github/wangyu-udp2raw
1
0
Fork 0
mirror of https://github.com/wangyu-/udp2raw.git synced 2025-02-08 16:19:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

Updated run udp2raw with non root account (markdown)

wangyu- 2017-12-14 08:41:32 -08:00
parent 20013a05d5
commit ec4a827489
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
run-udp2raw-with-non-root-account.md

@ -2,17 +2,22 @@ It's not security secure to run udp2raw with root. This page demonstrates how to
You must have `setcap` as a prerequisite. `setcap` is shipped with most desktop linux distributions by defualt. But its seems to be missing on OpenWRT/LEDE. You must have `setcap` as a prerequisite. `setcap` is shipped with most desktop linux distributions by defualt. But its seems to be missing on OpenWRT/LEDE.
1. grant udp2raw CAP_NET_RAW permission
``` ```
# grant udp2raw CAP_NET_RAW permission
sudo setcap cap_net_raw+ep udp2raw_amd64 sudo setcap cap_net_raw+ep udp2raw_amd64
```
# run udp2raw with -g option instead of -a, then udp2raw will generate a iptables rule for you 2. run udp2raw with -g option instead of -a, then udp2raw will generate a iptables rule for you
```
./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777 -k "passwd" --raw-mode faketcp -g ./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777 -k "passwd" --raw-mode faketcp -g
```
# add the generated iptables rule manually 3. add the generated iptables rule manually
```
sudo iptables -I INPUT -p tcp -m tcp --dport 4096 -j DROP sudo iptables -I INPUT -p tcp -m tcp --dport 4096 -j DROP
```
#then run udp2raw without -g option 4. then run udp2raw without -g option
```
./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777 -k "passwd" --raw-mode faketcp ./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777 -k "passwd" --raw-mode faketcp
``` ```