From 73f0987b965746bc45eb5c48142c56bd4a57948b Mon Sep 17 00:00:00 2001 From: nadoo <287492+nadoo@users.noreply.github.com> Date: Thu, 31 Aug 2017 11:03:34 +0800 Subject: [PATCH] examples: add 9. Transparent Proxy without dnsmasq --- README.md | 4 +- .../glider.conf | 3 - .../README.md | 60 +++++++++++++++++++ .../glider.conf | 10 +++- .../rules.d/home.rule | 0 .../rules.d/office.list | 7 +++ .../rules.d/office.rule | 15 ++++- 7 files changed, 90 insertions(+), 9 deletions(-) create mode 100644 config/examples/9.transparent_proxy_without_dnsmasq/README.md rename config/examples/{8.transparent_proxy_with_dnsmasq => 9.transparent_proxy_without_dnsmasq}/rules.d/home.rule (100%) create mode 100644 config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list rename config/examples/{8.transparent_proxy_with_dnsmasq => 9.transparent_proxy_without_dnsmasq}/rules.d/office.rule (50%) diff --git a/README.md b/README.md index e41c819..331b612 100644 --- a/README.md +++ b/README.md @@ -34,8 +34,8 @@ General: - Periodical proxy checking - Rule proxy based on destinations: [Config Examples](config/examples) - Ipset management - - Add ip/cidrs in rule files on startup - - Add resolved ips for domains in rule files by dns forwarder server + - Add ip/cidrs from rule files on startup + - Add resolved ips for domains from rule files by dns forwarding server TODO: - [ ] UDP Tunnel diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf b/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf index c13a953..ea68297 100644 --- a/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf +++ b/config/examples/8.transparent_proxy_with_dnsmasq/glider.conf @@ -11,6 +11,3 @@ forward=http://1.1.1.1:8080 strategy=rr checkwebsite=www.apple.com checkduration=30 - -# parse all *.rule files in rules.d folder -#rules-dir=rules.d diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md new file mode 100644 index 0000000..0b4062e --- /dev/null +++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md @@ -0,0 +1,60 @@ + +## 9. Transparent Proxy without dnsmasq + +In this mode, glider will act as the following roles: +1. A transparent proxy server +2. A dns forwarding server +3. A ipset manager +so you don't need any dns server in your network. + +#### Glider Configuration +##### glider.conf +```bash +verbose=True +# as a redir proxy +listen=redir://:1081 +# as a dns forwarding server +dns=:53 +dnsserver=8.8.8.8:53 +# as a ipset manager +ipset=glider +# specify rule files +rules-dir=rules.d +``` + +##### office.rule +```bash +# add your forwarders +forward=http://forwarder1:8080,socks5://forwarder2:1080 +forward=http://1.1.1.1:8080 +strategy=rr +checkwebsite=www.apple.com +checkduration=30 +# specify a different dns server(if need) +dnsserver=208.67.222.222:53 + +# specify destinations +#include=office.list.example +domain=example1.com +domain=example2.com +# matches ip +ip=1.1.1.1 +ip=2.2.2.2 +# matches a ip net +cidr=192.168.100.0/24 +cidr=172.16.100.0/24 +``` + +#### Config iptables on your linux gateway +```bash +iptables -t nat -I PREROUTING -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081 +iptables -t nat -I OUTPUT -p tcp -m set --match-set glider dst -j REDIRECT --to-ports 1081 +``` + +Now you can startup glider and dnsmasq, the whole process: +1. +1. all dns requests for domain example1.com will be forward to glider(:5353) by dnsmasq +2. glider will forward dns requests to 8.8.8.8:53 in tcp via forwarders +3. the resolved ip address will be add to ipset "myset" by dnsmasq +4. all tcp requests to example1.com will be redirect to glider(:1081) +5. glider then forward requests to example1.com via forwarders diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf b/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf index 07a480f..b78826c 100644 --- a/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf +++ b/config/examples/9.transparent_proxy_without_dnsmasq/glider.conf @@ -2,7 +2,15 @@ # Verbose mode, print logs verbose=True -listen=:8443 +# as a redir proxy +listen=redir://:1081 + +# as a dns forwarding server +dns=:53 +dnsserver=8.8.8.8:53 + +# as a ipset manager +ipset=glider # parse all *.rule files in rules.d folder rules-dir=rules.d diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/home.rule b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule similarity index 100% rename from config/examples/8.transparent_proxy_with_dnsmasq/rules.d/home.rule rename to config/examples/9.transparent_proxy_without_dnsmasq/rules.d/home.rule diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list new file mode 100644 index 0000000..cf20b6d --- /dev/null +++ b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.list @@ -0,0 +1,7 @@ + +domain=mycompany.com +domain=mycompany1.com +ip=4.4.4.4 +ip=5.5.5.5 +cidr=cidr=172.16.101.0/24 +cidr=cidr=172.16.102.0/24 \ No newline at end of file diff --git a/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/office.rule b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule similarity index 50% rename from config/examples/8.transparent_proxy_with_dnsmasq/rules.d/office.rule rename to config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule index 3ff311f..f6db0fb 100644 --- a/config/examples/8.transparent_proxy_with_dnsmasq/rules.d/office.rule +++ b/config/examples/9.transparent_proxy_without_dnsmasq/rules.d/office.rule @@ -9,10 +9,19 @@ forward=http://forwarder2:8080,socks5://forwarder3:1080 # Round Robin mode: rr # High Availability mode: ha strategy=rr - checkwebsite=www.apple.com checkduration=30 +# specify a different dns server(if need) +dnsserver=208.67.222.222:53 -# matches 172.16.0.0/24 -cidr=172.16.0.0/24 +# specify destinations +#include=office.list +domain=example1.com +domain=example2.com +# matches ip +ip=1.1.1.1 +ip=2.2.2.2 +# matches a ip net +cidr=192.168.100.0/24 +cidr=172.16.100.0/24