Skip to content

Instantly share code, notes, and snippets.

@cirias

cirias/01-network-tips.md

Last active December 28, 2016 03:14
Show Gist options
  • Save cirias/a020ae7c223b15079ba1 to your computer and use it in GitHub Desktop.
Save cirias/a020ae7c223b15079ba1 to your computer and use it in GitHub Desktop.
Download ZIP
network-tips
Raw
mosh-over-shadowsocks.md

Mosh over shadowsocks

Specify upd port for Mosh

mosh -p 60003 ...

Add redirect rule in iptalbes

iptables -t nat -A OUTPUT -p udp --dport 60003 -j REDIRECT --to-ports 1090

Start ss-tunnel

ss-tunnel -u -c <config file path> -l 1090 -L <target_server_address>:60003
Raw
mosh-over-vpn.md

/etc/ppp/ip-up.d/02-custom.sh

#!/bin/bash

# This script is called with the following arguments
# Arg Name
# $1 Interface name
# $2 The tty
# $3 The link speed
# $4 Local IP number
# $5 Peer IP number
# $6 Optional ``ipparam'' value foo

ip rule add fwmark 0x01/0x01 table 100
ip route add default dev $1  table 100

# change src addr
iptables -t nat -A POSTROUTING -o $1 -j SNAT --to-source $4
# ssh
iptables -t mangle -A OUTPUT -p tcp --dport 22 -j MARK --set-mark 1
# Mosh
iptables -t mangle -A OUTPUT -p udp -m multiport --dports 60000:61000 -j MARK --set-mark 1

# relax the reverse path source validation
sysctl -w net.ipv4.conf.$1.rp_filter=2

Reference

Raw
surge.md

Configuration Download Address

http://surge.pm/main.conf
@cirias
Copy link
Author

cirias commented Dec 28, 2016 

#!/bin/sh

VIF="tun0"
IF="eth0"
RIP=""

echo "setup route table for neovpn..."

ip route del default table 100
ip route add default dev $VIF table 100


echo "setup ip rule for neovpn..."

ip rule del fwmark 0x01/0x01
ip rule add fwmark 0x01/0x01 table 100


echo "setup iptables NAT for neovpn..."

iptables -t nat -D PREROUTING -p tcp -j NEOVPN
iptables -t nat -D OUTPUT -p tcp -j NEOVPN

iptables -t nat -N NEOVPN || iptables -t nat -F NEOVPN

# TODO - update the CN ip set

# Ignore LANs and any other addresses you'd like to bypass the proxy
iptables -t nat -A NEOVPN -d $RIP/32 -j RETURN
iptables -t nat -A NEOVPN -d 10.0.0.0/8 -j RETURN
iptables -t nat -A NEOVPN -d 127.0.0.0/8 -j RETURN
iptables -t nat -A NEOVPN -d 169.254.0.0/16 -j RETURN
iptables -t nat -A NEOVPN -d 172.16.0.0/12 -j RETURN
iptables -t nat -A NEOVPN -d 192.168.0.0/16 -j RETURN
iptables -t nat -A NEOVPN -m set --match-set ip_cn dst -j RETURN

# Mark all the other packets
iptables -t nat -A NEOVPN -p tcp -j MARK --set-mark 1

# Apply neovpn to external requests
iptables -t nat -A PREROUTING -p tcp -j NEOVPN

# Apply neovpn to local requests
iptables -t nat -A OUTPUT -p tcp -j NEOVPN

# Apply nat
iptables -t nat -A POSTROUTING -o $IF -j MASQUERADE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment