Comes with no warranty, use at your own risk.
FIPPF consists of a fake-IP DNS server and a tun network interface. It resolves domain names to different fake IP addresses inside tun network's subnet, and then forwards network requests to real hosts through proxy.
Called "frontend" because FIPPF itself does not provide proxy service, it relies on a proxy "backend", like socks5, to do the actual proxying job.
Here is a diagram showing how FIPPF works:
FIPPF tries to achieve relatively high performance and low latency at DNS resolution and layer-4 traffic forwarding. It is designed to be a stupid simple program for Linux with a small codebase.
For NixOS users, there is an accompanied nix flake for easily integrating FIPPF into your system.
And there is a systemd unit configuration file for reference. (It is not maintained by author. Some of the content might be outdated, adjustments required.)
Build the program with go (I use go1.23.1).
Example configurations are provided under directory core, refer to them for detail.
Launch the daemon by fippf serve --config_dir /path/to/config.
Using curl with ares enabled (might need to build curl from source):
curl --dns-servers 127.0.0.52 http://example.com
or
Manually resolve the domain name first, let FIPPF map it to a fake IP address:
dig @127.0.0.52 -p 53 example.com
Then manually send request to that IP address:
curl --resolve example.com:80:198.18.0.2 http://example.com
The traffic should go through the proxy now.
FIPPF is shipped with a cli tool for inspecting what is going on inside,
e.g. fippf status to check for daemon running state.
Type fippf -h to see all available commands.
Pointing system DNS resolver to FIPPF's fake-IP DNS server is allowed, but take special care when FIPPF and proxy program are running on the same machine. The proxy program cannot use system DNS resolver, otherwise it will cause a loop.
rofl0r/proxychains-ng works as a dynamic library interceptor. FIPPF works as a kind of network gateway.
Dante: ubuntu dante-client package provides a "socksify" tool. Like proxychains-ng, it is also an LD_PRELOAD based program. socksify can proxy both TCP and UDP traffic, whereas proxychains-ng only supports TCP.
xjasonlyu/tun2socks routes all traffic to tun interface. FIPPF leverages fake IP DNS and handles fake IP subnet only.
nicocha30/ligolo-ng a lightweight VPN.
SagerNet/sing-box and some clash like programs: They can be configured to do pretty much the same thing as FIPPF, and even more.
google/gvisor: FIPPF uses its tcpip library to handle network traffic conveniently.
nicocha30/ligolo-ng: It is a really simple program with a small codebase (Jan 1 2025, commit ad07712). Very nice for beginners.