go-shadowsocks2 icon indicating copy to clipboard operation
go-shadowsocks2 copied to clipboard

Published 20 hours ago verified publisher icon shadowsocks

Feature request: support UDP redirect

Open 321cyb opened this issue 7 years ago • 4 comments

go-shadowsocks2 currently supports Netfilter TCP redirect, it would be terrific if it can support UDP redirect.

shadowsocks-libev already has it supported, and it only works on Linux kernels with TPROXY enabled. But TPROXY has one big shortcoming: it can only be used in PREROUTING chain of mangle table. This means that TPROXY can only redirect UDP packets sent from other machines, for example you can use TPROXY on a LAN gateway to forward all LAN UDP packets to SS server.

For iptables configuration example, please check https://github.com/shadowsocks/shadowsocks-libev#advanced-usage

321cyb avatar Nov 16 '17 08:11 321cyb

Is there any way to do UDP redirect without using TPROXY?

riobard avatar Nov 16 '17 16:11 riobard

@riobard I'm afraid not.

madeye avatar Nov 17 '17 03:11 madeye

Set up a tun device tun0. ip link set tun0 up ip address add 192.168.1.2/24 dev tun0 ip rule add ipproto 17 table 32765 ip route add default via 192.168.1.1 table 32765

Then you can do UDP redirection without TPROXY.

clmul avatar Aug 17 '18 03:08 clmul

@clmul

Set up a tun device tun0. ip link set tun0 up ip address add 192.168.1.2/24 dev tun0 ip rule add ipproto 17 table 32765 ip route add default via 192.168.1.1 table 32765

Then you can do UDP redirection without TPROXY.

A bit more context, please. How can the above be used with go-shadowsocks2 (this project) to accomplish proxying UDP connections whose destination (address and port) is not known in advance (essentially a user-space UDP NAT)?

gima avatar Sep 16 '20 11:09 gima