Skip to content
/ proxy-ns Public

Run programs in a network namespace where all traffic go through proxy

License

GPL-3.0 license
9 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

OkamiW/proxy-ns

BranchesTags

Repository files navigation

proxy-ns

proxy-ns is a Linux-specific command-line tool that can force any program to use your SOCKS5 proxy server.

Features

It has several advantages over proxychains:

  • Support both TCP and UDP
  • Work for statically linked programs

Installation

Arch Linux

proxy-ns is available at AUR.

Other

You can manually clone this repository, then use make install.

git clone https://github.com/OkamiW/proxy-ns.git
cd proxy-ns
make
sudo make install
sudo make install-config # only for first installation

Configuration

You can find the default configuration location by running help:

proxy-ns --help

Typically, you only need to change socks5_address.

If your SOCKS5 server has authentication, set username and password as well.

{
  "tun_name": "tun0",
  "tun_ip": "10.0.0.1/24",
  "socks5_address": "127.0.0.1:1080",
  "username": "",
  "password": "",
  "fake_dns": true,
  "fake_network": "240.0.0.0/4",
  "dns_server": "9.9.9.9"
}

Usage

Force curl to use your configured proxy:

proxy-ns curl g.co

With a different configuration file:

proxy-ns -c ./config.json curl g.co

Temporarily use another proxy server:

proxy-ns --socks5-address=127.0.0.1:9050 curl g.co

Temporarily disable fake-dns:

proxy-ns --fake-dns=false dig g.co

Execute your shell in proxy-ns environment:

(All programs launched in the shell would be forced to use your configured proxy.)

exec proxy-ns $SHELL

Launch firefox in proxy-ns:

(Neither chromium nor firefox implement UDP associate in their SOCKS5 client. Thereby when a proxy is set, QUIC would be disabled.

If you launch the browser in proxy-ns, instead of specifying the proxy in the browser setting, QUIC can be utilized to reduce latency.)

proxy-ns firefox

Notes about FakeDNS

FakeDNS can be used to avoid a separate DNS roundtrip, thus improving latency. But it has its own limitations:

  • All domains are resolved to fake_network, some programs may not work as expected(e.g. dig, geoiplookup).
  • Some programs may not use your system DNS resolver. FakeDNS won’t work for them.

FAQ

Why can’t I ping as a normal user inside proxy-ns?

Because proxy-ns creates a new network namespace.

For many distributions, /proc/sys/net/ipv4/ping_group_range defaults to 1 0 in a new network namespace, which disallows ping for all groups.

Since SOCKS5 doesn’t support ICMP, it would be pointless to ping inside proxy-ns anyway.

My program cannot resolve any domain

Your SOCKS5 server may not support the UDP ASSOCIATE command.

Usually, you can work around this by enabling fake_dns (it’s enabled by default).

However, some programs resolve domains themselves. You will need to enable UDP support on your proxy server for these programs to function properly.

proxy-ns doesn’t work for forking programs

This is a known issue. As proxy-ns daemon exits as the program exits.

If you start the forking program in shell, you can work around this problem by executing the shell in proxy-ns beforehand:

exec proxy-ns $SHELL

About

Run programs in a network namespace where all traffic go through proxy

Resources

Readme

License

GPL-3.0 license
Activity

Stars

9 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

30 tags

Packages

No packages published

Contributors 2

Languages