diff --git a/changelog.md b/changelog.md index ffca43d..18a4e1b 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,13 @@ # Changelog +## 2025-03-07 - 3.29.1 - fix(readme) +Update readme for IPTablesProxy options + +- Add comprehensive examples for IPTablesProxy usage. +- Expand IPTablesProxy settings with IPv6, logging, and advanced features. +- Clarify option defaults and descriptions for IPTablesProxy. +- Enhance 'Troubleshooting' section with IPTables tips. + ## 2025-03-07 - 3.29.0 - feat(IPTablesProxy) Enhanced IPTablesProxy with multi-port and IPv6 support diff --git a/readme.md b/readme.md index 048459a..bfb0839 100644 --- a/readme.md +++ b/readme.md @@ -320,8 +320,8 @@ portProxy.start(); ```typescript import { IPTablesProxy } from '@push.rocks/smartproxy'; -// Configure IPTables to forward from port 80 to 8080 -const iptables = new IPTablesProxy({ +// Basic usage - forward single port +const basicProxy = new IPTablesProxy({ fromPort: 80, toPort: 8080, toHost: 'localhost', @@ -329,7 +329,38 @@ const iptables = new IPTablesProxy({ deleteOnExit: true // Automatically clean up rules on process exit }); -iptables.start(); +// Forward port ranges +const rangeProxy = new IPTablesProxy({ + fromPort: { from: 3000, to: 3010 }, // Forward ports 3000-3010 + toPort: { from: 8000, to: 8010 }, // To ports 8000-8010 + protocol: 'tcp', // TCP protocol (default) + ipv6Support: true, // Enable IPv6 support + enableLogging: true // Enable detailed logging +}); + +// Multiple port specifications with IP filtering +const advancedProxy = new IPTablesProxy({ + fromPort: [80, 443, { from: 8000, to: 8010 }], // Multiple ports/ranges + toPort: [8080, 8443, { from: 18000, to: 18010 }], + allowedSourceIPs: ['10.0.0.0/8', '192.168.1.0/24'], // Only allow these IPs + bannedSourceIPs: ['192.168.1.100'], // Explicitly block these IPs + addJumpRule: true, // Use custom chain for better management + checkExistingRules: true // Check for duplicate rules +}); + +// NetworkProxy integration for SSL termination +const sslProxy = new IPTablesProxy({ + fromPort: 443, + toPort: 8443, + netProxyIntegration: { + enabled: true, + redirectLocalhost: true, // Redirect localhost traffic to NetworkProxy + sslTerminationPort: 8443 // Port where NetworkProxy handles SSL + } +}); + +// Start any of the proxies +await basicProxy.start(); ``` ### Automatic HTTPS Certificate Management @@ -383,13 +414,30 @@ acmeHandler.addDomain('api.example.com'); ### IPTablesProxy Settings -| Option | Description | Default | -|-------------------|---------------------------------------------|-------------| -| `fromPort` | Source port to forward from | - | -| `toPort` | Destination port to forward to | - | -| `toHost` | Destination host to forward to | 'localhost' | -| `preserveSourceIP`| Preserve the original client IP | false | -| `deleteOnExit` | Remove iptables rules when process exits | false | +| Option | Description | Default | +|-----------------------|---------------------------------------------------|-------------| +| `fromPort` | Source port(s) or range(s) to forward from | - | +| `toPort` | Destination port(s) or range(s) to forward to | - | +| `toHost` | Destination host to forward to | 'localhost' | +| `preserveSourceIP` | Preserve the original client IP | false | +| `deleteOnExit` | Remove iptables rules when process exits | false | +| `protocol` | Protocol to forward ('tcp', 'udp', or 'all') | 'tcp' | +| `enableLogging` | Enable detailed logging | false | +| `ipv6Support` | Enable IPv6 support with ip6tables | false | +| `allowedSourceIPs` | Array of IP addresses/CIDR allowed to connect | - | +| `bannedSourceIPs` | Array of IP addresses/CIDR blocked from connecting | - | +| `forceCleanSlate` | Clear all IPTablesProxy rules before starting | false | +| `addJumpRule` | Add a custom chain for cleaner rule management | false | +| `checkExistingRules` | Check if rules already exist before adding | true | +| `netProxyIntegration` | NetworkProxy integration options (object) | - | + +#### IPTablesProxy NetworkProxy Integration Options + +| Option | Description | Default | +|----------------------|---------------------------------------------------|---------| +| `enabled` | Enable NetworkProxy integration | false | +| `redirectLocalhost` | Redirect localhost traffic to NetworkProxy | false | +| `sslTerminationPort` | Port where NetworkProxy handles SSL termination | - | ## Advanced Features @@ -442,6 +490,18 @@ The `PortProxy` class can inspect the SNI (Server Name Indication) field in TLS - Domain-specific allowed IP ranges - Protection against SNI renegotiation attacks +### Enhanced IPTables Management + +The improved `IPTablesProxy` class offers advanced capabilities: + +- Support for multiple port ranges and individual ports +- IPv6 support with ip6tables +- Source IP filtering with allow/block lists +- Custom chain creation for better rule organization +- NetworkProxy integration for SSL termination +- Automatic rule existence checking to prevent duplicates +- Comprehensive cleanup on shutdown + ## Troubleshooting ### Browser Certificate Errors @@ -475,6 +535,16 @@ For improved connection stability in high-traffic environments: 4. **Monitor Connection Statistics**: Enable detailed logging to track termination reasons 5. **Fine-tune Inactivity Checks**: Adjust `inactivityCheckInterval` based on your traffic patterns +### IPTables Troubleshooting + +If you're experiencing issues with IPTablesProxy: + +1. **Enable Detailed Logging**: Set `enableLogging: true` to see all rule operations +2. **Force Clean Slate**: Use `forceCleanSlate: true` to remove any lingering rules +3. **Use Custom Chains**: Enable `addJumpRule: true` for cleaner rule management +4. **Check Permissions**: Ensure your process has sufficient permissions to modify iptables +5. **Verify IPv6 Support**: If using `ipv6Support: true`, ensure ip6tables is available + ## License and Legal Information This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts index 6346bd4..f4eddf1 100644 --- a/ts/00_commitinfo_data.ts +++ b/ts/00_commitinfo_data.ts @@ -3,6 +3,6 @@ */ export const commitinfo = { name: '@push.rocks/smartproxy', - version: '3.29.0', + version: '3.29.1', description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.' }