This post will cover how to configure a Linux system to a router, which I have already tested with a standard server(Ubuntu 16.04 in ESXi) and Raspberry Pi 3.
The router will provide a transparent shadowsocks to its clients.
- some hardware running with two or more network interfaces
- a shadowsocks account, which can be easily deployed in VPS(Linode, Digital Ocean, etc)
- configure linux kernel to provide ipv4 packet forwarding
iptablesto provide nat and other things
dnsmasqto provide dhcp and dns cache
redsocksto provide local shadowsocks proxy
overtureto provide clean dns resolution
Please ensure that you have more than two network interfaces working. You may use
ifconfig to check.
You may pick two network interfaces, and decide which is the one connected to Internet(WAN), so the left one is connected to clients of this router.
ens32 is WAN port,
ens33 is LAN port.
Then, we should configure the LAN port to static IP, which is required by using it as gateway and dns server.
For debian like system, the configuration file is
overture is a dns server written by Go, Github Link.
Download a release of your ISA, and extract the binary to
/usr/local/bin, and copy other config files to
For me, the config file is
You may test it by
dig @127.0.0.1 -p 5454 www.facebook.com.
First install it, for debian like system,
sudo apt install dnsmasq.
/etc/dnsmasq.conf like that:
Add a line in the bottom of
net.ipv4.ip_forward=1, then execute
Then edit a
ss-redir, so you first need to install
Then try to get it run, forward to local port
There are many ways to autostart
overture, so just pick one you like.
- practice in vmware / virtual box is strongly recommended
- running in vmware esxi is easy to deploy as there is built in vSwitch
- if works, welcome to internet