1
hicdn 2017-09-05 15:35:21 +08:00
google 关键词 openwrt shadowsocks chinadns
|
3
tony1016 2017-09-05 15:54:05 +08:00 1
socks5 可以,http 不行。全局就需要从 TCP 层进行包装,而 HTTP 代理是无法做到的,socks5 可以用 redsocks
|
5
zjqzxc 2017-09-05 15:57:54 +08:00
关键词:透明代理
|
6
anheiyouxia 2017-09-05 16:05:38 +08:00 via Android
iptables
|
7
netfee 2017-09-05 16:34:18 +08:00 via Android
transparent proxy
|
9
whwq2012 2017-09-05 16:42:22 +08:00 via Android
这功能不是老毛子固件自带吗
|
10
Osk 2017-09-05 17:20:58 +08:00 1
可以的,我就是这样用的,redsocks + firewall 规则,能应付大部分的上网和客户端软件的上网需求,部分客户端不能正常使用,不知道是软件需要 socks 代理还是因为代理服务器限制太多导致的。
redsocks 配置文件: ```text # /etc/redsocks.conf base { log_debug = off; log_info = off; daemon = on; redirector= iptables; } redsocks { local_ip = 192.168.1.1; # 最好绑定路由器的 LAN 网段的 IP 地址 local_port = 1080; ip = $HTTP_PROXY_IP; # 支持 http-connet 代理服务器的 ip 地址 port = $HTTP_PROXY_PORT; # 代理服务器端口 type = http-connect; } ``` 将以下 firewall 规则添加到 openwrt 防火墙的用户规则中: ```shell #!/bin/sh #append to /etc/firewall.user redsocks_port=1080 # start iptables iptables -t nat -N PROXYCHAIN # 不重定向保留 IP 地址 # Do not redirect traffic to the followign address ranges iptables -t nat -A PROXYCHAIN -d 127.0.0.0/8 -j RETURN iptables -t nat -A PROXYCHAIN -d 192.168.0.0/16 -j RETURN iptables -t nat -A PROXYCHAIN -d 10.0.0.0/8 -j RETURN iptables -t nat -A PROXYCHAIN -d 224.0.0.0/4 -j RETURN iptables -t nat -A PROXYCHAIN -d 240.0.0.0/4 -j RETURN iptables -t nat -A PROXYCHAIN -d 0.0.0.0/8 -j RETURN iptables -t nat -A PROXYCHAIN -d 169.254.0.0/16 -j RETURN iptables -t nat -A PROXYCHAIN -d 172.16.0.0/12 -j RETURN #SSL connection needs redsocks iptables -t nat -A PROXYCHAIN -p tcp --dport 443 -j REDIRECT --to-ports $redsocks_port #redirect all kinds of traffic iptables -t nat -A PROXYCHAIN -p tcp -j REDIRECT --to-ports $redsocks_port # iptables -t nat -A PROXYCHAIN -p udp -j RETURN iptables -t nat -A PREROUTING -i br-lan -p tcp -j PROXYCHAIN #iptables -t nat -A PREROUTING -i br-lan -p udp -j PROXYCHAIN ``` 最好将中文的注释移除。 redsocks 偶尔会挂掉,所以配合这个脚本完成自动检测和启动 ```shell #!/bin/sh #because openwrt does not have 'nohup' command by default, #so we should ignore SIGHUP trap " " SIGHUP while sleep 5 do pidof redsocks &>/dev/null || { logger "redsocks are not running" /etc/init.d/redsocks restart } done ``` 开机自启: ```shell # Put your custom commands here that should be executed once # the system init finished. By default this file does nothing. #/etc/rc.local ulimit -n 8192 chmod +x /etc/check_redsocks_daemon.sh /etc/check_redsocks_daemon.sh &> /dev/null & exit 0 ``` |
11
acess 2017-09-05 17:21:09 +08:00
WPAD,不过没见几个人用……而且应用程序未必会遵守系统的代理设置。
还是用这个把:redsocks+ss-server+ss-tunnel(用来处理 DNS) |
12
nadoo 2017-09-06 00:00:04 +08:00 via iPhone
|
13
larryzhu 2021-09-27 16:12:52 +08:00
这个功能挺实用的,我也有这个需求,用来过滤广告
|