Jekyll2020-09-05T13:47:11+00:00https://xuebaxi.com/feed.xml小學霸小学霸的博客小學霸ipv6透明代理2020-09-05T00:00:00+00:002020-09-05T00:00:00+00:00https://xuebaxi.com/blog/ipv6%E9%80%8F%E6%98%8E%E4%BB%A3%E7%90%86<p>因爲我本地沒有ipv6的地址,所以我的ipv6走的v2ray。</p>
<h3 id="1-ipset-設置">1. ipset 設置</h3>
<p>添加保留地址</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ipset <span class="nt">-N</span> reservedip6 nethash family inet6
ipset add reservedip6 ::/128
ipset add reservedip6 ::1/128
ipset add reservedip6 ::ffff:0:0/96
ipset add reservedip6 100::/64
ipset add reservedip6 64:ff9b::/96
ipset add reservedip6 2001::/32
ipset add reservedip6 2001:10::/28
ipset add reservedip6 2001:20::/28
ipset add reservedip6 2001:db8::/32
ipset add reservedip6 2002::/16
ipset add reservedip6 fc00::/7
ipset add reservedip6 fe80::/10
ipset add reservedip6 ff00::/8
</code></pre></div></div>
<p>添加服務器地址(因爲我的流量全部走的ipv4,所以不用設置)</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ipset <span class="nt">-N</span> noproxy6 nethash family inet6
ipset add noproxy6 服務器ipv6地址
</code></pre></div></div>
<h3 id="2-iptables設置">2. iptables設置</h3>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ip <span class="nt">-6</span> rule add fwmark 1 table 100
ip <span class="nt">-6</span> route add <span class="nb">local</span> ::/0 dev lo table 100
ip6tables <span class="nt">-t</span> mangle <span class="nt">-N</span> V2RAY
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-j</span> RETURN <span class="nt">-m</span> mark <span class="nt">--mark</span> 2
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> reservedip6 dst <span class="nt">-j</span> RETURN
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> noproxy6 dst <span class="nt">-j</span> RETURN
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-p</span> udp <span class="nt">-j</span> TPROXY <span class="nt">--on-port</span> 12345 <span class="nt">--tproxy-mark</span> 0x01/0x01
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-p</span> tcp <span class="nt">-j</span> TPROXY <span class="nt">--on-port</span> 12345 <span class="nt">--tproxy-mark</span> 0x01/0x01
ip6tables <span class="nt">-t</span> mangle <span class="nt">-N</span> V2RAY_MARK
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> reservedip6 dst <span class="nt">-j</span> RETURN
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> noproxy6 dst <span class="nt">-j</span> RETURN
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-m</span> mark <span class="nt">--mark</span> 2 <span class="nt">-j</span> RETURN
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-p</span> udp <span class="nt">-j</span> MARK <span class="nt">--set-mark</span> 1
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-p</span> tcp <span class="nt">-j</span> MARK <span class="nt">--set-mark</span> 1
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> PREROUTING <span class="nt">-j</span> V2RAY
ip6tables <span class="nt">-t</span> mangle <span class="nt">-A</span> OUTPUT <span class="nt">-j</span> V2RAY_MARK
</code></pre></div></div>
<p>最後使用 v2ray 的 Dokodemo-door 監聽 12345 端口即可。</p>小學霸因爲我本地沒有ipv6的地址,所以我的ipv6走的v2ray。linux下SurfaceGo的wifi網卡固件2020-08-09T00:00:00+00:002020-08-09T00:00:00+00:00https://xuebaxi.com/blog/linux%E4%B8%8BSurfaceGo%E7%9A%84wifi%E7%B6%B2%E5%8D%A1%E5%9B%BA%E4%BB%B6<h2 id="1-去微軟官網下載固件">1. 去微軟官網下載固件</h2>
<p>更新的名字叫做Qualcomm Atheros Communications Inc. - Net - 8/24/2018 12:00:00 AM - 12.0.0.722 <a href="https://www.catalog.update.microsoft.com/Search.aspx?q=Qualcomm%20Atheros%20Communications%20Inc.%20-%20Net%20-%208%2F24%2F2018%2012%3A00%3A00%20AM%20-%2012.0.0.722">下載地址</a>
我下載的是11/16/2018 的</p>
<h2 id="2解壓得到固件">2.解壓得到固件</h2>
<p>使用cabextract解壓cab文件,其中有我們需要的 eeprom_ar6320_3p0_TX8_lte_clpc.bin 文件相關信息如下</p>
<p>sha256sum: aec1c85301c593e303422cb2f54d27b27eca4efce59f065a127e8fb205233b37</p>
<p>md5sum: 8f2895dd63a0c8f11e2d051f0ed4e0a8</p>
<h2 id="3覆蓋原有的固件">3.覆蓋原有的固件</h2>
<p>將/lib/firmware/ath10k/QCA6174/hw3.0中的board-2.bin 和 board.bin刪除,用eeprom_ar6320_3p0_TX8_lte_clpc.bin替代board.bin。</p>
<h3 id="参见">参见</h3>
<hr />
<blockquote>
<h5 id="--httpsbugsdebianorgcgi-binbugreportcgibug919652">- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919652</h5>
</blockquote>小學霸1. 去微軟官網下載固件在OBS實況中插入YouTube聊天室2019-12-05T00:00:00+00:002019-12-05T00:00:00+00:00https://xuebaxi.com/blog/%E5%9C%A8OBS%E5%AF%A6%E6%B3%81%E4%B8%AD%E6%8F%92%E5%85%A5YouTube%E8%81%8A%E5%A4%A9%E5%AE%A4<h3 id="1-獲得直播的url">1. 獲得直播的URL</h3>
<p>在直播信息左下角分享中可以找到直播的URL例如</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>https://www.youtube.com/channel/UC_NpCQY-99aJGsRt99tcVsw/live
</code></pre></div></div>
<p>如果有自定義網址格式會是這樣</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>https://www.youtube.com/c/Channel/live
</code></pre></div></div>
<h3 id="2-獲得聊天室的url">2. 獲得聊天室的URL</h3>
<p>因爲每次YouTube直播聊天室URL都會變動,所以我們需要其他網站幫我們自動獲得聊天室URL,比如下面這個:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>http://bigmond.co.uk/p/youtube_chat.php?channel=https://www.youtube.com/channel/UC_NpCQY-99aJGsRt99tcVsw/live
</code></pre></div></div>
<p>?channel=之後為第一步獲得的直播URL</p>
<h3 id="3-將聊天室url添加到obs">3. 將聊天室URL添加到OBS</h3>
<ul>
<li>打開OBS,添加瀏覽器源<br />
<img src="/assets/images/2019_12_05_01/2019_12_06_001849.jpg" alt="" /></li>
<li>在URL中輸入第二步中的URL<br />
<img src="/assets/images/2019_12_05_01/2019_12_06_001544.jpg" alt="" /></li>
<li>點擊確定,確認能在畫面中顯示自己的聊天室.<br />
<img src="/assets/images/2019_12_05_01/2019_12_06_003559.jpg" alt="" />
<h3 id="4-設置聊天室樣式">4. 設置聊天室樣式</h3>
</li>
</ul>
<p>在網站<a href="https://chatv2.septapus.com/">https://chatv2.septapus.com/</a>中可以設置聊天室樣式,并在最下面的css框中複製生成出的代碼,將複製出來的代碼粘貼到第三步添加的聊天室輸入源中的自定義CSS中<br />
<img src="/assets/images/2019_12_05_01/2019_12_06_003748.jpg" alt="" />
點擊確定即可看到最終效果
<img src="/assets/images/2019_12_05_01/2019_12_06_003846.jpg" alt="" /></p>小學霸1. 獲得直播的URLTProxy實現透明代理2019-11-23T00:00:00+00:002019-11-26T00:00:00+00:00https://xuebaxi.com/blog/TProxy%E5%AF%A6%E7%8F%BE%E9%80%8F%E6%98%8E%E4%BB%A3%E7%90%86<p><a href="https://xuebaxi.com//blog/transparent_proxy">上一篇</a>介紹的透明代理,使用的是REDIRECT(TCP)+TProxy(UDP)的方式,此篇要介紹完全使用TProxy透明代理的方式,注意shadowsocks是不支持TCP使用TProxy的.</p>
<h3 id="1-加载tproxy模块">1. 加载TPROXY模块</h3>
<p>临时加载TPROXY模块:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>modprobe xt_TPROXY
</code></pre></div></div>
<p>编辑/etc/modules-load.d/TPROXY.conf 使自动加载TPROXY模块:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>xt_TPROXY
</code></pre></div></div>
<h3 id="2-v2ray設置">2. V2Ray設置</h3>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w">
</span><span class="nl">"inbounds"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"tag"</span><span class="p">:</span><span class="s2">"transparent"</span><span class="p">,</span><span class="w">
</span><span class="nl">"port"</span><span class="p">:</span><span class="w"> </span><span class="mi">12345</span><span class="p">,</span><span class="w">
</span><span class="nl">"protocol"</span><span class="p">:</span><span class="w"> </span><span class="s2">"dokodemo-door"</span><span class="p">,</span><span class="w">
</span><span class="nl">"settings"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"network"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tcp,udp"</span><span class="p">,</span><span class="w">
</span><span class="nl">"followRedirect"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"sniffing"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"enabled"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w">
</span><span class="nl">"destOverride"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="s2">"http"</span><span class="p">,</span><span class="w">
</span><span class="s2">"tls"</span><span class="w">
</span><span class="p">]</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"streamSettings"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"sockopt"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"tproxy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tproxy"</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">透明代理使用TProxy方式</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">],</span><span class="w">
</span><span class="nl">"outbounds"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"tag"</span><span class="p">:</span><span class="w"> </span><span class="s2">"proxy"</span><span class="p">,</span><span class="w">
</span><span class="nl">"protocol"</span><span class="p">:</span><span class="w"> </span><span class="s2">"vmess"</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">代理伺服器</span><span class="w">
</span><span class="nl">"settings"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"vnext"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="err">...</span><span class="w">
</span><span class="p">]</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"streamSettings"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"sockopt"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"mark"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="err">//這邊建議不要設置為</span><span class="mi">255</span><span class="err">.</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"mux"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"enabled"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>
<h3 id="3-設置ipset">3. 設置ipset</h3>
<p>添加保留地址</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ipset <span class="nt">-N</span> reservedip nethash
ipset add reservedip 224.0.0.0/4
ipset add reservedip 100.64.0.0/10
ipset add reservedip 203.0.113.0/24
ipset add reservedip 192.18.0.0/15
ipset add reservedip 192.88.99.0/24
ipset add reservedip 172.16.0.0/12
ipset add reservedip 0.0.0.0/8
ipset add reservedip 127.0.0.0/8
ipset add reservedip 192.0.2.0/24
ipset add reservedip 192.51.100.0/24
ipset add reservedip 10.0.0.0/8
ipset add reservedip 192.168.0.0/16
ipset add reservedip 255.255.255.255
ipset add reservedip 192.0.0.0/24
ipset add reservedip 240.0.0.0/4
ipset add reservedip 169.254.0.0/16
</code></pre></div></div>
<p>添加自己伺服器的地址(鏈式代理需要,如果不需要可以不用添加)</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ipset <span class="nt">-N</span> myip nethash
ipset add myip 2.2.2.2
</code></pre></div></div>
<p>添加不需要代理的地址(如代理伺服器的地址),1.1.1.1只是例子)</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ipset <span class="nt">-N</span> noproxy nethash
ipset add noproxy 1.1.1.1 <span class="c">#(1.1.1.1只是例子)</span>
</code></pre></div></div>
<h3 id="4-iptables設置">4. iptables設置</h3>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ip rule add fwmark 0x01/0x01 table 100
ip route add <span class="nb">local </span>0.0.0.0/0 dev lo table 100
iptables <span class="nt">-t</span> mangle <span class="nt">-N</span> V2RAY
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-p</span> udp <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> myip dst <span class="nt">-j</span> TPROXY <span class="nt">--on-port</span> 12346 <span class="nt">--tproxy-mark</span> 0x01/0x01 <span class="nt">--on-ip</span> 0.0.0.0
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-p</span> tcp <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> myip dst <span class="nt">-j</span> TPROXY <span class="nt">--on-port</span> 12346 <span class="nt">--tproxy-mark</span> 0x01/0x01 <span class="nt">--on-ip</span> 0.0.0.0
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-j</span> RETURN <span class="nt">-m</span> mark <span class="nt">--mark</span> 2
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> reservedip dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> noproxy dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-p</span> udp <span class="nt">-j</span> TPROXY <span class="nt">--on-port</span> 12345 <span class="nt">--tproxy-mark</span> 0x01/0x01 <span class="nt">--on-ip</span> 0.0.0.0
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-p</span> tcp <span class="nt">-j</span> TPROXY <span class="nt">--on-port</span> 12345 <span class="nt">--tproxy-mark</span> 0x01/0x01 <span class="nt">--on-ip</span> 0.0.0.0
iptables <span class="nt">-t</span> mangle <span class="nt">-N</span> V2RAY_MARK
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> reservedip dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> noproxy dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-m</span> mark <span class="nt">--mark</span> 2 <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-p</span> udp <span class="nt">-j</span> MARK <span class="nt">--set-mark</span> 1
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-p</span> tcp <span class="nt">-j</span> MARK <span class="nt">--set-mark</span> 1
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> PREROUTING <span class="nt">-j</span> V2RAY
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> OUTPUT <span class="nt">-j</span> V2RAY_MARK
</code></pre></div></div>
<h3 id="5-開啓nat">5. 開啓NAT</h3>
<p>對於路由器需要開啓NAT,如果不是路由器請略過此條<br />
其中internet0為鏈接到互聯網的網卡,net0為連接到局域網網卡.</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>iptables <span class="nt">-t</span> nat <span class="nt">-A</span> POSTROUTING <span class="nt">-o</span> internet0 <span class="nt">-j</span> MASQUERADE
iptables <span class="nt">-A</span> FORWARD <span class="nt">-m</span> conntrack <span class="nt">--ctstate</span> RELATED,ESTABLISHED <span class="nt">-j</span> ACCEPT
iptables <span class="nt">-A</span> FORWARD <span class="nt">-i</span> net0 <span class="nt">-o</span> internet0 <span class="nt">-j</span> ACCEPT
</code></pre></div></div>
<h3 id="6-保持配置">6. 保持配置</h3>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ipset save <span class="o">></span> /etc/ipset.conf
iptables-save <span class="o">></span> /etc/iptables/iptables.rules
</code></pre></div></div>
<h3 id="7設置開機啓動">7.設置開機啓動</h3>
<p>編輯/etc/systemd/system/tproxy.service文件,内容如下</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Unit]
Description=Transparent proxy
Before=network-pre.target
Wants=network-pre.target
[Service]
Type=oneshot
ExecStart=/usr/bin/ip rule add fwmark 0x01/0x01 table 100 ; /usr/bin/ip route add local 0.0.0.0/0 dev lo table 100 ; /usr/bin/ipset -f /etc/ipset.conf restore ; /usr/bin/iptables-restore /etc/iptables/iptables.rules
ExecReload=/usr/bin/ipset -f /etc/ipset.conf restore ; /usr/bin/iptables-restore /etc/iptables/iptables.rules
ExecStop=/usr/bin/ip rule del table 100 ; /usr/bin/ip route del local 0.0.0.0/0 dev lo table 100 ; /usr/bin/ipset -f /etc/ipset.conf restore ; /usr/lib/systemd/scripts/iptables-flush
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
</code></pre></div></div>
<p>編輯/usr/lib/systemd/scripts/iptables-flush文件,内容如下</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#/bin/bash</span>
<span class="nv">iptables</span><span class="o">=</span>ip<span class="nv">$1tables</span>
<span class="k">if</span> <span class="o">!</span> <span class="nb">type</span> <span class="nt">-p</span> <span class="s2">"</span><span class="nv">$iptables</span><span class="s2">"</span> &>/dev/null<span class="p">;</span> <span class="k">then
</span><span class="nb">echo</span> <span class="s2">"error: invalid argument"</span>
<span class="nb">exit </span>1
<span class="k">fi
while </span><span class="nb">read</span> <span class="nt">-r</span> table<span class="p">;</span> <span class="k">do
</span>tables+<span class="o">=(</span><span class="s2">"/usr/share/iptables/empty-</span><span class="nv">$table</span><span class="s2">.rules"</span><span class="o">)</span>
<span class="k">done</span> <<span class="s2">"/proc/net/ip</span><span class="nv">$1_tables_names</span><span class="s2">"</span>
<span class="k">if</span> <span class="o">((</span> <span class="k">${#</span><span class="nv">tables</span><span class="p">[*]</span><span class="k">}</span> <span class="o">))</span><span class="p">;</span> <span class="k">then
</span><span class="nb">cat</span> <span class="s2">"</span><span class="k">${</span><span class="nv">tables</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span> | <span class="s2">"</span><span class="nv">$iptables</span><span class="s2">-restore"</span>
<span class="k">fi</span>
</code></pre></div></div>
<p>啓用規則</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl <span class="nb">enable </span>tproxy
</code></pre></div></div>
<blockquote>
<h3 id="参见">参见</h3>
<hr />
<h5 id="--archwiki-iptables">- <a href="https://wiki.archlinux.org/index.php/iptables">ArchWiki iptables</a></h5>
<h5 id="--archwiki-internet-sharing">- <a href="https://wiki.archlinux.org/index.php/Internet_sharing">ArchWiki Internet sharing</a></h5>
<h5 id="--project-v-official">- <a href="https://www.v2fly.org/">Project V Official</a></h5>
</blockquote>小學霸上一篇介紹的透明代理,使用的是REDIRECT(TCP)+TProxy(UDP)的方式,此篇要介紹完全使用TProxy透明代理的方式,注意shadowsocks是不支持TCP使用TProxy的. 1. 加载TPROXY模块 临时加载TPROXY模块: sudo modprobe xt_TPROXY 编辑/etc/modules-load.d/TPROXY.conf 使自动加载TPROXY模块: xt_TPROXYMicroPython外部中斷2019-11-08T00:00:00+00:002019-11-08T00:00:00+00:00https://xuebaxi.com/blog/MicroPython%E5%A4%96%E9%83%A8%E4%B8%AD%E6%96%B7<p>首先我們需要一個中斷處理函數,該函數接受 <a href="http://docs.micropython.org/en/latest/library/machine.Pin.html#machine-pin">machine.Pin</a> 類型的參數</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kn">import</span> <span class="nn">machine</span>
<span class="k">def</span> <span class="nf">handle_interrupt</span><span class="p">(</span><span class="n">pin</span><span class="p">:</span><span class="n">machine</span><span class="p">.</span><span class="n">Pin</span><span class="p">):</span>
<span class="k">print</span><span class="p">(</span><span class="n">pin</span><span class="p">.</span><span class="n">Value</span><span class="p">(</span><span class="mi">0</span><span class="p">))</span>
</code></pre></div></div>
<p>設置用作中斷的引脚</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kn">import</span> <span class="nn">machine</span>
<span class="n">gpio</span> <span class="o">=</span> <span class="n">machine</span><span class="p">.</span><span class="n">Pin</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span><span class="n">machine</span><span class="p">.</span><span class="n">Pin</span><span class="p">.</span><span class="n">IN</span><span class="p">,</span><span class="n">machine</span><span class="p">.</span><span class="n">Pin</span><span class="p">.</span><span class="n">PULL_UP</span><span class="p">)</span>
<span class="n">gpio</span><span class="p">.</span><span class="n">irq</span><span class="p">(</span><span class="n">handler</span><span class="o">=</span><span class="n">handler_interrupt</span><span class="p">,</span><span class="n">trigger</span><span class="o">=</span><span class="n">machine</span><span class="p">.</span><span class="n">Pin</span><span class="p">.</span><span class="n">IRQ_FALLING</span><span class="p">,</span><span class="n">priority</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span><span class="n">wake</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span><span class="n">hard</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span>
</code></pre></div></div>
<p>其中 machine.Pin.irq 方法參數為</p>
<ul>
<li>handler (可選,默認值為None) 是在中斷時調用的函數</li>
<li>trigger (默認值為(machine.Pin.IRQ_FALLING|machine.Pin.IRQ_RISING))可以產生中斷的事件,可以使用 或 選擇多個情況,可能值為:
<ul>
<li>machine.Pin.IRQ_FALLING 在電平下降時中斷</li>
<li>machine.Pin.IRQ_RISING 在電平上升時中斷</li>
<li>machine.Pin.IRQ_LOW_LEVEL 低電平中斷</li>
<li>mcahine.Pin.IRQ_HIGH_LEVEL 高電平中斷</li>
</ul>
</li>
<li>priority (默認為1)設置中斷優先級</li>
<li>wake (默認為None)選擇可喚醒系統的電源模式,可以使用 或 選擇多個電源模式,可能值為:
<ul>
<li>machine.IDLE</li>
<li>machine.SLEEP</li>
<li>machine.DEEPSLEEP</li>
</ul>
</li>
<li>hard (默認False)設置硬中斷</li>
</ul>小學霸首先我們需要一個中斷處理函數,該函數接受 machine.Pin 類型的參數 import machine def handle_interrupt(pin:machine.Pin): print(pin.Value(0)) 設置用作中斷的引脚 import machine gpio = machine.Pin(0,machine.Pin.IN,machine.Pin.PULL_UP) gpio.irq(handler=handler_interrupt,trigger=machine.Pin.IRQ_FALLING,priority=1,wake=None,hard=False) 其中 machine.Pin.irq 方法參數為創建加密raw系統鏡像2019-10-16T00:00:00+00:002019-10-17T00:00:00+00:00https://xuebaxi.com/blog/%E5%89%B5%E5%BB%BA%E5%8A%A0%E5%AF%86raw%E7%B3%BB%E7%B5%B1%E9%8F%A1%E5%83%8F<p>通過此方法生成的鏡像應用到伺服器後,可以在開機的時候使用ssh登陸後輸入密碼。</p>
<h2 id="創建虛擬塊設備">創建虛擬塊設備</h2>
<p>根據您的伺服器硬盤大小創建硬盤大小(一般來說10G即可)</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo dd </span><span class="k">if</span><span class="o">=</span>/dev/zero <span class="nv">of</span><span class="o">=</span>archlinux.raw <span class="nv">bs</span><span class="o">=</span>1M <span class="nv">count</span><span class="o">=</span>10240 <span class="nv">status</span><span class="o">=</span>progress <span class="c">#創建10G大小的鏡像</span>
</code></pre></div></div>
<h2 id="創建迴環設備">創建迴環設備</h2>
<p>將鏡像虛擬為迴環設備,為了對鏡像分區。</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>losetup <span class="nt">-f</span> archlinux.raw
</code></pre></div></div>
<h2 id="查看迴環設備">查看迴環設備</h2>
<p>可以得知/dev/loop0即鏡像,以下以/dev/loop0作為例子.</p>
<div class="language-console highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="gp">[xuebaxi@xuebaxi ~]$</span><span class="w"> </span><span class="nb">sudo </span>losetup <span class="nt">-a</span>
<span class="go">/dev/loop0: [fd00]:26524 (/home/xuebaxi/archlinux.raw)
</span></code></pre></div></div>
<h2 id="對迴環設備分區">對迴環設備分區</h2>
<p>像對待普通硬碟使用fdisk將迴環設備分為:</p>
<ul>
<li>一個/boot分區</li>
<li>一個根分區</li>
</ul>
<h2 id="準備非boot分區">準備非/boot分區</h2>
<p>加密分區,創建文件系統並且掛載.</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>cryptsetup <span class="nt">-y</span> <span class="nt">-v</span> luksFormat /dev/loop0p2
<span class="nb">sudo </span>cryptsetup open /dev/loop0p2 cryptroot
<span class="nb">sudo </span>mkfs.ext4 /dev/mapper/cryptroot
<span class="nb">sudo </span>mount /dev/mapper/cryptroot /mnt
</code></pre></div></div>
<h2 id="準備boot分區">準備/boot分區</h2>
<p>創建文件系統並且掛載</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo mkdir</span> /mut/boot
<span class="nb">sudo </span>mkfs.ext4 /dev/loop0p1
<span class="nb">sudo </span>mount /dev/loop0p1 /mnt/boot
</code></pre></div></div>
<h2 id="生成密鑰">生成密鑰</h2>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh-keygen <span class="nt">-t</span> ed25519
</code></pre></div></div>
<h2 id="將公鑰拷貝到鏡像">將公鑰拷貝到鏡像</h2>
<p>以密鑰名字為id_ed25519(默認名字)為例子</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkdir -p /mnt/etc/tinyssh/root_key
cp ~/.ssh/id_ed25519.pub /mnt/etc/tinyssh/root_key
</code></pre></div></div>
<h2 id="安裝archlinux">安裝archlinux</h2>
<p>參考<a href="https://wiki.archlinux.org/index.php/Install_from_existing_Linux">archlinux官方wiki</a>,安裝完成後不要退出chroot.</p>
<h2 id="安裝遠程輸入密碼需要的包">安裝遠程輸入密碼需要的包</h2>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>pacman <span class="nt">-S</span> mkinitcpio-netconf mkinitcpio-tinyssh mkinitcpio-utils
</code></pre></div></div>
<h2 id="mkinitcpio設置">mkinitcpio設置</h2>
<p>編輯/etc/mkinitcpio.conf在MODULES中加入:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>virtio_pci virtio-net virtio-blk virtio_scsi sd_mod ext4
</code></pre></div></div>
<p>在HOOKS中加入</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>keyboard keymap encryptssh netconf
</code></pre></div></div>
<ul>
<li>注意netconf要在filesystems之前</li>
</ul>
<h2 id="重新生成initramfs">重新生成initramfs</h2>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkinitcpio <span class="nt">-p</span> linux
</code></pre></div></div>
<ul>
<li>注意: 如果遇到錯誤 libgcc_s.so.1 must be installed for pthread_cancel to work, 你需要將 /usr/lib/libgcc_s.so.1 添加到 “BINARIES” 中.</li>
</ul>
<h2 id="設置啟動器">設置啟動器</h2>
<p>設置以下內涵參數,其中device-UUID 為/dev/loop0p2的UUID</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ip=dhcp cryptdevice=UUID=device-UUID:cryptroot root=/dev/mapper/cryptroot
</code></pre></div></div>
<h2 id="退出chroot-環境">退出chroot 環境</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>exit
</code></pre></div></div>
<h2 id="umount分區">umount分區</h2>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>umount <span class="nt">-R</span> /mnt
</code></pre></div></div>
<h2 id="卸載迴環設備">卸載迴環設備</h2>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>losetup <span class="nt">-d</span> /dev/loop0
</code></pre></div></div>小學霸通過此方法生成的鏡像應用到伺服器後,可以在開機的時候使用ssh登陸後輸入密碼。 創建虛擬塊設備 根據您的伺服器硬盤大小創建硬盤大小(一般來說10G即可) sudo dd if=/dev/zero of=archlinux.raw bs=1M count=10240 status=progress #創建10G大小的鏡像透明代理配置2019-10-01T00:00:00+00:002019-11-23T00:00:00+00:00https://xuebaxi.com/blog/%E9%80%8F%E6%98%8E%E4%BB%A3%E7%90%86%E9%85%8D%E7%BD%AE<h1 id="1-只有單個代理">1. 只有單個代理</h1>
<h2 id="v2ray-配置">V2ray 配置</h2>
<p>在<a href="https://v2ray.com/chapter_02/01_overview.html#inboundobject">入站连接配置</a>加入<a href="https://v2ray.com/chapter_02/protocols/dokodemo.html#dokodemo-door">任意門(Dokodemo-door)</a></p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w">
</span><span class="nl">"port"</span><span class="p">:</span><span class="w"> </span><span class="mi">12345</span><span class="p">,</span><span class="w"> </span><span class="err">//开放的端口号</span><span class="w">
</span><span class="nl">"protocol"</span><span class="p">:</span><span class="w"> </span><span class="s2">"dokodemo-door"</span><span class="p">,</span><span class="w">
</span><span class="nl">"settings"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"network"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tcp,udp"</span><span class="p">,</span><span class="w">
</span><span class="nl">"followRedirect"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">这里要为</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="err">才能接受来自</span><span class="w"> </span><span class="err">iptables</span><span class="w"> </span><span class="err">的流量</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"sniffing"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"enabled"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w">
</span><span class="nl">"destOverride"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"http"</span><span class="p">,</span><span class="w"> </span><span class="s2">"tls"</span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>
<p>在<a href="https://v2ray.com/chapter_02/01_overview.html#outboundobject">出站连接配置</a>中的<a href="https://v2ray.com/chapter_02/05_transport.html#%E5%BA%95%E5%B1%82%E4%BC%A0%E8%BE%93%E9%85%8D%E7%BD%AE">streamSettings</a>加入</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nl">"sockopt"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"mark"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>
<p>在出站连接上标记 SO_MARK。(這邊建議不要用255,在我的環境下使用255會出問題)</p>
<ul>
<li>仅适用于 Linux 系统。</li>
<li>需要 CAP_NET_ADMIN 权限。</li>
</ul>
<h2 id="系统设置">系统设置</h2>
<h3 id="1-启用包转发">1. 启用包转发</h3>
<p>临时启用包转发:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>sysctl net.ipv4.ip_forward<span class="o">=</span>1
</code></pre></div></div>
<p>编辑/etc/sysctl.d/30-ipforward.conf使包转发可以永久地应用于所有接口上:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>net.ipv4.ip_forward<span class="o">=</span>1
net.ipv6.conf.default.forwarding<span class="o">=</span>1
net.ipv6.conf.all.forwarding<span class="o">=</span>1
</code></pre></div></div>
<h3 id="2-加载tproxy模块">2. 加载TPROXY模块</h3>
<p>临时加载TPROXY模块:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>modprobe xt_TPROXY
</code></pre></div></div>
<p>编辑/etc/modules-load.d/TPROXY.conf 使自动加载TPROXY模块:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>xt_TPROXY
</code></pre></div></div>
<h3 id="3-ipset-設置">3. ipset 設置</h3>
<p>添加保留地址</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ipset <span class="nt">-N</span> reservedip nethash
ipset add reservedip 224.0.0.0/4
ipset add reservedip 100.64.0.0/10
ipset add reservedip 203.0.113.0/24
ipset add reservedip 192.18.0.0/15
ipset add reservedip 192.88.99.0/24
ipset add reservedip 172.16.0.0/12
ipset add reservedip 0.0.0.0/8
ipset add reservedip 127.0.0.0/8
ipset add reservedip 192.0.2.0/24
ipset add reservedip 192.51.100.0/24
ipset add reservedip 10.0.0.0/8
ipset add reservedip 192.168.0.0/16
ipset add reservedip 255.255.255.255
ipset add reservedip 192.0.0.0/24
ipset add reservedip 240.0.0.0/4
ipset add reservedip 169.254.0.0/16
</code></pre></div></div>
<p>添加不需要代理的地址</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ipset <span class="nt">-N</span> noproxy nethash
ipset add noproxy <伺服器地址>
</code></pre></div></div>
<h3 id="4-iptables-設置">4. iptables 設置</h3>
<ul>
<li>
<h4 id="tcp">tcp</h4>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#/bin/bash</span>
iptables <span class="nt">-t</span> nat <span class="nt">-N</span> SS_SPEC_WAN_FW
iptables <span class="nt">-t</span> nat <span class="nt">-A</span> SS_SPEC_WAN_FW <span class="nt">-p</span> tcp <span class="nt">-j</span> REDIRECT <span class="nt">--to-ports</span> 12345
iptables <span class="nt">-t</span> nat <span class="nt">-N</span> SS_SPEC_WAN_AC
iptables <span class="nt">-t</span> nat <span class="nt">-A</span> SS_SPEC_WAN_AC <span class="nt">-p</span> tcp <span class="nt">-j</span> RETURN <span class="nt">-m</span> mark <span class="nt">--mark</span> 2
iptables <span class="nt">-t</span> nat <span class="nt">-A</span> SS_SPEC_WAN_AC <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> reservedip dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> nat <span class="nt">-A</span> SS_SPEC_WAN_AC <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> noproxy dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> nat <span class="nt">-A</span> SS_SPEC_WAN_AC <span class="nt">-j</span> SS_SPEC_WAN_FW
</code></pre></div> </div>
</li>
<li>
<h4 id="udp">udp</h4>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#/bin/sh</span>
ip rule add fwmark 0x01/0x01 table 100
ip route add <span class="nb">local </span>0.0.0.0/0 dev lo table 100
iptables <span class="nt">-t</span> mangle <span class="nt">-N</span> V2RAY
iptables <span class="nt">-t</span> mangle <span class="nt">-N</span> V2RAY_MARK
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> reservedip dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> noproxy dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-j</span> RETURN <span class="nt">-m</span> mark <span class="nt">--mark</span> 2
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-p</span> udp <span class="nt">-j</span> TPROXY <span class="nt">--on-port</span> 12345 <span class="nt">--tproxy-mark</span> 0x01/0x01
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> reservedip dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> noproxy dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-j</span> RETURN <span class="nt">-m</span> mark <span class="nt">--mark</span> 2
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-p</span> udp <span class="nt">-j</span> MARK <span class="nt">--set-mark</span> 1
</code></pre></div> </div>
<h3 id="5-启用iptables规则">5. 启用iptables规则</h3>
<h4 id="tcp-1">tcp</h4>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>iptables <span class="nt">-t</span> nat <span class="nt">-I</span> PREROUTING 1 <span class="nt">-p</span> tcp <span class="nt">-j</span> SS_SPEC_WAN_AC
iptables <span class="nt">-t</span> nat <span class="nt">-I</span> OUTPUT 1 <span class="nt">-p</span> tcp <span class="nt">-j</span> SS_SPEC_WAN_AC <span class="c">#對本機代理</span>
</code></pre></div> </div>
<h4 id="udp-1">udp</h4>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> PREROUTING <span class="nt">-j</span> V2RAY
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> OUTPUT <span class="nt">-j</span> V2RAY_MARK
</code></pre></div> </div>
</li>
</ul>
<h3 id="6-开机自动应用iptables规则">6. 开机自动应用iptables规则</h3>
<p>记录iptables规则:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>iptables-save <span class="o">></span> /etc/iptables/iptables.rules
</code></pre></div></div>
<p>设置开机自动应用:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl <span class="nb">enable </span>iptables
</code></pre></div></div>
<h1 id="2-有多個代理需要代理轉發">2. 有多個代理,需要代理轉發</h1>
<h2 id="代理配置">代理配置</h2>
<p>此處以兩個代理為例子,使用此方法可以讓除最內層代理外的代理無法參看數據任何內容,起到保護隱私的作用。</p>
<h4 id="shadowsocks例子">shadowsocks(例子)</h4>
<p>外層代理(比如商業提供的代理)</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w">
</span><span class="nl">"server"</span><span class="p">:</span><span class="s2">"1.1.1.1"</span><span class="p">,</span><span class="w">
</span><span class="nl">"server_port"</span><span class="p">:</span><span class="mi">108080</span><span class="p">,</span><span class="w">
</span><span class="nl">"local_address"</span><span class="p">:</span><span class="s2">"0.0.0.0"</span><span class="p">,</span><span class="w">
</span><span class="nl">"local_port"</span><span class="p">:</span><span class="mi">12346</span><span class="p">,</span><span class="w">
</span><span class="nl">"password"</span><span class="p">:</span><span class="s2">"password"</span><span class="p">,</span><span class="w">
</span><span class="nl">"timeout"</span><span class="p">:</span><span class="mi">300</span><span class="p">,</span><span class="w">
</span><span class="nl">"method"</span><span class="p">:</span><span class="s2">""</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>
<p>內層代理(這個建議使用自建的代理)</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w">
</span><span class="nl">"server"</span><span class="p">:</span><span class="s2">"2.2.2.2"</span><span class="p">,</span><span class="w">
</span><span class="nl">"server_port"</span><span class="p">:</span><span class="mi">108080</span><span class="p">,</span><span class="w">
</span><span class="nl">"local_address"</span><span class="p">:</span><span class="s2">"0.0.0.0"</span><span class="p">,</span><span class="w">
</span><span class="nl">"local_port"</span><span class="p">:</span><span class="mi">12345</span><span class="p">,</span><span class="w">
</span><span class="nl">"password"</span><span class="p">:</span><span class="s2">"password"</span><span class="p">,</span><span class="w">
</span><span class="nl">"timeout"</span><span class="p">:</span><span class="mi">300</span><span class="p">,</span><span class="w">
</span><span class="nl">"method"</span><span class="p">:</span><span class="s2">""</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>
<h4 id="v2ray例子">V2Ray(例子)</h4>
<p>應該自己會寫吧(咕咕)</p>
<h2 id="系统设置-1">系统设置</h2>
<h3 id="1-启用包转发-1">1. 启用包转发</h3>
<p>临时启用包转发:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>sysctl net.ipv4.ip_forward<span class="o">=</span>1
</code></pre></div></div>
<p>编辑/etc/sysctl.d/30-ipforward.conf使包转发可以永久地应用于所有接口上:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>net.ipv4.ip_forward<span class="o">=</span>1
net.ipv6.conf.default.forwarding<span class="o">=</span>1
net.ipv6.conf.all.forwarding<span class="o">=</span>1
</code></pre></div></div>
<h3 id="2-加载tproxy模块-1">2. 加载TPROXY模块</h3>
<p>临时加载TPROXY模块:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>modprobe xt_TPROXY
</code></pre></div></div>
<p>编辑/etc/modules-load.d/TPROXY.conf 使自动加载TPROXY模块:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>xt_TPROXY
</code></pre></div></div>
<h3 id="3-設置ipset">3. 設置ipset</h3>
<p>添加保留地址</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ipset <span class="nt">-N</span> reservedip nethash
ipset add reservedip 224.0.0.0/4
ipset add reservedip 100.64.0.0/10
ipset add reservedip 203.0.113.0/24
ipset add reservedip 192.18.0.0/15
ipset add reservedip 192.88.99.0/24
ipset add reservedip 172.16.0.0/12
ipset add reservedip 0.0.0.0/8
ipset add reservedip 127.0.0.0/8
ipset add reservedip 192.0.2.0/24
ipset add reservedip 192.51.100.0/24
ipset add reservedip 10.0.0.0/8
ipset add reservedip 192.168.0.0/16
ipset add reservedip 255.255.255.255
ipset add reservedip 192.0.0.0/24
ipset add reservedip 240.0.0.0/4
ipset add reservedip 169.254.0.0/16
</code></pre></div></div>
<p>添加自己伺服器的地址</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ipset <span class="nt">-N</span> myip nethash
ipset add myip 2.2.2.2
</code></pre></div></div>
<p>添加不需要代理的地址</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ipset <span class="nt">-N</span> noproxy
ipset add noproxy 1.1.1.1
</code></pre></div></div>
<h3 id="4-iptables-設置-1">4. iptables 設置</h3>
<ul>
<li>
<h4 id="tcp-2">tcp</h4>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#/bin/bash</span>
iptables <span class="nt">-t</span> nat <span class="nt">-N</span> SS_SPEC_WAN_FW
iptables <span class="nt">-t</span> nat <span class="nt">-A</span> SS_SPEC_WAN_FW <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> myip dst <span class="nt">-p</span> tcp <span class="nt">-j</span> REDIRECT <span class="nt">--to-ports</span> 12346
<span class="c">#此處的2.2.2.2是上面例子中設置的內層服務器地址,12346是上面例子中外層服務器地址</span>
iptables <span class="nt">-t</span> nat <span class="nt">-A</span> SS_SPEC_WAN_FW <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> noproxy dst <span class="nt">-j</span> RETURN <span class="c">#此1.1.1.1為最外層代理的ip</span>
iptables <span class="nt">-t</span> nat <span class="nt">-A</span> SS_SPEC_WAN_FW <span class="nt">-p</span> tcp <span class="nt">-j</span> REDIRECT <span class="nt">--to-ports</span> 12345 <span class="c">#對其餘流量轉發到最內層代理</span>
iptables <span class="nt">-t</span> nat <span class="nt">-N</span> SS_SPEC_WAN_AC
iptables <span class="nt">-t</span> nat <span class="nt">-A</span> SS_SPEC_WAN_AC <span class="nt">-p</span> tcp <span class="nt">-j</span> RETURN <span class="nt">-m</span> mark <span class="nt">--mark</span> 2
iptables <span class="nt">-t</span> nat <span class="nt">-A</span> SS_SPEC_WAN_AC <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> reservedip dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> nat <span class="nt">-A</span> SS_SPEC_WAN_AC <span class="nt">-j</span> SS_SPEC_WAN_FW
</code></pre></div> </div>
</li>
<li>
<h4 id="udp-2">udp</h4>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#/bin/sh</span>
ip rule add fwmark 0x01/0x01 table 100
ip route add <span class="nb">local </span>0.0.0.0/0 dev lo table 100
iptables <span class="nt">-t</span> mangle <span class="nt">-N</span> V2RAY
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-p</span> udp <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> myip dst <span class="nt">-j</span> TPROXY <span class="nt">--on-port</span> 12346 <span class="nt">--tproxy-mark</span> 0x01/0x01 <span class="nt">--on-ip</span> 0.0.0.0
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-j</span> RETURN <span class="nt">-m</span> mark <span class="nt">--mark</span> 2
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> reservedip dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> noproxy dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY <span class="nt">-p</span> udp <span class="nt">-j</span> TPROXY <span class="nt">--on-port</span> 12345 <span class="nt">--tproxy-mark</span> 0x01/0x01 <span class="nt">--on-ip</span> 0.0.0.0
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> reservedip dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-m</span> <span class="nb">set</span> <span class="nt">--match-set</span> noproxy dst <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-m</span> mark <span class="nt">--mark</span> 2 <span class="nt">-j</span> RETURN
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> V2RAY_MARK <span class="nt">-p</span> udp <span class="nt">-j</span> MARK <span class="nt">--set-mark</span> 1
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> PREROUTING <span class="nt">-j</span> V2RAY
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> OUTPUT <span class="nt">-j</span> V2RAY_MARK
</code></pre></div> </div>
<h3 id="4-启用iptables规则">4. 启用iptables规则</h3>
<h4 id="tcp-3">tcp</h4>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>iptables <span class="nt">-t</span> nat <span class="nt">-I</span> PREROUTING 1 <span class="nt">-p</span> tcp <span class="nt">-j</span> SS_SPEC_WAN_AC
iptables <span class="nt">-t</span> nat <span class="nt">-I</span> OUTPUT 1 <span class="nt">-p</span> tcp <span class="nt">-j</span> SS_SPEC_WAN_AC <span class="c">#對本機代理</span>
</code></pre></div> </div>
<h4 id="udp-3">udp</h4>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> PREROUTING <span class="nt">-j</span> V2RAY
iptables <span class="nt">-t</span> mangle <span class="nt">-A</span> OUTPUT <span class="nt">-j</span> V2RAY_MARK
</code></pre></div> </div>
</li>
</ul>
<h3 id="5开机自动应用iptables规则">5.开机自动应用iptables规则</h3>
<p>记录iptables规则:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>iptables-save <span class="o">></span> /etc/iptables/iptables.rules
</code></pre></div></div>
<p>设置开机自动应用:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl <span class="nb">enable </span>iptables
</code></pre></div></div>
<blockquote>
<h3 id="参见">参见</h3>
<hr />
<h5 id="--ss-nat">- <a href="https://github.com/shadowsocks/shadowsocks-libev/blob/master/src/ss-nat">ss-nat</a></h5>
<h5 id="--archwiki-iptables">- <a href="https://wiki.archlinux.org/index.php/iptables">ArchWiki iptables</a></h5>
<h5 id="--project-v-official">- <a href="https://www.v2fly.org/">Project V Official</a></h5>
</blockquote>小學霸1. 只有單個代理 V2ray 配置 在入站连接配置加入任意門(Dokodemo-door) { "port": 12345, //开放的端口号 "protocol": "dokodemo-door", "settings": { "network": "tcp,udp", "followRedirect": true // 这里要为 true 才能接受来自 iptables 的流量 }, "sniffing": { "enabled": true, "destOverride": ["http", "tls"] } } 在出站连接配置中的streamSettings加入