hoelee/cloudflared
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflared.git synced 2025-07-27 19:59:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

TUN-4017: Add support for using cloudflared as a full socks proxy.

Browse Source 
To use cloudflared as a socks proxy, add an ingress on the server
side with your desired rules. Rules are matched in the order they
are added.  If there are no rules, it is an implicit allow.  If
there are rules, but no rule matches match, the connection is denied.

ingress:
  - hostname: socks.example.com
    service: socks-proxy
    originRequest:
      ipRules:
        - prefix: 1.1.1.1/24
          ports: [80, 443]
          allow: true
        - prefix: 0.0.0.0/0
          allow: false

On the client, run using tcp mode:
cloudflared access tcp --hostname socks.example.com --url 127.0.0.1:8080

Set your socks proxy as 127.0.0.1:8080 and you will now be proxying
all connections to the remote machine.
This commit is contained in:
Lee Valentine
2021-03-01 16:26:37 -06:00
parent b0e69c4b8a
commit 206523344f
12 changed files with 419 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
ingress/ingress_test.go
View File

@@ -15,6 +15,7 @@ import (
"gopkg.in/yaml.v2"
"github.com/cloudflare/cloudflared/config"
"github.com/cloudflare/cloudflared/ipaccess"
"github.com/cloudflare/cloudflared/tlsconfig"
)
@@ -304,6 +305,33 @@ ingress:
},
},
},
{
name: "SOCKS services",
args: args{rawYAML: `
ingress:
- hostname: socks.foo.com
service: socks-proxy
originRequest:
ipRules:
- prefix: 1.1.1.0/24
ports: [80, 443]
allow: true
- prefix: 0.0.0.0/0
allow: false
- service: http_status:404
`},
want: []Rule{
{
Hostname: "socks.foo.com",
Service: newSocksProxyOverWSService(accessPolicy()),
Config: defaultConfig,
},
{
Service: &fourOhFour,
Config: defaultConfig,
},
},
},
{
name: "URL isn't necessary if using bastion",
args: args{rawYAML: `
@@ -548,6 +576,16 @@ func MustParseURL(t *testing.T, rawURL string) *url.URL {
return u
}
func accessPolicy() *ipaccess.Policy {
cidr1 := "1.1.1.0/24"
cidr2 := "0.0.0.0/0"
rule1, _ := ipaccess.NewRuleByCIDR(&cidr1, []int{80, 443}, true)
rule2, _ := ipaccess.NewRuleByCIDR(&cidr2, nil, false)
rules := []ipaccess.Rule{rule1, rule2}
accessPolicy, _ := ipaccess.NewPolicy(false, rules)
return accessPolicy
}
func BenchmarkFindMatch(b *testing.B) {
rulesYAML := `
ingress: