this transparent proxy depends on iptables, which means generally you can only use it on Linux

what you are getting

an always-on proxy that redirects all TCP/UDP traffic to your Shadowsocks proxy while bypassing a list of IP ranges a clean connection to foreign DNS server, bye bye DNS pollution

how to

git clone && cd ss-transparent

just take a look into my install script installs Shadowsocks, dns-over-https, dnsmasq, automatically configures dns-over-https and dnsmasq, Shadowsocks configuration is asked during installation

if your Linux distro is Debian-based and all software required is in your repo, then you are good to go

if not, please read and figure it out yourself:



check_root() {
    if [ ! "$(id -u)" -eq 0 ]; then
        echo -e "$RED[-] You must be root$END"
        exit 1

install_ss() {
    echo -e "$YELLOW[*] Installing Shadowsocks$END"
    apt-get install shadowsocks-libev -y
    if [ ! -x "/usr/bin/ss-redir" ]; then
        echo -e "$RED[-]Shadowsocks not installed$END"
        exit 1

    # input your ss config
    echo -ne "$YELLOW[?] Your shadowsocks server ip: $END"
    read -r server_ip
    echo -ne "$YELLOW[?] Your server port: $END"
    read -r server_port
    echo -ne "$YELLOW[?] Your password: $END"
    read -r pass
    echo -ne "$YELLOW[?] Your encryption method: $END"
    read -r encryption

    # write to config file
    sed -i "s/$server_ip/g" /etc/shadowsocks-libev/
    cat <<EOF >/etc/shadowsocks-libev/config.json
    "server": "$server_ip",
    "server_port": "$server_port",
    "password": "$pass",
    "method": "$encryption",
    "local_address": "",
    "local_port": 54763,
    "timeout": 300,
    "reuse_port": true

install_dot() {
    echo -e "$YELLOW[*] Installing DNSOverHTTPS$END"
    tar xvzpf dot.tgz
    cd ./dns-over-https || return
    make install
    cd ..
    cp ./doh-client.conf /etc/dns-over-https

dns_config() {
    echo -e "$YELLOW[*] Configuring DNSOverHTTPS$END"
    systemctl disable systemd-resolved
    systemctl stop systemd-resolved

    # dnsmasq service
    apt-get install dnsmasq -y
    if ! grep "server=" /etc/dnsmasq.conf >/dev/null 2>&1; then
        echo -e "server=" >>/etc/dnsmasq.conf
    systemctl enable dnsmasq.service
    systemctl restart dnsmasq.service

    # dns over https service
    systemctl restart doh-client.service
    systemctl enable doh-client.service

main() {

    git clone
    cd w411brk/ss-transparent || return

    # install ipset
    apt-get install ipset -y

    # ss config under /etc
    tar xvpf ss_config.tgz -C /


    # ss service
    cp ./ss-redir@.service /lib/systemd/system/ss-redir@.service &&
        systemctl daemon-reload

    # get DNS ready

    # start service
    echo -e "$YELLOW[*] Starting SS service$END"
    systemctl start ss-redir@config.service
    systemctl enable ss-redir@config.service


thank you, hope this helps

Got something to say?

comments powered by Disqus