README.md

@@ -1,30 +1,34 @@
 # TCProxy
 
-**TCProxy** is a lightweight and efficient TCP proxy that forwards HTTPS and HTTP traffic transparently based on SNI and host headers. Originally developed to bypass internet censorship, it enables seamless access to blocked websites when combined with a custom DNS resolver.
+**TCProxy** is a lightweight TCP proxy designed to forward HTTPS and HTTP traffic while enforcing an IP-based whitelist. It inspects incoming connections, determines if they are HTTPS or HTTP, and forwards them accordingly to the appropriate backend server.
 
 ### Features:
-- **Transparent HTTPS/HTTP Forwarding**: Routes traffic based on SNI (for HTTPS) and Host headers (for HTTP) without requiring client-side configuration.
+- **SNI-based Routing**: Extracts the Server Name Indication (SNI) from HTTPS requests and forwards them to the correct backend.
-- **Censorship Bypass**: Designed to work with a DNS server that redirects blocked domains to a proxy server.
+- **IP Whitelisting**: Allows only approved IP addresses to connect, dynamically reloading the whitelist file on changes.
-- **IP Whitelisting**: Restricts access to authorized users, with dynamic whitelist updates.
+- **Seamless HTTP/HTTPS Handling**: Differentiates between HTTP and HTTPS connections and routes them accordingly.
-- **Minimal Overhead**: Lightweight Go implementation with efficient concurrency handling.
+- **Concurrency Support**: Uses goroutines and wait groups for efficient connection handling.
-- **Customizable Binding**: Allows specifying the listening address and port.
+- **Customizable Binding**: Supports binding to a custom address and port via command-line flags.
-
+- **Lightweight & Self-Contained**: Written in Go with no external dependencies apart from the standard library.
-### How It Works:
-1. A **custom DNS resolver** is deployed inside a censored region to redirect domains to an external VPS.
-2. The **VPS runs TCProxy**, which inspects and forwards traffic to the requested destination.
-3. **iptables** is used to transparently redirect all traffic on ports `80` and `443` to `tcproxy`.
 
 ### Usage:
-```sh
-tcproxy -b "0.0.0.0:8443"
 ```
-This starts TCProxy, listening on all interfaces at port 8443.
+tcproxy -b <bind-address>
-
+```
+Or with default options:
+```
+tcproxy
+```
 ### Command-line Options:
 - `-b, --bind`: Set the address to bind (default: `localhost:8443`).
 - `-v, --version`: Display the version.
 - `-h, --help`: Show usage instructions.
 
+### Example:
+```sh
+tcproxy -b "0.0.0.0:8443"
+```
+This starts TCProxy, listening on all interfaces at port 8443.
+
 ### Requirements:
 - Go 1.16+
 - A `whitelist.txt` file for IP-based filtering.
@@ -35,7 +39,6 @@ Build from source:
 git clone https://git.behzadan.com/reza/tcproxy.git
 cd tcproxy
 make
-sudo make install
 ```
 
 ### Acknowledgements

dnsmasq.conf

@@ -1,16 +0,0 @@
-no-dhcp-interface=
-enable-tftp=false
-no-hosts
-
-listen-address=0.0.0.0
-interface=eth0
-address=/#/<IP-ADDRESS-OF-THE-VPS>
-address=/home.behzadan.ir/192.168.1.14
-
-server=/pool.ntp.org/1.1.1.1
-server=/ntp.ubuntu.com/1.1.1.1
-server=/smtp.gmail.com/8.8.8.8
-server=/.ir/217.218.155.155
-server=/.ir/217.218.127.127
-server=/.ir/2.188.21.130
-

iptables_init.sh

@@ -1,5 +1,19 @@
 #!/bin/bash
 
+# Flush existing rules
+iptables -F
+ip6tables -F
+iptables -t nat -F
+ip6tables -t nat -F
+
+# Set default policies
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT ACCEPT
+ip6tables -P INPUT ACCEPT
+ip6tables -P FORWARD ACCEPT
+ip6tables -P OUTPUT ACCEPT
+
 # Apply IPv4 rules
 iptables -t nat -A PREROUTING -i enX0 -p tcp --dport 443 -j REDIRECT --to-ports 4443
 iptables -t nat -A PREROUTING -i enX0 -p tcp --dport 80 -j REDIRECT --to-ports 4443