zeaslity/shell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Your commit message

Browse Source
This commit is contained in:
zeaslity
2024-11-27 10:33:20 +08:00
commit 080c7bb97f
911 changed files with 168439 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
v2ray示例/旁路由-透明代理/HomeProxy/Tproxy/iptables-homeProxy-实际使用.sh Normal file
View File

@@ -0,0 +1,76 @@
#!/usr/bin/env bash
# 设置策略路由
# 添加路由表 100
sudo ip route add local default dev lo table 100
# 为路由表 100 设定规则
+ip rule add fwmark 1 table 100
# 创建XRAY过滤器链
iptables -t mangle -N XRAY
# 代理局域网设备
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
# 直连局域网,避免 XRAY 无法启动时无法连网关的 SSH如果你配置的是其他网段如 10.x.x.x 等),则修改成自己的
iptables -t mangle -A XRAY -d 192.168.233.0/24 -p tcp -j RETURN
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS)
iptables -t mangle -A XRAY -d 192.168.233.0/24 -p udp ! --dport 53 -j RETURN
# 给 UDP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -i ens3 -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
# 给 TCP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -i ens3 -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
# 应用规则
iptables -t mangle -A PREROUTING -j XRAY
# 代理网关本机
iptables -t mangle -N XRAY_SELF
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.233.0/24 -p tcp -j RETURN # 直连局域网
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS
iptables -t mangle -A XRAY_SELF -d 192.168.233.0/24 -p udp ! --dport 53 -j RETURN
# 除了上述的所有流量均为进入PostRouting的流量需要判定mark标记然后释放
iptables -t mangle -A XRAY_SELF -m mark --mark 23 -j RETURN
# 为CoreDNS开启PostRouting流量
# 请求UDP-53的流量 放行请求国内dns的请求直接出去
iptables -t mangle -A XRAY_SELF -i ens3 -p udp --dport 53 -j RETURN
# 请求DNS over TLS - 853 的流量 需要重新回到Xray中走代理
#iptables -t mangle -A XRAY_SELF -p tcp --dport 853 -j RETURN
#iptables -t mangle -A XRAY_SELF -p udp --dport 853 -j RETURN
# 所有其他流量,需要重路由
# 给 UDP 打标记,重路由
iptables -t mangle -A XRAY_SELF -i ens3 -p udp -j MARK --set-mark 1
# 给 TCP 打标记,重路由
iptables -t mangle -A XRAY_SELF -i ens3 -p tcp -j MARK --set-mark 1
# 应用规则
iptables -t mangle -A OUTPUT -j XRAY_SELF
# 新建 DIVERT 规则,避免已有连接的包二次通过 TPROXY理论上有一定的性能提升
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -i ens3 -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -I PREROUTING -p tcp -m socket -j DIVERT

18
v2ray示例/旁路由-透明代理/HomeProxy/Tproxy/remove-tporxy-iptables.sh Normal file
View File

@@ -0,0 +1,18 @@
#!/usr/bin/ bash
iptables -t mangle -F XRAY
iptables -t mangle -F XRAY_SELF
iptables -t mangle -F DIVERT
iptables -t mangle -D PREROUTING -j XRAY
iptables -t mangle -D PREROUTING 1
iptables -t mangle -X XRAY
iptables -t mangle -X DIVERT
iptables -t mangle -D OUTPUT -j XRAY_SELF
iptables -t mangle -X XRAY_SELF
sudo ip route del local default dev lo table 100
iptables -t mangle -nL --line-number

185
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/Home-Gateway使用的Xray-配置.json Normal file
View File

@@ -0,0 +1,185 @@
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},
{
"protocol": "socks",
"port": 22999,
"listen": "0.0.0.0",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 10
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 233
}
}
},
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 233
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"streamSettings": {
"sockopt": {
"mark": 233
}
}
}
],
"dns": {
"hosts": {
"proxy.io": "192.168.233.2"
},
"servers": [
{
"address": "223.5.5.5",
"port": 53,
"domains": [
"geosite:cn"
],
"expectIPs": [
"geoip:cn"
]
},
{
"address": "8.8.8.8",
"port": 53,
"domains": [
"geosite:geolocation-!cn"
]
},
"https+local://doh.dns.sb/dns-query"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"inboundTag": [
"all-in"
],
"port": 53,
"outboundTag": "dns-out"
},
{
"type": "field",
"ip": [
"8.8.8.8",
"1.1.1.1"
],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"travel.state.gov",
"geosite:geolocation-!cn"
],
"outboundTag": "proxy"
}
]
}
}

164
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/xray-config-HomeProxy-with-CoreDNS.json Normal file
View File

@@ -0,0 +1,164 @@
// 为了更好的分流体验,请替换默认路由规则文件为 Loyalsoldier/v2ray-rules-dat否则 Xray-core 将无法加载本配置。
//
//sudo curl -oL /usr/local/share/xray/geoip.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat
//sudo curl -oL /usr/local/share/xray/geosite.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat
// https://xtls.github.io/document/level-2/tproxy.html#xray-%E9%85%8D%E7%BD%AE
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"tag": "dns-in",
"port": 53,
"protocol": "dokodemo-door",
"settings": {
"address": "192.168.233.2",
"port": 5353,
"network": "udp",
"userLevel": 1
}
},
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},
{
"protocol": "socks",
"port": 22999,
"listen": "0.0.0.0",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 10
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 23
}
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 23
}
}
},
{
"tag": "block",
"protocol": "blackhole"
}
],
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:private",
"geoip:cn"
],
"domain": [
"geosite:cn",
"geosite:apple-cn"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"8.8.8.8",
"8.8.4.4",
"1.1.1.1",
"1.0.0.1"
],
"domain": [
"geosite:geolocation-!cn"
],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
}
]
}
}

167
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/实际-简洁路由HomeProxy-with-CoreDNS.json Normal file
View File

@@ -0,0 +1,167 @@
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"tag": "dns-in",
"port": 53,
"protocol": "dokodemo-door",
"settings": {
"address": "192.168.233.2",
"port": 5353,
"network": "udp",
"userLevel": 1
}
},
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},
{
"protocol": "socks",
"port": 22999,
"listen": "0.0.0.0",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 10
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 23
}
}
},
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 23
}
}
},
{
"tag": "block",
"protocol": "blackhole"
}
],
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:google",
"geoip:us",
"geoip:facebook",
"geoip:jp",
"geoip:facebook",
"geoip:telegram",
"geoip:twitter",
"1.1.1.1/32",
"1.0.0.1/32",
"8.8.8.8/32",
"8.8.4.4/32"
],
"domain": [
"github.com",
"youtube.com",
"geosite:gfw",
"geosite:greatfire",
"chatgpt.107421.xyz"
],
"outboundTag": "proxy"
},
{
"type": "field",
"ip": [
"223.5.5.5/32",
"119.29.29.29/32",
"180.76.76.76/32",
"114.114.114.114/32",
"geoip:cn",
"geoip:private"
],
"domain": [
"superwdd-my.sharepoint.com",
"sharepoint.com",
"geosite:apple-cn"
],
"outboundTag": "direct"
}
]
}
}

27
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/自动更新路由规则.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
LogPath=/var/log/xray/geoip_update.log
rm -rf /usr/local/share/xray/geosite.dat
rm -rf /usr/local/share/xray/geoip.dat
echo "current time is $(date), start to update geo ip for xray" >> $LogPath
curl --connect-timeout 5 -s -o /dev/null https://www.google.com
if [[ $? -eq 0 ]];then
echo "start to download from github !"
wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat -O /usr/local/share/xray/geosite.dat
wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat -O /usr/local/share/xray/geoip.dat
else
echo "start to download from jsdelivr !"
wget https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat -O /usr/local/share/xray/geosite.dat
wget https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat -O /usr/local/share/xray/geoip.dat
fi
echo "start to restrat xray !" >> $LogPath
systemctl restart xray

9
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/1-docker-redis-bitnami.sh Normal file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env bash
docker run \
-d \
--name redis \
-p 16379:6379 \
-e ALLOW_EMPTY_PASSWORD=yes \
bitnami/redis:6.2.7

72
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/2-CoreDNS Config Corefile.sh Normal file
View File

@@ -0,0 +1,72 @@
#!/usr/bin/env bash
cat > /etc/coredns/Corefile <<EOF
# https://coredns.io/plugins/cache/
(global_cache) {
cache {
# [5, 60]
success 65536 7200 900
# [1, 10]
denial 8192 600 60
prefetch 1 60m 10%
}
}
.:5353 {
ads {
default-lists
blacklist https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
whitelist https://files.krnl.eu/whitelist.txt
log
auto-update-interval 24h
list-store ads-cache
}
errors
# health
# prometheus :9153
import global_cache
template ANY AAAA {
rcode NXDOMAIN
}
dnsredir accelerated-domains.china.conf google.china.conf apple.china.conf mydns.conf {
expire 15s
max_fails 3
health_check 3s
policy round_robin
path_reload 2s
to 223.5.5.5 119.29.29.29 114.114.114.114
no_ipv6
}
hosts {
fallthrough
}
dnsredir . {
expire 60s
max_fails 5
health_check 5s
policy random
spray
to tls://8.8.8.8@dns.google tls://8.8.4.4@dns.google
to tls://1.1.1.1:853 tls://1.0.0.1:853
# to tcp://8.8.8.8
# Global TLS server name
# tls_servername cloudflare-dns.com
}
log
loop
reload 6s
}
EOF

24
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/3-coredns-daemon-service.sh Normal file
View File

@@ -0,0 +1,24 @@
#!bin/bash
cat > /etc/systemd/system/coredns.service << EOF
[Unit]
Description=CoreDNS DNS - Custom Build Plugins server
Documentation=https://coredns.minidump.info/
After=network.target
[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=~
ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF

16
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/3-update-coredns.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/usr/bin/env bash
cat > /usr/local/bin/update_coredns.sh <<EOF
#!/bin/bash
cd /usr/local/etc/
rm accelerated-domains.china.conf
wget https://jsdelivr.icloudnative.io/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf -O /usr/local/etc/accelerated-domains.china.conf
rm apple.china.conf
wget https://jsdelivr.icloudnative.io/gh/felixonmars/dnsmasq-china-list/apple.china.conf -O /usr/local/etc/apple.china.conf
rm google.china.conf
wget https://jsdelivr.icloudnative.io/gh/felixonmars/dnsmasq-china-list/google.china.conf -O /usr/local/etc/google.china.conf
EOF
sudo chmod +x /usr/local/bin/update_coredns.sh

30
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/Corefile-GitHub Normal file
View File

@@ -0,0 +1,30 @@
.:5353 {
ads {
strict-default-lists
blacklist https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
whitelist https://files.krnl.eu/whitelist.txt
log
auto-update-interval 48h
list-store ads-cache
}
hosts {
fallthrough
}
forward . tcp://8.8.8.8 127.0.0.1:53001 {
log
cache
redisc {
endpoint 16379
}
health
reload
}
.:53001 {
bind 127.0.0.1
forward . tls://1.1.1.1:853 {
tls_servername cloudflare-dns.com
}
cache
}

BIN
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/coredns-linux-amd64.zip Normal file
View File

Binary file not shown.

BIN
v2ray示例/旁路由-透明代理/Xray透明代理配置/geoip.dat Normal file
View File

Binary file not shown.

40452
v2ray示例/旁路由-透明代理/Xray透明代理配置/geosite.dat Normal file
View File

File diff suppressed because one or more lines are too long

191
v2ray示例/旁路由-透明代理/Xray透明代理配置/v2ray透明代理配置-2.json Normal file
View File

@@ -0,0 +1,191 @@
// https://guide.v2fly.org/app/tproxy.html#%E4%B8%BA-v2ray-%E9%85%8D%E7%BD%AE%E9%80%8F%E6%98%8E%E4%BB%A3%E7%90%86%E7%9A%84%E5%85%A5%E7%AB%99%E5%92%8C-dns-%E5%88%86%E6%B5%81
{
"inbounds": [
{
"tag":"transparent",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy", // 透明代理使用 TPROXY 方式
"mark":255
}
}
},
{
"port": 1080,
"protocol": "socks", // 入口协议为 SOCKS 5
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth"
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vmess", // 代理服务器
"settings": {
"vnext": [
...
]
},
"streamSettings": {
"sockopt": {
"mark": 255
}
},
"mux": {
"enabled": true
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
},
"streamSettings": {
"sockopt": {
"mark": 255
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"streamSettings": {
"sockopt": {
"mark": 255
}
}
}
],
"dns": {
"servers": [
{
"address": "223.5.5.5", //中国大陆域名使用阿里的 DNS
"port": 53,
"domains": [
"geosite:cn",
"ntp.org", // NTP 服务器
"$myserver.address" // 此处改为你 VPS 的域名
]
},
{
"address": "114.114.114.114", //中国大陆域名使用 114 的 DNS (备用)
"port": 53,
"domains": [
"geosite:cn",
"ntp.org", // NTP 服务器
"$myserver.address" // 此处改为你 VPS 的域名
]
},
{
"address": "8.8.8.8", //非中国大陆域名使用 Google 的 DNS
"port": 53,
"domains": [
"geosite:geolocation-!cn"
]
},
{
"address": "1.1.1.1", //非中国大陆域名使用 Cloudflare 的 DNS
"port": 53,
"domains": [
"geosite:geolocation-!cn"
]
}
]
},
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{ // 劫持 53 端口 UDP 流量,使用 V2Ray 的 DNS
"type": "field",
"inboundTag": [
"transparent"
],
"port": 53,
"network": "udp",
"outboundTag": "dns-out"
},
{ // 直连 123 端口 UDP 流量NTP 协议)
"type": "field",
"inboundTag": [
"transparent"
],
"port": 123,
"network": "udp",
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
// 设置 DNS 配置中的国内 DNS 服务器地址直连,以达到 DNS 分流目的
"223.5.5.5",
"114.114.114.114"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
// 设置 DNS 配置中的国外 DNS 服务器地址走代理,以达到 DNS 分流目的
"8.8.8.8",
"1.1.1.1"
],
"outboundTag": "proxy" // 改为你自己代理的出站 tag
},
{ // 广告拦截
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{ // BT 流量直连
"type": "field",
"protocol":["bittorrent"],
"outboundTag": "direct"
},
{ // 直连中国大陆主流网站 ip 和 保留 ip
"type": "field",
"ip": [
"geoip:private",
"geoip:cn"
],
"outboundTag": "direct"
},
{ // 直连中国大陆主流网站域名
"type": "field",
"domain": [
"geosite:cn"
],
"outboundTag": "direct"
}
]
}
}

150
v2ray示例/旁路由-透明代理/Xray透明代理配置/xray透明代理配置-1.json Normal file
View File

@@ -0,0 +1,150 @@
// 为了更好的分流体验,请替换默认路由规则文件为 Loyalsoldier/v2ray-rules-dat否则 Xray-core 将无法加载本配置。
//
//sudo curl -oL /usr/local/share/xray/geoip.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat
//sudo curl -oL /usr/local/share/xray/geosite.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat
// https://xtls.github.io/document/level-2/tproxy.html#xray-%E9%85%8D%E7%BD%AE
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 2
}
}
},
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "服务端域名",
"port": 443,
"users": [
{
"id": "UUID",
"flow": "xtls-rprx-splice",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"sockopt": {
"mark": 2
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"settings": {
"address": "8.8.8.8"
},
"proxySettings": {
"tag": "proxy"
},
"streamSettings": {
"sockopt": {
"mark": 2
}
}
}
],
"dns": {
"hosts": {
"服务端域名": "服务端 IP"
},
"servers": [
{
"address": "119.29.29.29",
"port": 53,
"domains": ["geosite:cn"],
"expectIPs": ["geoip:cn"]
},
{
"address": "223.5.5.5",
"port": 53,
"domains": ["geosite:cn"],
"expectIPs": ["geoip:cn"]
},
"8.8.8.8",
"1.1.1.1",
"https+local://doh.dns.sb/dns-query"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"inboundTag": ["all-in"],
"port": 53,
"outboundTag": "dns-out"
},
{
"type": "field",
"ip": ["8.8.8.8", "1.1.1.1"],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": ["geosite:category-ads-all"],
"outboundTag": "block"
},
{
"type": "field",
"domain": ["geosite:geolocation-!cn"],
"outboundTag": "proxy"
},
{
"type": "field",
"ip": ["geoip:telegram"],
"outboundTag": "proxy"
}
]
}
}

40
v2ray示例/旁路由-透明代理/Xray透明代理配置/实际使用的透明代理XRAY配置-192.168.11.19.json Normal file
View File

@@ -0,0 +1,40 @@
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 2
}
}
}

25
v2ray示例/旁路由-透明代理/Xray透明代理配置/更新geoip的脚本.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash
LogPath=/var/log/xray/geoip_update.log
rm -rf /usr/local/share/xray/geosite.dat
rm -rf /usr/local/share/xray/geoip.dat
echo "current time is $(date), start to update geo ip for xray" >> $LogPath
curl --connect-timeout 5 -s -o /dev/null https://www.google.com
if [[ $? -eq 0 ]];then
echo "start to download from github !"
wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat -O /usr/local/share/xray/geosite.dat
wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat -O /usr/local/share/xray/geoip.dat
else
echo "start to download from jsdelivr !"
wget https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat -O /usr/local/share/xray/geosite.dat
wget https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat -O /usr/local/share/xray/geoip.dat
fi
echo "start to restrat xray !" >> $LogPath
systemctl restart xray

40
v2ray示例/旁路由-透明代理/Xray透明代理配置/香港Xray节点.json Normal file
View File

@@ -0,0 +1,40 @@
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 2
}
}
}

65
v2ray示例/旁路由-透明代理/iptbles规则/实际使用的透明代理-192.168.11.19.iptables Normal file
View File

@@ -0,0 +1,65 @@
# 设置策略路由
# 添加路由表 100
sudo ip route add local default dev lo table 100
# 为路由表 100 设定规则
ip rule add fwmark 1 table 100
# 创建XRAY过滤器链
iptables -t mangle -N XRAY
# 代理局域网设备
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
# 直连局域网,避免 XRAY 无法启动时无法连网关的 SSH如果你配置的是其他网段如 10.x.x.x 等),则修改成自己的
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p tcp -j RETURN
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS)
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
# 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数数值上等同与上面XRAY 配置的 255)此规则目的是解决XRAY占用大量CPUhttps://github.com/XRAY/XRAY-core/issues/2621
#iptables -t mangle -A XRAY -j RETURN -m mark --mark 0xff
# 给 UDP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
# 给 TCP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
# 应用规则
iptables -t mangle -A PREROUTING -j XRAY
# 代理网关本机
iptables -t mangle -N XRAY_SELF
iptables -t mangle -A XRAY_SELF -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY_SELF -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY_SELF -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY_SELF -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p tcp -j RETURN # 直连局域网
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
# 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数数值上等同与上面XRAY 配置的 255),此规则目的是避免代理本机(网关)流量出现回环问题
#iptables -t mangle -A XRAY_SELF -m mark --mark 0xff -j RETURN
iptables -t mangle -A XRAY_SELF -m mark --mark 2 -j RETURN
# 给 UDP 打标记,重路由
iptables -t mangle -A XRAY_SELF -p udp -j MARK --set-mark 1
# 给 TCP 打标记,重路由
iptables -t mangle -A XRAY_SELF -p tcp -j MARK --set-mark 1
# 应用规则
iptables -t mangle -A OUTPUT -j XRAY_SELF

14
v2ray示例/旁路由-透明代理/iptbles规则/转发tailscale的33389端口的流量.iptables Normal file
View File

@@ -0,0 +1,14 @@
iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 192.168.126.37
iptables -t nat -A PREROUTING -p udp --dport 3389 -j DNAT --to 192.168.126.37
iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 192.168.126.41
iptables -t nat -A PREROUTING -p udp --dport 3389 -j DNAT --to 192.168.126.41
## tenda router
iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 192.168.126.32
iptables -t nat -A PREROUTING -p udp --dport 3389 -j DNAT --to 192.168.126.32

32
v2ray示例/旁路由-透明代理/iptbles规则/透明代理-v2ray官方.iptables Normal file
View File

@@ -0,0 +1,32 @@
# 设置策略路由
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100
# 代理局域网设备
iptables -t mangle -N V2RAY
iptables -t mangle -A V2RAY -d 127.0.0.1/32 -j RETURN
iptables -t mangle -A V2RAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A V2RAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A V2RAY -d 192.168.0.0/16 -p tcp -j RETURN # 直连局域网,避免 V2Ray 无法启动时无法连网关的 SSH如果你配置的是其他网段如 10.x.x.x 等),则修改成自己的
iptables -t mangle -A V2RAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN # 直连局域网53 端口除外(因为要使用 V2Ray 的 DNS)
iptables -t mangle -A V2RAY -j RETURN -m mark --mark 0xff # 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数数值上等同与上面V2Ray 配置的 255)此规则目的是解决v2ray占用大量CPUhttps://github.com/v2ray/v2ray-core/issues/2621
iptables -t mangle -A V2RAY -p udp -j TPROXY --on-ip 127.0.0.1 --on-port 12345 --tproxy-mark 1 # 给 UDP 打标记 1转发至 12345 端口
iptables -t mangle -A V2RAY -p tcp -j TPROXY --on-ip 127.0.0.1 --on-port 12345 --tproxy-mark 1 # 给 TCP 打标记 1转发至 12345 端口
iptables -t mangle -A PREROUTING -j V2RAY # 应用规则
# 代理网关本机
iptables -t mangle -N V2RAY_MASK
iptables -t mangle -A V2RAY_MASK -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A V2RAY_MASK -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A V2RAY_MASK -d 192.168.0.0/16 -p tcp -j RETURN # 直连局域网
iptables -t mangle -A V2RAY_MASK -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN # 直连局域网53 端口除外(因为要使用 V2Ray 的 DNS
iptables -t mangle -A V2RAY_MASK -j RETURN -m mark --mark 0xff # 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数数值上等同与上面V2Ray 配置的 255),此规则目的是避免代理本机(网关)流量出现回环问题
iptables -t mangle -A V2RAY_MASK -p udp -j MARK --set-mark 1 # 给 UDP 打标记,重路由
iptables -t mangle -A V2RAY_MASK -p tcp -j MARK --set-mark 1 # 给 TCP 打标记,重路由
iptables -t mangle -A OUTPUT -j V2RAY_MASK # 应用规则
# 新建 DIVERT 规则,避免已有连接的包二次通过 TPROXY理论上有一定的性能提升
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -I PREROUTING -p tcp -m socket -j DIVERT

40
v2ray示例/旁路由-透明代理/iptbles规则/透明代理-xray官方.iptables Normal file
View File

@@ -0,0 +1,40 @@
sudo ip route add local default dev lo table 100 # 添加路由表 100
sudo ip rule add fwmark 1 table 100 # 为路由表 100 设定规则
iptables -t mangle -N XRAY
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p tcp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j XRAY
iptables -t mangle -N XRAY_SELF
iptables -t mangle -A XRAY_SELF -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY_SELF -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY_SELF -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY_SELF -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p tcp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -m mark --mark 2 -j RETURN
iptables -t mangle -A XRAY_SELF -p tcp -j MARK --set-mark 1
iptables -t mangle -A XRAY_SELF -p udp -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -j XRAY_SELF

0
v2ray示例/旁路由-透明代理/基于xray-splice转发的透明代理配置.json Normal file
View File