{"id":19071,"date":"2020-02-06T01:29:20","date_gmt":"2020-02-05T17:29:20","guid":{"rendered":"http:\/\/4563.org\/?p=19071"},"modified":"2020-02-06T01:29:20","modified_gmt":"2020-02-05T17:29:20","slug":"v%e4%ba%8c-%e7%9a%84%e3%80%80tproxy-iptables-%e6%8a%a5%e9%94%99","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=19071","title":{"rendered":"V\u4e8c \u7684\u3000TPROXY iptables \u62a5\u9519"},"content":{"rendered":"\n

\t\t\t\t\tSparta<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-19 20:04:22\t<\/p>\n

V\u4e8c \u7684\u3000TPROXY iptables \u62a5\u9519<\/h3>\n

\t\tdebian 10, \u8f93\u5165\u5982\u4e0b\u4ee3\u7801\u540e\uff0c\u62a5\u9519\uff1a\u3000iptables v1.8.2 (nf_tables):RULE_APPEND failed (Invalid argument): rule in chain OUTPUT
\u5927\u4f6c\u4eec\u90fd\u600e\u4e48\u8bbe\u7f6e\u7684\uff1f
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0\/0 dev lo table 100<\/p>\n

iptables -t mangle -N V2RAY
iptables -t mangle -A V2RAY -d 127.0.0.1\/32 -j RETURN
iptables -t mangle -A V2RAY -d 224.0.0.0\/4 -j RETURN
iptables -t mangle -A V2RAY -d 255.255.255.255\/32 -j RETURN
iptables -t mangle -A V2RAY -d 192.168.0.0\/16 -p tcp -j RETURN
iptables -t mangle -A V2RAY -d 192.168.0.0\/16 -p udp ! –dport 53 -j RETURN
iptables -t mangle -A V2RAY -p udp -j TPROXY –on-port 12345 –tproxy-mark 1
iptables -t mangle -A V2RAY -p tcp -j TPROXY –on-port 12345 –tproxy-mark 1
iptables -t mangle -A PREROUTING -j V2RAY <\/p>\n

iptables -t mangle -N V2RAY_MASK
iptables -t mangle -A V2RAY_MASK -d 224.0.0.0\/4 -j RETURN
iptables -t mangle -A V2RAY_MASK -d 255.255.255.255\/32 -j RETURN
iptables -t mangle -A V2RAY_MASK -d 192.168.0.0\/16 -p tcp -j RETURN
iptables -t mangle -A V2RAY_MASK -d 192.168.0.0\/16 -p udp ! –dport 53 -j RETURN
iptables -t mangle -A V2RAY_MASK -j RETURN -m mark –mark 0xff   
iptables -t mangle -A V2RAY_MASK -p udp -j MARK –set-mark 1
iptables -t mangle -A V2RAY_MASK -p tcp -j MARK –set-mark 1   
iptables -t mangle -A OUTPUT -j V2RAY_MASK\t\t\t\t<\/p>\n

\t\t\t\t\tchinni<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-19 20:25:31\t<\/p>\n

<\/h3>\n

\t\t \u672c\u5e16\u6700\u540e\u7531 chinni \u4e8e 2020-1-19 20:26 \u7f16\u8f91 <\/p>\n

\u914d\u5408ipset \u624d\u662f\u738b\u9053<\/p>\n

\u57fa\u672c\u914d\u7f6e
# Generated by iptables-save v1.6.0 on Sat Jan 11 10:14:55 2020
*raw
:PREROUTING ACCEPT
:OUTPUT ACCEPT
COMMIT
# Completed on Sat Jan 11 10:14:55 2020
# Generated by iptables-save v1.6.0 on Sat Jan 11 10:14:55 2020
*mangle
:PREROUTING ACCEPT
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
:tls-proxy –
-A PREROUTING -p udp -j tls-proxy
-A PREROUTING -p tcp -j tls-proxy
-A tls-proxy -m set –match-set local dst -j RETURN
-A tls-proxy -m set –match-set vps dst -j RETURN
-A tls-proxy -m set –match-set exclude dst -j RETURN
-A tls-proxy -m set –match-set chinaip dst -j RETURN
-A tls-proxy -p udp -m udp -j TPROXY –on-port 60080 –on-ip 0.0.0.0 –tproxy-mark 0x1\/0x1
-A tls-proxy -p tcp -m tcp -j TPROXY –on-port 60080 –on-ip 0.0.0.0 –tproxy-mark 0x1\/0x1
COMMIT
# Completed on Sat Jan 11 10:14:55 2020
# Generated by iptables-save v1.6.0 on Sat Jan 11 10:14:55 2020
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT <\/p>\n

COMMIT
# Completed on Sat Jan 11 10:14:55 2020
# Generated by iptables-save v1.6.0 on Sat Jan 11 10:14:55 2020
*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
COMMIT
# Completed on Sat Jan 11 10:14:55 2020<\/p>\n

\u542f\u7528\u811a\u672c<\/p>\n

ip rule add fwmark 0x01\/0x01 table 100
      ip route add local 0.0.0.0\/0 dev lo table 100
      iptables -t mangle -A PREROUTING -p udp -j tls-proxy
      iptables -t mangle -A PREROUTING -p tcp -j tls-proxy \t\t\t\t<\/p>\n

\t\t\t\t\tSparta<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-21 13:15:03\t<\/p>\n

<\/h3>\n

\t\tchinni \u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-19 20:25
\u914d\u5408ipset \u624d\u662f\u738b\u9053<\/p>\n

\u57fa\u672c\u914d\u7f6e<\/p>\n

\u5927\u4f6c\u4e5f\u62a5\u9519\uff1a
iptables-restore v1.8.2 (nf_tables): Set local doesn’t exist.\t\t\t\t<\/p>\n

\t\t\t\t\tealkeq<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-21 13:27:16\t<\/p>\n

<\/h3>\n

\t\tdebian10\u7528\u7684nftables,\u76f8\u5173\u547d\u4ee4\u53bb\u627e\u624b\u518c\u770b\u770b\t\t\t\t<\/p>\n

\t\t\t\t\tchinni<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-27 00:25:49\t<\/p>\n

<\/h3>\n

\t\tSparta \u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-21 13:15
\u5927\u4f6c\u4e5f\u62a5\u9519\uff1a<\/p>\n

\u4f60\u9700\u8981\u6709 \u5bf9\u5e94\u7684 ipset \u8868\t\t\t\t<\/p>\n

\t\t\t\t\thcyme<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-27 00:29:03\t<\/p>\n

<\/h3>\n

\t\t\u7f3a\u4f9d\u8d56\u5305\u5427\uff0cd10\u6ca1\u95ee\u9898\uff0c\u8001\u7684\u624d\u6298\u78e8\u4eba\uff0c\u540e\u6765\u5e72\u8106\u7528openwrt\uff0c\u7b80\u5355\u7701\u5fc3\t\t\t <\/p>\n","protected":false},"excerpt":{"rendered":"

Sparta \u5927\u4f6c\u6709\u8bdd\u8bf4 : 20…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/19071"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=19071"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/19071\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=19071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=19071"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=19071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}