fix(readme): Update readme for IPTablesProxy options
This commit is contained in:
parent
d6027c11c1
commit
618b6fe2d1
@ -1,5 +1,13 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## 2025-03-07 - 3.29.1 - fix(readme)
|
||||||
|
Update readme for IPTablesProxy options
|
||||||
|
|
||||||
|
- Add comprehensive examples for IPTablesProxy usage.
|
||||||
|
- Expand IPTablesProxy settings with IPv6, logging, and advanced features.
|
||||||
|
- Clarify option defaults and descriptions for IPTablesProxy.
|
||||||
|
- Enhance 'Troubleshooting' section with IPTables tips.
|
||||||
|
|
||||||
## 2025-03-07 - 3.29.0 - feat(IPTablesProxy)
|
## 2025-03-07 - 3.29.0 - feat(IPTablesProxy)
|
||||||
Enhanced IPTablesProxy with multi-port and IPv6 support
|
Enhanced IPTablesProxy with multi-port and IPv6 support
|
||||||
|
|
||||||
|
82
readme.md
82
readme.md
@ -320,8 +320,8 @@ portProxy.start();
|
|||||||
```typescript
|
```typescript
|
||||||
import { IPTablesProxy } from '@push.rocks/smartproxy';
|
import { IPTablesProxy } from '@push.rocks/smartproxy';
|
||||||
|
|
||||||
// Configure IPTables to forward from port 80 to 8080
|
// Basic usage - forward single port
|
||||||
const iptables = new IPTablesProxy({
|
const basicProxy = new IPTablesProxy({
|
||||||
fromPort: 80,
|
fromPort: 80,
|
||||||
toPort: 8080,
|
toPort: 8080,
|
||||||
toHost: 'localhost',
|
toHost: 'localhost',
|
||||||
@ -329,7 +329,38 @@ const iptables = new IPTablesProxy({
|
|||||||
deleteOnExit: true // Automatically clean up rules on process exit
|
deleteOnExit: true // Automatically clean up rules on process exit
|
||||||
});
|
});
|
||||||
|
|
||||||
iptables.start();
|
// Forward port ranges
|
||||||
|
const rangeProxy = new IPTablesProxy({
|
||||||
|
fromPort: { from: 3000, to: 3010 }, // Forward ports 3000-3010
|
||||||
|
toPort: { from: 8000, to: 8010 }, // To ports 8000-8010
|
||||||
|
protocol: 'tcp', // TCP protocol (default)
|
||||||
|
ipv6Support: true, // Enable IPv6 support
|
||||||
|
enableLogging: true // Enable detailed logging
|
||||||
|
});
|
||||||
|
|
||||||
|
// Multiple port specifications with IP filtering
|
||||||
|
const advancedProxy = new IPTablesProxy({
|
||||||
|
fromPort: [80, 443, { from: 8000, to: 8010 }], // Multiple ports/ranges
|
||||||
|
toPort: [8080, 8443, { from: 18000, to: 18010 }],
|
||||||
|
allowedSourceIPs: ['10.0.0.0/8', '192.168.1.0/24'], // Only allow these IPs
|
||||||
|
bannedSourceIPs: ['192.168.1.100'], // Explicitly block these IPs
|
||||||
|
addJumpRule: true, // Use custom chain for better management
|
||||||
|
checkExistingRules: true // Check for duplicate rules
|
||||||
|
});
|
||||||
|
|
||||||
|
// NetworkProxy integration for SSL termination
|
||||||
|
const sslProxy = new IPTablesProxy({
|
||||||
|
fromPort: 443,
|
||||||
|
toPort: 8443,
|
||||||
|
netProxyIntegration: {
|
||||||
|
enabled: true,
|
||||||
|
redirectLocalhost: true, // Redirect localhost traffic to NetworkProxy
|
||||||
|
sslTerminationPort: 8443 // Port where NetworkProxy handles SSL
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
// Start any of the proxies
|
||||||
|
await basicProxy.start();
|
||||||
```
|
```
|
||||||
|
|
||||||
### Automatic HTTPS Certificate Management
|
### Automatic HTTPS Certificate Management
|
||||||
@ -384,12 +415,29 @@ acmeHandler.addDomain('api.example.com');
|
|||||||
### IPTablesProxy Settings
|
### IPTablesProxy Settings
|
||||||
|
|
||||||
| Option | Description | Default |
|
| Option | Description | Default |
|
||||||
|-------------------|---------------------------------------------|-------------|
|
|-----------------------|---------------------------------------------------|-------------|
|
||||||
| `fromPort` | Source port to forward from | - |
|
| `fromPort` | Source port(s) or range(s) to forward from | - |
|
||||||
| `toPort` | Destination port to forward to | - |
|
| `toPort` | Destination port(s) or range(s) to forward to | - |
|
||||||
| `toHost` | Destination host to forward to | 'localhost' |
|
| `toHost` | Destination host to forward to | 'localhost' |
|
||||||
| `preserveSourceIP` | Preserve the original client IP | false |
|
| `preserveSourceIP` | Preserve the original client IP | false |
|
||||||
| `deleteOnExit` | Remove iptables rules when process exits | false |
|
| `deleteOnExit` | Remove iptables rules when process exits | false |
|
||||||
|
| `protocol` | Protocol to forward ('tcp', 'udp', or 'all') | 'tcp' |
|
||||||
|
| `enableLogging` | Enable detailed logging | false |
|
||||||
|
| `ipv6Support` | Enable IPv6 support with ip6tables | false |
|
||||||
|
| `allowedSourceIPs` | Array of IP addresses/CIDR allowed to connect | - |
|
||||||
|
| `bannedSourceIPs` | Array of IP addresses/CIDR blocked from connecting | - |
|
||||||
|
| `forceCleanSlate` | Clear all IPTablesProxy rules before starting | false |
|
||||||
|
| `addJumpRule` | Add a custom chain for cleaner rule management | false |
|
||||||
|
| `checkExistingRules` | Check if rules already exist before adding | true |
|
||||||
|
| `netProxyIntegration` | NetworkProxy integration options (object) | - |
|
||||||
|
|
||||||
|
#### IPTablesProxy NetworkProxy Integration Options
|
||||||
|
|
||||||
|
| Option | Description | Default |
|
||||||
|
|----------------------|---------------------------------------------------|---------|
|
||||||
|
| `enabled` | Enable NetworkProxy integration | false |
|
||||||
|
| `redirectLocalhost` | Redirect localhost traffic to NetworkProxy | false |
|
||||||
|
| `sslTerminationPort` | Port where NetworkProxy handles SSL termination | - |
|
||||||
|
|
||||||
## Advanced Features
|
## Advanced Features
|
||||||
|
|
||||||
@ -442,6 +490,18 @@ The `PortProxy` class can inspect the SNI (Server Name Indication) field in TLS
|
|||||||
- Domain-specific allowed IP ranges
|
- Domain-specific allowed IP ranges
|
||||||
- Protection against SNI renegotiation attacks
|
- Protection against SNI renegotiation attacks
|
||||||
|
|
||||||
|
### Enhanced IPTables Management
|
||||||
|
|
||||||
|
The improved `IPTablesProxy` class offers advanced capabilities:
|
||||||
|
|
||||||
|
- Support for multiple port ranges and individual ports
|
||||||
|
- IPv6 support with ip6tables
|
||||||
|
- Source IP filtering with allow/block lists
|
||||||
|
- Custom chain creation for better rule organization
|
||||||
|
- NetworkProxy integration for SSL termination
|
||||||
|
- Automatic rule existence checking to prevent duplicates
|
||||||
|
- Comprehensive cleanup on shutdown
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
### Browser Certificate Errors
|
### Browser Certificate Errors
|
||||||
@ -475,6 +535,16 @@ For improved connection stability in high-traffic environments:
|
|||||||
4. **Monitor Connection Statistics**: Enable detailed logging to track termination reasons
|
4. **Monitor Connection Statistics**: Enable detailed logging to track termination reasons
|
||||||
5. **Fine-tune Inactivity Checks**: Adjust `inactivityCheckInterval` based on your traffic patterns
|
5. **Fine-tune Inactivity Checks**: Adjust `inactivityCheckInterval` based on your traffic patterns
|
||||||
|
|
||||||
|
### IPTables Troubleshooting
|
||||||
|
|
||||||
|
If you're experiencing issues with IPTablesProxy:
|
||||||
|
|
||||||
|
1. **Enable Detailed Logging**: Set `enableLogging: true` to see all rule operations
|
||||||
|
2. **Force Clean Slate**: Use `forceCleanSlate: true` to remove any lingering rules
|
||||||
|
3. **Use Custom Chains**: Enable `addJumpRule: true` for cleaner rule management
|
||||||
|
4. **Check Permissions**: Ensure your process has sufficient permissions to modify iptables
|
||||||
|
5. **Verify IPv6 Support**: If using `ipv6Support: true`, ensure ip6tables is available
|
||||||
|
|
||||||
## License and Legal Information
|
## License and Legal Information
|
||||||
|
|
||||||
This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository.
|
This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository.
|
||||||
|
@ -3,6 +3,6 @@
|
|||||||
*/
|
*/
|
||||||
export const commitinfo = {
|
export const commitinfo = {
|
||||||
name: '@push.rocks/smartproxy',
|
name: '@push.rocks/smartproxy',
|
||||||
version: '3.29.0',
|
version: '3.29.1',
|
||||||
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
|
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user