push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(readme): Update readme for IPTablesProxy options

Browse Source
This commit is contained in:
Philipp Kunz 2025-03-07 14:34:49 +00:00
parent d6027c11c1
commit 618b6fe2d1
3 changed files with 89 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
changelog.md
View File

@ -1,5 +1,13 @@
# Changelog # Changelog
## 2025-03-07 - 3.29.1 - fix(readme)
Update readme for IPTablesProxy options
- Add comprehensive examples for IPTablesProxy usage.
- Expand IPTablesProxy settings with IPv6, logging, and advanced features.
- Clarify option defaults and descriptions for IPTablesProxy.
- Enhance 'Troubleshooting' section with IPTables tips.
## 2025-03-07 - 3.29.0 - feat(IPTablesProxy) ## 2025-03-07 - 3.29.0 - feat(IPTablesProxy)
Enhanced IPTablesProxy with multi-port and IPv6 support Enhanced IPTablesProxy with multi-port and IPv6 support

82
readme.md
View File

@ -320,8 +320,8 @@ portProxy.start();
```typescript ```typescript
import { IPTablesProxy } from '@push.rocks/smartproxy'; import { IPTablesProxy } from '@push.rocks/smartproxy';
// Configure IPTables to forward from port 80 to 8080 // Basic usage - forward single port
const iptables = new IPTablesProxy({ const basicProxy = new IPTablesProxy({
fromPort: 80, fromPort: 80,
toPort: 8080, toPort: 8080,
toHost: 'localhost', toHost: 'localhost',
@ -329,7 +329,38 @@ const iptables = new IPTablesProxy({
deleteOnExit: true // Automatically clean up rules on process exit deleteOnExit: true // Automatically clean up rules on process exit
}); });
iptables.start(); // Forward port ranges
const rangeProxy = new IPTablesProxy({
fromPort: { from: 3000, to: 3010 }, // Forward ports 3000-3010
toPort: { from: 8000, to: 8010 }, // To ports 8000-8010
protocol: 'tcp', // TCP protocol (default)
ipv6Support: true, // Enable IPv6 support
enableLogging: true // Enable detailed logging
});
// Multiple port specifications with IP filtering
const advancedProxy = new IPTablesProxy({
fromPort: [80, 443, { from: 8000, to: 8010 }], // Multiple ports/ranges
toPort: [8080, 8443, { from: 18000, to: 18010 }],
allowedSourceIPs: ['10.0.0.0/8', '192.168.1.0/24'], // Only allow these IPs
bannedSourceIPs: ['192.168.1.100'], // Explicitly block these IPs
addJumpRule: true, // Use custom chain for better management
checkExistingRules: true // Check for duplicate rules
});
// NetworkProxy integration for SSL termination
const sslProxy = new IPTablesProxy({
fromPort: 443,
toPort: 8443,
netProxyIntegration: {
enabled: true,
redirectLocalhost: true, // Redirect localhost traffic to NetworkProxy
sslTerminationPort: 8443 // Port where NetworkProxy handles SSL
}
});
// Start any of the proxies
await basicProxy.start();
``` ```
### Automatic HTTPS Certificate Management ### Automatic HTTPS Certificate Management
@ -384,12 +415,29 @@ acmeHandler.addDomain('api.example.com');
### IPTablesProxy Settings ### IPTablesProxy Settings
| Option | Description | Default | | Option | Description | Default |
|-------------------|---------------------------------------------|-------------| |-----------------------|---------------------------------------------------|-------------|
| `fromPort` | Source port to forward from | - | | `fromPort` | Source port(s) or range(s) to forward from | - |
| `toPort` | Destination port to forward to | - | | `toPort` | Destination port(s) or range(s) to forward to | - |
| `toHost` | Destination host to forward to | 'localhost' | | `toHost` | Destination host to forward to | 'localhost' |
| `preserveSourceIP` | Preserve the original client IP | false | | `preserveSourceIP` | Preserve the original client IP | false |
| `deleteOnExit` | Remove iptables rules when process exits | false | | `deleteOnExit` | Remove iptables rules when process exits | false |
| `protocol` | Protocol to forward ('tcp', 'udp', or 'all') | 'tcp' |
| `enableLogging` | Enable detailed logging | false |
| `ipv6Support` | Enable IPv6 support with ip6tables | false |
| `allowedSourceIPs` | Array of IP addresses/CIDR allowed to connect | - |
| `bannedSourceIPs` | Array of IP addresses/CIDR blocked from connecting | - |
| `forceCleanSlate` | Clear all IPTablesProxy rules before starting | false |
| `addJumpRule` | Add a custom chain for cleaner rule management | false |
| `checkExistingRules` | Check if rules already exist before adding | true |
| `netProxyIntegration` | NetworkProxy integration options (object) | - |
#### IPTablesProxy NetworkProxy Integration Options
| Option | Description | Default |
|----------------------|---------------------------------------------------|---------|
| `enabled` | Enable NetworkProxy integration | false |
| `redirectLocalhost` | Redirect localhost traffic to NetworkProxy | false |
| `sslTerminationPort` | Port where NetworkProxy handles SSL termination | - |
## Advanced Features ## Advanced Features
@ -442,6 +490,18 @@ The `PortProxy` class can inspect the SNI (Server Name Indication) field in TLS
- Domain-specific allowed IP ranges - Domain-specific allowed IP ranges
- Protection against SNI renegotiation attacks - Protection against SNI renegotiation attacks
### Enhanced IPTables Management
The improved `IPTablesProxy` class offers advanced capabilities:
- Support for multiple port ranges and individual ports
- IPv6 support with ip6tables
- Source IP filtering with allow/block lists
- Custom chain creation for better rule organization
- NetworkProxy integration for SSL termination
- Automatic rule existence checking to prevent duplicates
- Comprehensive cleanup on shutdown
## Troubleshooting ## Troubleshooting
### Browser Certificate Errors ### Browser Certificate Errors
@ -475,6 +535,16 @@ For improved connection stability in high-traffic environments:
4. **Monitor Connection Statistics**: Enable detailed logging to track termination reasons 4. **Monitor Connection Statistics**: Enable detailed logging to track termination reasons
5. **Fine-tune Inactivity Checks**: Adjust `inactivityCheckInterval` based on your traffic patterns 5. **Fine-tune Inactivity Checks**: Adjust `inactivityCheckInterval` based on your traffic patterns
### IPTables Troubleshooting
If you're experiencing issues with IPTablesProxy:
1. **Enable Detailed Logging**: Set `enableLogging: true` to see all rule operations
2. **Force Clean Slate**: Use `forceCleanSlate: true` to remove any lingering rules
3. **Use Custom Chains**: Enable `addJumpRule: true` for cleaner rule management
4. **Check Permissions**: Ensure your process has sufficient permissions to modify iptables
5. **Verify IPv6 Support**: If using `ipv6Support: true`, ensure ip6tables is available
## License and Legal Information ## License and Legal Information
This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository.

2
ts/00_commitinfo_data.ts
View File

@ -3,6 +3,6 @@
*/ */
export const commitinfo = { export const commitinfo = {
name: '@push.rocks/smartproxy', name: '@push.rocks/smartproxy',
version: '3.29.0', version: '3.29.1',
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.' description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
} }