# Proxy All TCP Traffic on a Remote Server

Even though SOCKS is a higher level protocol and more appropriate for doing proxy thing, there are no easy solution for building a global proxy for a Linux server except doing that on a router. For a remote server, normally a cloud server, it’s not always convenient to access the router. So after several tries, I decide drop the SOCKS solution, and simply use Linux’s iptables.

The easiest way I find from my recent research is with shadowsocks-libev. Shadowsocks-libev is a lightweight secured SOCKS5 proxy for embedded devices and low-end boxes. Shadowsocks-libev is written in pure C and only depends on libev and OpenSSL or PolarSSL. The use of mbedTLS is added but still for testing, and it is not officially supported yet.

Note the original shadowsocks doesn’t support ss-redir, and shadowsocks-libev seems to be the only port that supports ss-redir. ss-redir is different from ss-local in that it’s TCP protocol rather than SOCKS protocol.

### Create iptables rules

If the UDP deosn’t work, just not use the UDP part, aka only use the TCP part.

### Security Tips

Although shadowsocks-libev can handle thousands of concurrent connections nicely, we still recommend setting up your server’s firewall rules to limit connections from each user: