本帖最後由 tomleehk 於 2019-11-5 19:53 編輯
回復 16# harold
我當年Openwrt + ss-client tcp轉發所用嘅script, 不知有無幫助- #!/bin/sh
- #create a new chain named SHADOWSOCKS
- iptables -t nat -N SHADOWSOCKS
- # Ignore your shadowsocks server's addresses
- # It's very IMPORTANT, just be careful.
- iptables -t nat -A SHADOWSOCKS -p tcp --dport 993 -j RETURN
- # Ignore LANs IP address
- iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
- iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
- iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
- iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
- iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
- iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
- iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
- iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
- # Anything else should be redirected to shadowsocks's local port
- iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080
- # Apply the rules
- iptables -t nat -I PREROUTING -p tcp -j SHADOWSOCKS
複製代碼 其中
iptables -t nat -A SHADOWSOCKS -p tcp --dport 993 -j RETURN
--dport 993, 993 喺 server side 嘅listening port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080
--to-ports 1080 , 1080 喺 client side 嘅listening port
Good Luck !! |