mosh -p 60003 ...iptables -t nat -A OUTPUT -p udp --dport 60003 -j REDIRECT --to-ports 1090ss-tunnel -u -c <config file path> -l 1090 -L <target_server_address>:60003
Last active
December 28, 2016 03:14
-
-
Save cirias/a020ae7c223b15079ba1 to your computer and use it in GitHub Desktop.
network-tips
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/etc/ppp/ip-up.d/02-custom.sh
#!/bin/bash
# This script is called with the following arguments
# Arg Name
# $1 Interface name
# $2 The tty
# $3 The link speed
# $4 Local IP number
# $5 Peer IP number
# $6 Optional ``ipparam'' value foo
ip rule add fwmark 0x01/0x01 table 100
ip route add default dev $1 table 100
# change src addr
iptables -t nat -A POSTROUTING -o $1 -j SNAT --to-source $4
# ssh
iptables -t mangle -A OUTPUT -p tcp --dport 22 -j MARK --set-mark 1
# Mosh
iptables -t mangle -A OUTPUT -p udp -m multiport --dports 60000:61000 -j MARK --set-mark 1
# relax the reverse path source validation
sysctl -w net.ipv4.conf.$1.rp_filter=2
Author
cirias
commented
Nov 13, 2015
ip rule add fwmark 0x01/0x01 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N SHADOWSOCKS
iptables -t mangle -A SHADOWSOCKS -p udp -m owner --gid-owner sirius -j TPROXY --on-port 1090 --tproxy-mark 0x01/0x01
iptables -t mangle -A SHADOWSOCKS -p udp -m multiport --dports 60000:61000 -j TPROXY --on-port 1090 --tproxy-mark 0x01/0x01
iptables -t mangle -A SHADOWSOCKS -p udp --dport 60000 -j TPROXY --on-port 1090 --on-ip 127.0.0.1 --tproxy-mark 0x01/0x01
iptables -t mangle -A PREROUTING -j SHADOWSOCKS
iptables -t mangle -A POSTROUTING -j SHADOWSOCKS
iptables -t mangle -D SHADOWSOCKS -p udp -m owner --gid-owner sirius -j TPROXY --on-port 1090 --tproxy-mark 0x01/0x01
iptables -t mangle -D SHADOWSOCKS -p udp -m multiport --dports 60000:61000 -j TPROXY --on-port 1090 --tproxy-mark 0x01/0x01
iptables -t mangle -D SHADOWSOCKS -p udp --dport 60000 -j TPROXY --on-port 1090 --tproxy-mark 0x01/0x01
iptables -t nat -A OUTPUT -p udp --dport 60003 -j REDIRECT --to-ports 1090
#!/bin/sh
VIF="tun0"
IF="eth0"
RIP=""
echo "setup route table for neovpn..."
ip route del default table 100
ip route add default dev $VIF table 100
echo "setup ip rule for neovpn..."
ip rule del fwmark 0x01/0x01
ip rule add fwmark 0x01/0x01 table 100
echo "setup iptables NAT for neovpn..."
iptables -t nat -D PREROUTING -p tcp -j NEOVPN
iptables -t nat -D OUTPUT -p tcp -j NEOVPN
iptables -t nat -N NEOVPN || iptables -t nat -F NEOVPN
# TODO - update the CN ip set
# Ignore LANs and any other addresses you'd like to bypass the proxy
iptables -t nat -A NEOVPN -d $RIP/32 -j RETURN
iptables -t nat -A NEOVPN -d 10.0.0.0/8 -j RETURN
iptables -t nat -A NEOVPN -d 127.0.0.0/8 -j RETURN
iptables -t nat -A NEOVPN -d 169.254.0.0/16 -j RETURN
iptables -t nat -A NEOVPN -d 172.16.0.0/12 -j RETURN
iptables -t nat -A NEOVPN -d 192.168.0.0/16 -j RETURN
iptables -t nat -A NEOVPN -m set --match-set ip_cn dst -j RETURN
# Mark all the other packets
iptables -t nat -A NEOVPN -p tcp -j MARK --set-mark 1
# Apply neovpn to external requests
iptables -t nat -A PREROUTING -p tcp -j NEOVPN
# Apply neovpn to local requests
iptables -t nat -A OUTPUT -p tcp -j NEOVPN
# Apply nat
iptables -t nat -A POSTROUTING -o $IF -j MASQUERADE
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment