这是一个创建于 2048 天前的主题,其中的信息可能已经有所发展或是发生改变。
# Generated by iptables-save v1.6.0 on Mon Apr 15 17:55:19 2019
*mangle
:PREROUTING ACCEPT [655:90164]
:INPUT ACCEPT [263:21554]
:FORWARD ACCEPT [392:68610]
:OUTPUT ACCEPT [319:36284]
:POSTROUTING ACCEPT [711:104894]
:SS-UDP - [0:0]
-A PREROUTING -s 10.10.10.0/32 -p udp -j SS-UDP
-A SS-UDP -d 0.0.0.0/8 -j RETURN
-A SS-UDP -d 127.0.0.0/8 -j RETURN
-A SS-UDP -d 10.0.0.0/8 -j RETURN
-A SS-UDP -d 169.254.0.0/16 -j RETURN
-A SS-UDP -d 172.16.0.0/12 -j RETURN
-A SS-UDP -d 192.168.0.0/16 -j RETURN
-A SS-UDP -d 224.0.0.0/4 -j RETURN
-A SS-UDP -d 240.0.0.0/4 -j RETURN
-A SS-UDP -d 89.208.244.206/32 -j RETURN
-A SS-UDP -m set --match-set chnip dst -j RETURN
-A SS-UDP -p udp -j TPROXY --on-port 1081 --on-ip 127.0.0.1 --tproxy-mark 0x2333/0x2333
COMMIT
# Completed on Mon Apr 15 17:55:19 2019
# Generated by iptables-save v1.6.0 on Mon Apr 15 17:55:19 2019
*nat
:PREROUTING ACCEPT [19:3198]
:INPUT ACCEPT [17:1753]
:OUTPUT ACCEPT [5:316]
:POSTROUTING ACCEPT [6:376]
:SS-TCP - [0:0]
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 10.10.10.1:2053
-A PREROUTING -p tcp -m tcp --dport 1194 -j DNAT --to-destination 10.10.10.129:1194
-A PREROUTING -s 10.10.10.0/32 -p tcp -j SS-TCP
-A OUTPUT -p tcp -j SS-TCP
-A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to-source 0.0.0.0
-A POSTROUTING -s 10.10.10.0/32 -j MASQUERADE
-A SS-TCP -d 0.0.0.0/8 -j RETURN
-A SS-TCP -d 127.0.0.0/8 -j RETURN
-A SS-TCP -d 10.0.0.0/8 -j RETURN
-A SS-TCP -d 169.254.0.0/16 -j RETURN
-A SS-TCP -d 172.16.0.0/12 -j RETURN
-A SS-TCP -d 192.168.0.0/16 -j RETURN
-A SS-TCP -d 224.0.0.0/4 -j RETURN
-A SS-TCP -d 240.0.0.0/4 -j RETURN
-A SS-TCP -d 89.208.244.206/32 -j RETURN
-A SS-TCP -m set --match-set chnip dst -j RETURN
-A SS-TCP -p tcp -j REDIRECT --to-ports 1081
COMMIT
# Completed on Mon Apr 15 17:55:19 2019
# Generated by iptables-save v1.6.0 on Mon Apr 15 17:55:19 2019
*filter
:INPUT ACCEPT [691:69795]
:FORWARD ACCEPT [7047:3070120]
:OUTPUT ACCEPT [897:99003]
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 1081 -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 1080 -j DROP
COMMIT
# Completed on Mon Apr 15 17:55:19 2019
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.3 netmask 255.255.255.0 broadcast 192.168.1.255
ether b8:27:eb:70:63:74 txqueuelen 1000 (Ethernet)
RX packets 5166 bytes 2766147 (2.6 MiB)
RX errors 0 dropped 672 overruns 0 frame 0
TX packets 3887 bytes 667515 (651.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.10.10.1 netmask 255.255.255.0 broadcast 10.10.10.255
ether 00:0e:c6:b1:20:1e txqueuelen 1000 (Ethernet)
RX packets 4079 bytes 611552 (597.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4994 bytes 2789359 (2.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 147 bytes 18537 (18.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 147 bytes 18537 (18.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ss-redir netstat -anp | grep 1081
tcp 0 0 0.0.0.0:1081 0.0.0.0:* LISTEN 602/ss-redir
udp 0 0 0.0.0.0:1081 0.0.0.0:* 602/ss-redir
➜ ss-redir
这样配置 路由器本机是正常的,但是处于 10.10.10.x 网段下的 所有主机 是无法经过代理的 之前半夜里面 不知道是配置了一条什么 iptables 就让 10.10.10.x 网段下的机器 成功透明代理了, 但是那条指令没记录下来,求大佬帮助
 |
1
q397064399 OP 重赏 30 个银币 >_< 求大佬帮忙
|
 |
2
Andy1999 2019-04-16 01:17:45 +08:00 via iPhone
搜一下 ss-tproxy
|
 |
3
cq65617875 2019-04-16 08:33:18 +08:00
-A PREROUTING -s 10.10.10.0/32 -p tcp -j SS-TCP =>
-A PREROUTING -s 10.10.10.0/24 -p tcp -j SS-TCP |
Select Language