ss-nat − helper script to setup NAT rules for transparent proxy
ss−nat [−ouUfh] [−s <server_ip>] [−S <server_ip>] [−l <local_port>] [−L <local_port>] [−i <ip_list_file>] [−a <lan_ips>] [−b <wan_ips>] [−w <wan_ips>] [−e <extra_options>]
Shadowsocks−libev is a lightweight and secure socks5 proxy. It is a port of the original shadowsocks created by clowwindy. Shadowsocks−libev is written in pure C and takes advantage of libev to achieve both high performance and low resource consumption.
ss−nat(1) sets up NAT rules for ss−redir(1) to provide traffic redirection. It requires netfilter’s NAT module and iptables(8). For more information, check out shadowsocks−libev(8) and the following EXAMPLE section.
−s <server_ip>
IP address of shadowsocks remote server
−l <local_port>
Port number of shadowsocks local server
−S <server_ip>
IP address of shadowsocks remote UDP server
−L <local_port>
Port number of shadowsocks local UDP server
−i <ip_list_file>
a file whose content is bypassed ip list
−a <lan_ips>
LAN IP of access control, need a prefix to define access control mode
−b <wan_ips>
WAN IP of will be bypassed
−w <wan_ips>
WAN IP of will be forwarded
−e <extra_options>
Extra options for iptables
−o
Apply the rules to the OUTPUT chain
−u
Enable udprelay mode, TPROXY is required
−U
Enable udprelay mode, using different IP and ports for TCP and UDP
−f
Flush the rules
−h
Show this help message and exit
ss−nat requires iptables(8). Here is an example:
# Enable NAT
rules for shadowsocks,
# with both TCP and UDP redirection enabled,
# and applied for both PREROUTING and OUTPUT chains
root@Wrt:~# ss−nat −s 192.168.1.100 −l
1080 −u −o
# Disable and
flush all NAT rules for shadowsocks
root@Wrt:~# ss−nat −f
ss−local(1), ss−server(1), ss−tunnel(1), ss−manager(1), shadowsocks−libev(8), iptables(8), /etc/shadowsocks−libev/config.json