Update README

iptables_init.sh

README.md

@@ -1,34 +1,30 @@
 # TCProxy
 
-**TCProxy** is a lightweight TCP proxy designed to forward HTTPS and HTTP traffic while enforcing an IP-based whitelist. It inspects incoming connections, determines if they are HTTPS or HTTP, and forwards them accordingly to the appropriate backend server.
+**TCProxy** is a lightweight and efficient TCP proxy that forwards HTTPS and HTTP traffic transparently based on SNI and host headers. Originally developed to bypass internet censorship, it enables seamless access to blocked websites when combined with a custom DNS resolver.
 
 ### Features:
-- **SNI-based Routing**: Extracts the Server Name Indication (SNI) from HTTPS requests and forwards them to the correct backend.
+- **Transparent HTTPS/HTTP Forwarding**: Routes traffic based on SNI (for HTTPS) and Host headers (for HTTP) without requiring client-side configuration.
-- **IP Whitelisting**: Allows only approved IP addresses to connect, dynamically reloading the whitelist file on changes.
+- **Censorship Bypass**: Designed to work with a DNS server that redirects blocked domains to a proxy server.
-- **Seamless HTTP/HTTPS Handling**: Differentiates between HTTP and HTTPS connections and routes them accordingly.
+- **IP Whitelisting**: Restricts access to authorized users, with dynamic whitelist updates.
-- **Concurrency Support**: Uses goroutines and wait groups for efficient connection handling.
+- **Minimal Overhead**: Lightweight Go implementation with efficient concurrency handling.
-- **Customizable Binding**: Supports binding to a custom address and port via command-line flags.
+- **Customizable Binding**: Allows specifying the listening address and port.
-- **Lightweight & Self-Contained**: Written in Go with no external dependencies apart from the standard library.
+
+### How It Works:
+1. A **custom DNS resolver** is deployed inside a censored region to redirect domains to an external VPS.
+2. The **VPS runs TCProxy**, which inspects and forwards traffic to the requested destination.
+3. **iptables** is used to transparently redirect all traffic on ports `80` and `443` to `tcproxy`.
 
 ### Usage:
-```
-tcproxy -b <bind-address>
-```
-Or with default options:
-```
-tcproxy
-```
-### Command-line Options:
-- `-b, --bind`: Set the address to bind (default: `localhost:8443`).
-- `-v, --version`: Display the version.
-- `-h, --help`: Show usage instructions.
-
-### Example:
 ```sh
 tcproxy -b "0.0.0.0:8443"
 ```
 This starts TCProxy, listening on all interfaces at port 8443.
 
+### Command-line Options:
+- `-b, --bind`: Set the address to bind (default: `localhost:8443`).
+- `-v, --version`: Display the version.
+- `-h, --help`: Show usage instructions.
+
 ### Requirements:
 - Go 1.16+
 - A `whitelist.txt` file for IP-based filtering.
@@ -39,6 +35,7 @@ Build from source:
 git clone https://git.behzadan.com/reza/tcproxy.git
 cd tcproxy
 make
+sudo make install
 ```
 
 ### Acknowledgements

dnsmasq.conf

@@ -0,0 +1,16 @@
+no-dhcp-interface=
+enable-tftp=false
+no-hosts
+
+listen-address=0.0.0.0
+interface=eth0
+address=/#/<IP-ADDRESS-OF-THE-VPS>
+address=/home.behzadan.ir/192.168.1.14
+
+server=/pool.ntp.org/1.1.1.1
+server=/ntp.ubuntu.com/1.1.1.1
+server=/smtp.gmail.com/8.8.8.8
+server=/.ir/217.218.155.155
+server=/.ir/217.218.127.127
+server=/.ir/2.188.21.130
+

iptables_init.sh

@@ -1,19 +1,5 @@
 #!/bin/bash
 
-# Flush existing rules
-iptables -F
-ip6tables -F
-iptables -t nat -F
-ip6tables -t nat -F
-
-# Set default policies
-iptables -P INPUT ACCEPT
-iptables -P FORWARD ACCEPT
-iptables -P OUTPUT ACCEPT
-ip6tables -P INPUT ACCEPT
-ip6tables -P FORWARD ACCEPT
-ip6tables -P OUTPUT ACCEPT
-
 # Apply IPv4 rules
 iptables -t nat -A PREROUTING -i enX0 -p tcp --dport 443 -j REDIRECT --to-ports 4443
 iptables -t nat -A PREROUTING -i enX0 -p tcp --dport 80 -j REDIRECT --to-ports 4443