/Redsocks-OpenWRT/raw/main/redsocks.conf && mv /etc/init.d/redsocks /etc/init.d/redsocks.bkp && cd /etc/init.d && wget https://github.com/emonbhuiyan/Redsocks-OpenWRT/raw/main/redsocks && chmod +x /etc/init.d/redsocks

Після встановлення вбиваємо налаштування проксі у цей файл /etc/resocks.conf

base {
        log_debug = off;
        log_info = on;
        log = "syslog:local7";
        daemon = on;
        redirector = iptables;
}

redsocks {
        local_ip = 0.0.0.0;
        local_port = 1337;
        ip = xx.xx.xx.xx;
        port = xxxx;
        type = socks5;
        login = "username";
        password = "password";
}

Створюємо файл /root/socks.sh

#!/bin/sh /etc/rc.common
# Copyright (C) 2007 OpenWrt.org

START=90
INTERFACE=br-lan
PORT=1337

# check if configuration exists
[ -e "/etc/redsocks.conf" ] || exit 0

iptable_start() {
    /bin/echo -n "running proxy bypass iptables ..."

    # Run iptable commands
    iptables -t nat -N REDSOCKS

    iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
    iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
#    iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
    iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
    iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
    iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

    iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports ${PORT}

    iptables -t nat -A PREROUTING -i ${INTERFACE} -p tcp -j REDSOCKS

    iptables -A INPUT -i br-lan -p tcp --dport ${PORT} -j ACCEPT

    /bin/echo " done"
}

iptable_stop() {
    /bin/echo -n "cleaning proxy bypass iptables ..."

    # Run iptable commands
    iptables -t nat -F REDSOCKS
    iptables -t nat -F PREROUTING
    iptables -t nat -F POSTROUTING
    iptables -F INPUT
    iptables -F FORWARD
    iptables -t nat -X REDSOCKS

    /bin/echo " done"
}

start() {
    if [ -e "/var/run/redsocks.pid" ]; then
        echo "proxy bypass is already running"
        exit 0
    fi

    /bin/echo -n "running proxy bypass ..."

    # startup the safety-wrapper for the daemon
    /usr/sbin/redsocks -c /etc/redsocks.conf -p /var/run/redsocks.pid

    /bin/echo " done"
    iptable_start
}


stop() {
    if [ ! -e "/var/run/redsocks.pid" ]; then
        echo "proxy bypass is not running"
        exit 0
    fi

    /bin/echo -n "stopping proxy bypass ..."

    # kill the process
    /bin/kill $(cat /var/run/redsocks.pid)
    rm /var/run/redsocks.pid

    echo " done"
    iptable_stop

    /bin/echo -n "restarting firewall ..."
    /etc/init.d/firewall restart &> /dev/null
    /bin/echo " done"
}

для запуску використовуємо команди sh /root/socks.sh start та sh /root/socks.sh stop