reza/tcproxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README

Browse Source
This commit is contained in:
Reza Behzadan 2025-02-20 14:40:09 -05:00
parent fcd0dff5c0
commit dbbfb0fa1a
1 changed files with 32 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
README.md
View File

@ -1,30 +1,44 @@
# TCProxy
**TCProxy** is a lightweight TCP proxy designed to forward HTTPS and HTTP traffic while enforcing an IP-based whitelist. It inspects incoming connections, determines if they are HTTPS or HTTP, and forwards them accordingly to the appropriate backend server.
### Sample `iptables` rules ### Features:
- **SNI-based Routing**: Extracts the Server Name Indication (SNI) from HTTPS requests and forwards them to the correct backend.
- **IP Whitelisting**: Allows only approved IP addresses to connect, dynamically reloading the whitelist file on changes.
- **Seamless HTTP/HTTPS Handling**: Differentiates between HTTP and HTTPS connections and routes them accordingly.
- **Concurrency Support**: Uses goroutines and wait groups for efficient connection handling.
- **Customizable Binding**: Supports binding to a custom address and port via command-line flags.
- **Lightweight & Self-Contained**: Written in Go with no external dependencies apart from the standard library.
### Usage:
``` ```
# IPv4 tcproxy -b <bind-address>
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8443
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
# IPv6
sudo ip6tables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8443
sudo ip6tables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
``` ```
Or with default options:
### Sample `dnsmasq` config
``` ```
no-dhcp-interface= tcproxy
enable-tftp=false ```
### Command-line Options:
- `-b, --bind`: Set the address to bind (default: `localhost:8443`).
- `-v, --version`: Display the version.
- `-h, --help`: Show usage instructions.
listen-address=0.0.0.0 ### Example:
interface=eth0 ```sh
tcproxy -b "0.0.0.0:8443"
```
This starts TCProxy, listening on all interfaces at port 8443.
address=/#/185.218.139.254 ### Requirements:
- Go 1.16+
- A `whitelist.txt` file for IP-based filtering.
server=/pool.ntp.org/1.1.1.1 ### Installation:
server=/ntp.ubuntu.com/1.1.1.1 Build from source:
```sh
git clone https://git.behzadan.com/reza/tcproxy.git
cd tcproxy
make
``` ```
### Acknowledgements ### Acknowledgements