Under development and come with no warranty, use at your own risk.
FIPPF consists of a fake-IP DNS server and a tun network interface. It resolves domain names to different fake IP addresses inside tun network's subnet, and then forwards network requests to real hosts through proxy.
Called "frontend" because FIPPF itself does not provide proxy service, it relies on a proxy "backend", like socks5, to do the actual proxying job.
Here is a diagram showing how FIPPF works:
FIPPF tries to achieve relatively high performance and low latency at DNS resolution and layer-4 traffic forwarding. It is designed to be a stupid simple program for Linux with a small codebase.
Build the program with go (I use go1.23.1).
Example configuration file is provided in config.yaml.
To specify the configuration directory, use command line argument fippf --config_dir /path/to/config.
Using curl with ares enabled (might need to build curl from source):
curl --dns-servers 127.0.0.52 http://example.com
or
Manually resolve the domain name first, let FIPPF map it to a fake IP address:
dig @127.0.0.52 -p 53 example.com
Then manually send request to that IP address:
curl --resolve example.com:80:198.18.0.2 http://example.com
The traffic should go through the proxy now.
Pointing system DNS resolver to FIPPF's fake-IP DNS server is allowed, but take special care when FIPPF and proxy program are running on the same machine. The proxy program cannot use system DNS resolver, otherwise it will cause a loop.
rofl0r/proxychains-ng works as a dynamic library interceptor. FIPPF works as a kind of network gateway.
Dante: ubuntu dante-client package provides a "socksify" tool. Like proxychains-ng, it is also an LD_PRELOAD based program. socksify can proxy both TCP and UDP traffic, whereas proxychains-ng only supports TCP.
xjasonlyu/tun2socks routes all traffic to tun interface. FIPPF leverages fake IP DNS and handles fake IP subnet only.
nicocha30/ligolo-ng a lightweight VPN.
SagerNet/sing-box and some clash like programs: They can be configured to do pretty much the same thing as FIPPF, and even more.
google/gvisor: FIPPF uses its tcpip library to handle network traffic conveniently.
nicocha30/ligolo-ng: It is a really simple program with a small codebase (Jan 1 2025, commit ad07712). Very nice for beginners.