'\" t
.\" Title: ss-nat
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.79.1
.\" Date: 11/23/2017
.\" Manual: Shadowsocks-libev Manual
.\" Source: Shadowsocks-libev 3.1.1
.\" Language: English
.\"
.TH "SS\-NAT" "1" "11/23/2017" "Shadowsocks\-libev 3\&.1\&.1" "Shadowsocks\-libev Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ss-nat \- helper script to setup NAT rules for transparent proxy
.SH "SYNOPSIS"
.sp
\fBss\-nat\fR [\-ouUfh] [\-s \fI\fR] [\-S \fI\fR] [\-l \fI\fR] [\-L \fI\fR] [\-i \fI\fR] [\-a \fI\fR] [\-b \fI\fR] [\-w \fI\fR] [\-e \fI\fR]
.SH "DESCRIPTION"
.sp
\fBShadowsocks\-libev\fR is a lightweight and secure socks5 proxy\&. It is a port of the original shadowsocks created by clowwindy\&. \fBShadowsocks\-libev\fR is written in pure C and takes advantage of libev to achieve both high performance and low resource consumption\&.
.sp
\fBss\-nat\fR(1) sets up NAT rules for \fBss\-redir\fR(1) to provide traffic redirection\&. It requires netfilter\(cqs NAT module and \fBiptables\fR(8)\&. For more information, check out \fBshadowsocks\-libev\fR(8) and the following \fIEXAMPLE\fR section\&.
.SH "OPTIONS"
.PP
\-s \fI\fR
.RS 4
IP address of shadowsocks remote server
.RE
.PP
\-l \fI\fR
.RS 4
Port number of shadowsocks local server
.RE
.PP
\-S \fI\fR
.RS 4
IP address of shadowsocks remote UDP server
.RE
.PP
\-L \fI\fR
.RS 4
Port number of shadowsocks local UDP server
.RE
.PP
\-i \fI\fR
.RS 4
a file whose content is bypassed ip list
.RE
.PP
\-a \fI\fR
.RS 4
LAN IP of access control, need a prefix to define access control mode
.RE
.PP
\-b \fI\fR
.RS 4
WAN IP of will be bypassed
.RE
.PP
\-w \fI\fR
.RS 4
WAN IP of will be forwarded
.RE
.PP
\-e \fI\fR
.RS 4
Extra options for iptables
.RE
.PP
\-o
.RS 4
Apply the rules to the OUTPUT chain
.RE
.PP
\-u
.RS 4
Enable udprelay mode, TPROXY is required
.RE
.PP
\-U
.RS 4
Enable udprelay mode, using different IP and ports for TCP and UDP
.RE
.PP
\-f
.RS 4
Flush the rules
.RE
.PP
\-h
.RS 4
Show this help message and exit
.RE
.SH "EXAMPLE"
.sp
\fBss\-nat\fR requires \fBiptables\fR(8)\&. Here is an example:
.sp
.if n \{\
.RS 4
.\}
.nf
# Enable NAT rules for shadowsocks,
# with both TCP and UDP redirection enabled,
# and applied for both PREROUTING and OUTPUT chains
root@Wrt:~# ss\-nat \-s 192\&.168\&.1\&.100 \-l 1080 \-u \-o
# Disable and flush all NAT rules for shadowsocks
root@Wrt:~# ss\-nat \-f
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.sp
\fBss\-local\fR(1), \fBss\-server\fR(1), \fBss\-tunnel\fR(1), \fBss\-manager\fR(1), \fBshadowsocks\-libev\fR(8), \fBiptables\fR(8), /etc/shadowsocks\-libev/config\&.json