From dbbfb0fa1a01828ff176caf9359ee18cc878bb0e Mon Sep 17 00:00:00 2001 From: Reza Behzadan Date: Thu, 20 Feb 2025 14:40:09 -0500 Subject: [PATCH] Update README --- README.md | 50 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 833a402..6559f21 100644 --- a/README.md +++ b/README.md @@ -1,30 +1,44 @@ +# TCProxy +**TCProxy** is a lightweight TCP proxy designed to forward HTTPS and HTTP traffic while enforcing an IP-based whitelist. It inspects incoming connections, determines if they are HTTPS or HTTP, and forwards them accordingly to the appropriate backend server. -### Sample `iptables` rules +### Features: +- **SNI-based Routing**: Extracts the Server Name Indication (SNI) from HTTPS requests and forwards them to the correct backend. +- **IP Whitelisting**: Allows only approved IP addresses to connect, dynamically reloading the whitelist file on changes. +- **Seamless HTTP/HTTPS Handling**: Differentiates between HTTP and HTTPS connections and routes them accordingly. +- **Concurrency Support**: Uses goroutines and wait groups for efficient connection handling. +- **Customizable Binding**: Supports binding to a custom address and port via command-line flags. +- **Lightweight & Self-Contained**: Written in Go with no external dependencies apart from the standard library. +### Usage: ``` -# IPv4 -sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8443 -sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 - -# IPv6 -sudo ip6tables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8443 -sudo ip6tables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 - +tcproxy -b ``` - -### Sample `dnsmasq` config +Or with default options: ``` -no-dhcp-interface= -enable-tftp=false +tcproxy +``` +### Command-line Options: +- `-b, --bind`: Set the address to bind (default: `localhost:8443`). +- `-v, --version`: Display the version. +- `-h, --help`: Show usage instructions. -listen-address=0.0.0.0 -interface=eth0 +### Example: +```sh +tcproxy -b "0.0.0.0:8443" +``` +This starts TCProxy, listening on all interfaces at port 8443. -address=/#/185.218.139.254 +### Requirements: +- Go 1.16+ +- A `whitelist.txt` file for IP-based filtering. -server=/pool.ntp.org/1.1.1.1 -server=/ntp.ubuntu.com/1.1.1.1 +### Installation: +Build from source: +```sh +git clone https://git.behzadan.com/reza/tcproxy.git +cd tcproxy +make ``` ### Acknowledgements