|
|
@ -128,6 +128,7 @@ ss-redir requires netfilter's NAT function. Here is an example: |
|
|
.... |
|
|
.... |
|
|
# Create new chain |
|
|
# Create new chain |
|
|
root@Wrt:~# iptables -t nat -N SHADOWSOCKS |
|
|
root@Wrt:~# iptables -t nat -N SHADOWSOCKS |
|
|
|
|
|
root@Wrt:~# iptables -t mangle -N SHADOWSOCKS |
|
|
|
|
|
|
|
|
# Ignore your shadowsocks server's addresses |
|
|
# Ignore your shadowsocks server's addresses |
|
|
# It's very IMPORTANT, just be careful. |
|
|
# It's very IMPORTANT, just be careful. |
|
|
@ -149,8 +150,8 @@ root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN |
|
|
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345 |
|
|
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345 |
|
|
|
|
|
|
|
|
# Add any UDP rules |
|
|
# Add any UDP rules |
|
|
root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100 |
|
|
|
|
|
root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100 |
|
|
|
|
|
|
|
|
root@Wrt:~# ip route add local default dev lo table 100 |
|
|
|
|
|
root@Wrt:~# ip rule add fwmark 1 lookup 100 |
|
|
root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01 |
|
|
root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01 |
|
|
|
|
|
|
|
|
# Apply the rules |
|
|
# Apply the rules |
|
|
|
不可描述先生
7 years ago
Max Lv