Configuration of transparent V2Ray proxy server using Raspberry Pi 3b 树莓派做V2Ray透明代理 (第三种组合)
透明代理从第一种组合【1】,需要两个routers,可能这个模式比较适合作者的环境。这个组合(硬件和软件)有一些非常好的地方,就是大陆和墙外的网站可以自由选择,没有多大的问题。而官网指向的白话文,router少了一个,而settings也用他的【2】,但是看墙外的东西是没有问题,但是在大陆看大陆网站就打不开。于是我就想起用第二组合network configuration,而用第一组合的software settings,得出第三个组合。参考文献:
【1】[url]http://www.telecom-cafe.com/forum/viewthread.php?tid=7300[/url]
【2】[url]http://www.telecom-cafe.com/forum/viewthread.php?tid=7301[/url] /etc/v2ray/config.json[code]
{
"inbounds": [
{
"protocol": "socks",
"port": 1081, // SOCKS 代理端口,在浏览器中需配置代理并指向这个端口
"listen": "192.168.1.22",
"settings": {
"udp": true
}
},
{
"protocol": "dokodemo-door",
"port": 12345,
"domainOverride": ["tls","http"],
"settings": {
"network": "tcp,udp",
"followRedirect": true
}
},
{
"protocol": "dokodemo-door",
"port": 53,
"listen": "192.168.1.22",
"settings": {
"address": "8.8.8.8",
"port": 53,
"network": "udp",
"timeout": 0,
"followredirect": false
}
}
],
"outbounds": [{
"protocol": "vmess",
"settings": {
"vnext": [{
"address": "服务器 ip 或域名", // 服务器地址,请修改为你自己的服务器 ip 或域名
"port": 10086, // 服务器端口
"users": [{ "id": "UUID" }]
}]
},
"streamSettings": {
"network": "kcp",
"kcpSettings": {
"header": {
"type": "wechat-video"
}
},
"sockopt":{
"mark": 1
}
}
},
{
"protocol": "freedom",
"tag": "direct",
"settings": {}
}],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [{
"type": "field",
"domain": ["geosite:cn"],
"ip": ["geoip:private"],
"ip": ["geoip:cn"],
"outboundTag": "direct"
}]
}
}
[/code]. [i=s] 本帖最後由 角色 於 2019-2-2 18:50 編輯 [/i]
iptables commands[code]
#!/bin/bash
# TCP
# Create new chain
iptables -t nat -N V2RAY
# Ignore your V2Ray server's addresses
# It's very IMPORTANT, just be careful.
iptables -t nat -A V2RAY -d 1.2.3.4 -j RETURN #1.2.3.4需要更改你的remote V2Ray IP address
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
iptables -t nat -A V2RAY -d 0.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 10.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 127.0.0.0/8 -j RETURN
iptables -t nat -A V2RAY -d 169.254.0.0/16 -j RETURN
iptables -t nat -A V2RAY -d 172.16.0.0/12 -j RETURN
iptables -t nat -A V2RAY -d 192.168.0.0/16 -j RETURN
iptables -t nat -A V2RAY -d 224.0.0.0/4 -j RETURN
iptables -t nat -A V2RAY -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to Dokodemo-door's local port
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 12345
# Apply the rules
iptables -t nat -A PREROUTING -p tcp -j V2RAY
#iptables -t nat -A OUTPUT -p tcp -j V2RAY
#UDP
# Create new chain
ip route add local 0.0.0.0/0 dev lo table 100
ip rule add fwmark 1 table 100
iptables -t mangle -N V2RAY_MARK
# Ignore your V2Ray server's addresses
# It's very IMPORTANT, just be careful.
iptables -t mangle -A V2RAY_MARK -d 1.2.3.4 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
iptables -t mangle -A V2RAY_MARK -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A V2RAY_MARK -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A V2RAY_MARK -p udp --dport 53 -j RETURN
# Anything else should be redirected to Dokodemo-door's local port
iptables -t mangle -A V2RAY_MARK -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
# Add any UDP rules
iptables -t mangle -A PREROUTING -p udp -j V2RAY_MARK
#iptables -t mangle -A OUTPUT -j V2RAY_MARK
[/code]. 测试结果和之前第一组合一样,在V2Ray本机是不能上外国网站,估计是iptables问题,这个要慢慢研究。
頁:
[1]