fix(readme): Update readme for IPTablesProxy options

2025-03-07 14:34:49 +00:00
parent d6027c11c1
commit 618b6fe2d1
3 changed files with 89 additions and 11 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,13 @@
 # Changelog

+## 2025-03-07 - 3.29.1 - fix(readme)
+Update readme for IPTablesProxy options
+
+- Add comprehensive examples for IPTablesProxy usage.
+- Expand IPTablesProxy settings with IPv6, logging, and advanced features.
+- Clarify option defaults and descriptions for IPTablesProxy.
+- Enhance 'Troubleshooting' section with IPTables tips.
+
 ## 2025-03-07 - 3.29.0 - feat(IPTablesProxy)
 Enhanced IPTablesProxy with multi-port and IPv6 support

--- a/readme.md
+++ b/readme.md
@@ -320,8 +320,8 @@ portProxy.start();
 ```typescript
 import { IPTablesProxy } from '@push.rocks/smartproxy';

-// Configure IPTables to forward from port 80 to 8080
-const iptables = new IPTablesProxy({
+// Basic usage - forward single port
+const basicProxy = new IPTablesProxy({
  fromPort: 80,
  toPort: 8080,
  toHost: 'localhost',
@@ -329,7 +329,38 @@ const iptables = new IPTablesProxy({
  deleteOnExit: true  // Automatically clean up rules on process exit
 });

-iptables.start();
+// Forward port ranges
+const rangeProxy = new IPTablesProxy({
+  fromPort: { from: 3000, to: 3010 },  // Forward ports 3000-3010
+  toPort: { from: 8000, to: 8010 },    // To ports 8000-8010
+  protocol: 'tcp',                     // TCP protocol (default)
+  ipv6Support: true,                   // Enable IPv6 support
+  enableLogging: true                  // Enable detailed logging
+});
+
+// Multiple port specifications with IP filtering
+const advancedProxy = new IPTablesProxy({
+  fromPort: [80, 443, { from: 8000, to: 8010 }],  // Multiple ports/ranges
+  toPort: [8080, 8443, { from: 18000, to: 18010 }],
+  allowedSourceIPs: ['10.0.0.0/8', '192.168.1.0/24'],  // Only allow these IPs
+  bannedSourceIPs: ['192.168.1.100'],                 // Explicitly block these IPs
+  addJumpRule: true,                                  // Use custom chain for better management
+  checkExistingRules: true                           // Check for duplicate rules
+});
+
+// NetworkProxy integration for SSL termination
+const sslProxy = new IPTablesProxy({
+  fromPort: 443,
+  toPort: 8443,
+  netProxyIntegration: {
+    enabled: true,
+    redirectLocalhost: true,           // Redirect localhost traffic to NetworkProxy
+    sslTerminationPort: 8443           // Port where NetworkProxy handles SSL
+  }
+});
+
+// Start any of the proxies
+await basicProxy.start();
 ```

 ### Automatic HTTPS Certificate Management
@@ -383,13 +414,30 @@ acmeHandler.addDomain('api.example.com');

 ### IPTablesProxy Settings

-| Option            | Description                                 | Default     |
-|-------------------|---------------------------------------------|-------------|
-| `fromPort`        | Source port to forward from                 | -           |
-| `toPort`          | Destination port to forward to              | -           |
-| `toHost`          | Destination host to forward to              | 'localhost' |
-| `preserveSourceIP`| Preserve the original client IP             | false       |
-| `deleteOnExit`    | Remove iptables rules when process exits    | false       |
+| Option                | Description                                       | Default     |
+|-----------------------|---------------------------------------------------|-------------|
+| `fromPort`            | Source port(s) or range(s) to forward from        | -           |
+| `toPort`              | Destination port(s) or range(s) to forward to     | -           |
+| `toHost`              | Destination host to forward to                    | 'localhost' |
+| `preserveSourceIP`    | Preserve the original client IP                   | false       |
+| `deleteOnExit`        | Remove iptables rules when process exits          | false       |
+| `protocol`            | Protocol to forward ('tcp', 'udp', or 'all')      | 'tcp'       |
+| `enableLogging`       | Enable detailed logging                           | false       |
+| `ipv6Support`         | Enable IPv6 support with ip6tables                | false       |
+| `allowedSourceIPs`    | Array of IP addresses/CIDR allowed to connect     | -           |
+| `bannedSourceIPs`     | Array of IP addresses/CIDR blocked from connecting | -           |
+| `forceCleanSlate`     | Clear all IPTablesProxy rules before starting     | false       |
+| `addJumpRule`         | Add a custom chain for cleaner rule management    | false       |
+| `checkExistingRules`  | Check if rules already exist before adding        | true        |
+| `netProxyIntegration` | NetworkProxy integration options (object)         | -           |
+
+#### IPTablesProxy NetworkProxy Integration Options
+
+| Option               | Description                                       | Default |
+|----------------------|---------------------------------------------------|---------|
+| `enabled`            | Enable NetworkProxy integration                   | false   |
+| `redirectLocalhost`  | Redirect localhost traffic to NetworkProxy        | false   |
+| `sslTerminationPort` | Port where NetworkProxy handles SSL termination   | -       |

 ## Advanced Features

@@ -442,6 +490,18 @@ The `PortProxy` class can inspect the SNI (Server Name Indication) field in TLS
 - Domain-specific allowed IP ranges
 - Protection against SNI renegotiation attacks

+### Enhanced IPTables Management
+
+The improved `IPTablesProxy` class offers advanced capabilities:
+
+- Support for multiple port ranges and individual ports
+- IPv6 support with ip6tables
+- Source IP filtering with allow/block lists
+- Custom chain creation for better rule organization
+- NetworkProxy integration for SSL termination
+- Automatic rule existence checking to prevent duplicates
+- Comprehensive cleanup on shutdown
+
 ## Troubleshooting

 ### Browser Certificate Errors
@@ -475,6 +535,16 @@ For improved connection stability in high-traffic environments:
 4. **Monitor Connection Statistics**: Enable detailed logging to track termination reasons
 5. **Fine-tune Inactivity Checks**: Adjust `inactivityCheckInterval` based on your traffic patterns

+### IPTables Troubleshooting
+
+If you're experiencing issues with IPTablesProxy:
+
+1. **Enable Detailed Logging**: Set `enableLogging: true` to see all rule operations
+2. **Force Clean Slate**: Use `forceCleanSlate: true` to remove any lingering rules
+3. **Use Custom Chains**: Enable `addJumpRule: true` for cleaner rule management
+4. **Check Permissions**: Ensure your process has sufficient permissions to modify iptables
+5. **Verify IPv6 Support**: If using `ipv6Support: true`, ensure ip6tables is available
+
 ## License and Legal Information

 This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. 
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartproxy',
-  version: '3.29.0',
+  version: '3.29.1',
  description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
 }