Shadowsocks-libev: How can i set a parent proxy for ss?
In one situation, I set a Tor client as socks5 proxy, but you know it is not secure if i connect to that directly.
So i try to start a shadowsocks server to make it secure.
PC -> SS -> Tor
How can i make it works? or other solutions.
Thanks!
Nightsuki
All 5 comments
madeye
on 24 Nov 2017
I have already tried to use proxychains like this:
proxychains4 ssserver -s 0.0.0.0 -p 8080 -m aes-256-cfb -k storstor
but it did't works, all Shadowsocks' traffic still transmit from origin IP.
Now i am using ssh tunnel to connect Tor proxy but it's not convenient.
Nightsuki
on 24 Nov 2017
If so, try https://www.inet.no/dante/doc/latest/config/client.html
https://www.inet.no/dante/doc/1.3.x/socksify.1.html
BTW, redsocks with iptables NAT would also do the trick.
madeye
on 24 Nov 2017
If you just want to use SS as a tunnel to connect to your Tor proxy in your remote VPS (and ss-server is running in that VPS), you can use ss-tunnel.
With command line ss-tunnel -l 9050 -b 127.0.0.1 -L 127.0.0.1:9050 it works just like ssh tunnel to forward the local port 9050 in your PC to the 127.0.0.1:9050 port listened by the Tor client running in that VPS. Now you can use 127.0.0.1:9050 in your local PC as the SOCKS5 proxy.
If you use ss-tunnel, you just tell ss-server in the remote VPS to forward your TCP traffic to the 9050 port listened by the Tor client, the ss-server itself does not analyze your HTTP/HTTPS requests, it does not act as a proxy. Therefore technically you are not using Tor as the parent proxy of ss-server.
If you can only use ss-local or ss-redir in your PC, then the ss-server should act as a proxy, in this case you do need Tor to be the parent proxy of ss-server in the remote VPS.
A way to achieve this is to use some transparent redirector. As mentioned by @madeye , redsocks with iptables NAT is a solution.
Especially, if you use Tor to be the parent proxy, even redsocks is not necessary, you can use Tor as a transparent proxy directly. See https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy for detail.
Note that if you want to use transparent proxy to access hidden services with .onion addresses, you should use Tor as the DNS name server. You can modify /etc/resolv.conf to use Tor as the system-wide DNS name server, or you can use the command line ss-server -d 127.0.0.1 to tell ss-server to use 127.0.0.1:53 (listened by Tor with option DNSPort 53 in torrc file) as the name server.
yicong2007
on 2 Dec 2017
@madeye @yicong2007 It's very useful for me, thanks!
Nightsuki
on 5 Dec 2017
Related issues
piscesmk2013
·
4Comments
msdurex
·
3Comments
qianguozheng
·
4Comments
d0u9
·
4Comments
HenryHo2006
·
3Comments
Most helpful comment
If you just want to use SS as a tunnel to connect to your Tor proxy in your remote VPS (and ss-server is running in that VPS), you can use ss-tunnel.
With command line
ss-tunnel -l 9050 -b 127.0.0.1 -L 127.0.0.1:9050it works just like ssh tunnel to forward the local port 9050 in your PC to the 127.0.0.1:9050 port listened by the Tor client running in that VPS. Now you can use 127.0.0.1:9050 in your local PC as the SOCKS5 proxy.If you use ss-tunnel, you just tell ss-server in the remote VPS to forward your TCP traffic to the 9050 port listened by the Tor client, the ss-server itself does not analyze your HTTP/HTTPS requests, it does not act as a proxy. Therefore technically you are not using Tor as the parent proxy of ss-server.
If you can only use ss-local or ss-redir in your PC, then the ss-server should act as a proxy, in this case you do need Tor to be the parent proxy of ss-server in the remote VPS.
A way to achieve this is to use some transparent redirector. As mentioned by @madeye , redsocks with iptables NAT is a solution.
Especially, if you use Tor to be the parent proxy, even redsocks is not necessary, you can use Tor as a transparent proxy directly. See https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy for detail.
Note that if you want to use transparent proxy to access hidden services with .onion addresses, you should use Tor as the DNS name server. You can modify /etc/resolv.conf to use Tor as the system-wide DNS name server, or you can use the command line
ss-server -d 127.0.0.1to tell ss-server to use 127.0.0.1:53 (listened by Tor with optionDNSPort 53in torrc file) as the name server.