yumoqing/softroute
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: yumoqing:a93c50e81011c2fc66b007ad2c998bccdacbaa8b
Branches Tags
yumoqing:main
...
compare: yumoqing:ad57c57dd25a7c74944464884288cc2c7d744a41
Branches Tags
yumoqing:main

2 Commits
a93c50e810 ... ad57c57dd2

Author SHA1 Message Date
yumoqing
ad57c57dd2 bugfix 2025-12-02 11:00:09 +08:00
yumoqing
e07f52d575 bugfix 2025-12-02 00:10:47 +08:00
12 changed files with 305 additions and 3 deletions
Show Stats Expand all files Collapse all files

27
gateway/00_env.sh Executable file
View File

@ -0,0 +1,27 @@
#!/bin/bash
# 全局环境变量
WAN_IF="eno1"
LAN_IF="enx00e04c6800ae"
LAN_NET="192.168.2.0/24"
LAN_GW="192.168.2.1"
SOCKS5_SERVER="127.0.0.1"
SOCKS5_PORT="1080"
REDSOCKS_PORT="12345"
REDSOCKS_DNS_PORT="5353"
CHNROUTE_URLS=(
"https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt"
"https://raw.githubusercontent.com/ruijzhan/chnroute/master/chnroute.txt"
)
DNSMASQ_CHINA_URL="https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china"
CHINA_DNS1="223.5.5.5"
CHINA_DNS2="119.29.29.29"
FOREIGN_DNS1="8.8.8.8"
FOREIGN_DNS2="1.1.1.1"
IPSET_FILE="/etc/ipset/chnroute.ipset"
CHN_FILE="/etc/chnroute.list"
DNSMASQ_CHINA_FILE="/etc/dnsmasq.d/china-domains.conf"

32
gateway/10_dhcp_dns.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/bash
source ./00_env.sh
set -euo pipefail
if [[ $EUID -ne 0 ]]; then echo "请用 root/sudo 运行"; exit 1; fi
apt update
apt install -y dnsmasq ipset curl || true
cat >/etc/dnsmasq.d/lan.conf <<EOL
interface=$LAN_IF
bind-interfaces
dhcp-range=192.168.2.100,192.168.2.200,12h
dhcp-option=3,$LAN_GW
dhcp-option=6,$LAN_GW
server=$FOREIGN_DNS1
server=$FOREIGN_DNS2
EOL
curl -fsSL "$DNSMASQ_CHINA_URL" -o /tmp/accelerated.domains || true
echo "# Auto-generated China domains" > "$DNSMASQ_CHINA_FILE"
while IFS= read -r domain; do
[[ -z "$domain" || "$domain" =~ ^# ]] && continue
d=$(echo "$domain" | awk '{print $1}')
echo "server=/$d/$CHINA_DNS1" >> "$DNSMASQ_CHINA_FILE"
echo "server=/$d/$CHINA_DNS2" >> "$DNSMASQ_CHINA_FILE"
done < /tmp/accelerated.domains
systemctl restart dnsmasq || true
systemctl enable dnsmasq || true
echo "DHCP + 国内 DNS 配置完成"

11
gateway/20_nat_forward.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
source ./00_env.sh
set -euo pipefail
echo 1 > /proc/sys/net/ipv4/ip_forward
grep -q '^net.ipv4.ip_forward' /etc/sysctl.conf || echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
iptables -t nat -A POSTROUTING -s $LAN_NET -o $WAN_IF -j MASQUERADE
netfilter-persistent save || true
echo "NAT 出口 + IP 转发配置完成"

43
gateway/30_chnroute.sh Executable file
View File

@ -0,0 +1,43 @@
#!/bin/bash
source ./00_env.sh
set -euo pipefail
apt install -y ipset || true
mkdir -p /etc/ipset
rm -f "$CHN_FILE"
for url in "${CHNROUTE_URLS[@]}"; do
curl -fsSL "$url" -o /tmp/chn.tmp && grep -E '^[0-9]' /tmp/chn.tmp | sed 's/\r//g' > "$CHN_FILE" && break
done
ipset list chnroute -n &>/dev/null && ipset flush chnroute && ipset destroy chnroute || true
ipset create chnroute hash:net family inet maxelem 65536 || true
for net in 0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16; do
ipset add chnroute $net || true
done
while IFS= read -r line; do
[[ -z "$line" || "$line" =~ ^# ]] && continue
ipset add chnroute "$line" || true
done < "$CHN_FILE"
ipset save > "$IPSET_FILE"
cat >/etc/systemd/system/ipset-load.service <<EOL
[Unit]
Description=Load ipset rules
After=network.target
[Service]
Type=oneshot
ExecStart=/sbin/ipset restore -f $IPSET_FILE
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOL
systemctl daemon-reload
systemctl enable ipset-load.service
systemctl start ipset-load.service || true
echo "CHNROUTE ipset 已安装"

58
gateway/40_redsocks.sh Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
source ./00_env.sh
set -euo pipefail
apt install -y build-essential libevent-dev libssl-dev git || true
if ! command -v redsocks >/dev/null 2>&1; then
cd /tmp
git clone https://github.com/semigodking/redsocks.git
cd redsocks
make
cp redsocks /usr/sbin/redsocks
fi
cat >/etc/redsocks.conf <<EOL
base {
log_debug = off;
log_info = on;
daemon = on;
redirector = iptables;
}
redsocks {
local_ip = 127.0.0.1;
local_port = $REDSOCKS_PORT;
ip = $SOCKS5_SERVER;
port = $SOCKS5_PORT;
type = socks5;
autoproxy = 0;
}
redsocks {
local_ip = 127.0.0.1;
local_port = $REDSOCKS_DNS_PORT;
ip = $SOCKS5_SERVER;
port = $SOCKS5_PORT;
type = socks5;
autoproxy = 0;
}
EOL
cat >/etc/systemd/system/redsocks.service <<EOL
[Unit]
Description=Redsocks2 transparent proxy
After=network-online.target ipset-load.service
Wants=network-online.target
[Service]
ExecStart=/usr/sbin/redsocks -c /etc/redsocks.conf
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOL
systemctl daemon-reload
systemctl enable redsocks
systemctl restart redsocks || true
echo "redsocks2 配置完成"

23
gateway/50_dns_over_proxy.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
source ./00_env.sh
set -euo pipefail
apt install -y redsocks2 || true
cat >/etc/systemd/system/redsocks-dns.service <<EOL
[Unit]
Description=Redirect DNS queries over redsocks2
After=network-online.target redsocks.service
[Service]
Type=simple
ExecStart=/usr/sbin/redsocks -c /etc/redsocks.conf
Restart=always
[Install]
WantedBy=multi-user.target
EOL
systemctl daemon-reload
systemctl enable redsocks-dns
systemctl start redsocks-dns || true
echo "国外 DNS 代理(防污染)已启动"

15
gateway/60_iptables_rules.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
source ./00_env.sh
set -euo pipefail
iptables -t nat -F
iptables -t nat -X REDSOCKS 2>/dev/null || true
iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -m set --match-set chnroute dst -j RETURN
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports $REDSOCKS_PORT
iptables -t nat -A PREROUTING -s $LAN_NET -p tcp -j REDSOCKS
iptables -t nat -A POSTROUTING -s $LAN_NET -o $WAN_IF -j MASQUERADE
netfilter-persistent save || true
echo "iptables 分流规则已应用"

21
gateway/90_status.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
source ./00_env.sh
set -euo pipefail
echo "=== ipset 状态 ==="
ipset list chnroute
echo "=== iptables NAT 状态 ==="
iptables -t nat -L -n -v --line-numbers
echo "=== redsocks 状态 ==="
systemctl status redsocks
echo "=== dnsmasq 状态 ==="
systemctl status dnsmasq
echo "=== 测试国内解析 ==="
dig @127.0.0.1 www.baidu.com
echo "=== 测试国外解析 ==="
dig @127.0.0.1 www.google.com

53
gateway/README.md Normal file
View File

@ -0,0 +1,53 @@
### 脚本功能说明
- **00_env.sh**
- 配置 WAN / LAN 网卡名、下层网段、SOCKS5 地址与端口、CHNROUTE 地址等。
- **10_dhcp_dns.sh**
- 安装 dnsmasq
- 下层 DHCP 分配 IP
- 国内域名直连 DNS 配置,提升国内访问速度
- **20_nat_forward.sh**
- 开启 IPv4 转发
- 配置 NAT 出口,允许下层网络访问上层网络
- **30_chnroute.sh**
- 下载最新 CHNROUTE 国内 IP 列表
- 创建 ipset `chnroute`
- 添加私有网段和国内 IP用于国内外分流
- **40_redsocks.sh**
- 安装 redsocks2
- 配置透明代理,将 TCP 流量重定向到 SOCKS5 代理
- 启动 systemd 服务,自动运行
- **50_dns_over_proxy.sh**
- 将国外 DNS 查询通过 redsocks2 转发,防止 DNS 污染
- 启动 systemd 服务,开机自启
- **60_iptables_rules.sh**
- 设置 iptables NAT 链和 REDSOCKS 链
- 国内 IP 直连,国外 TCP 流量重定向到 redsocks2
- 配合 CHNROUTE ipset 使用,实现国内外分流
- **90_status.sh**
- 查看 ipset 状态
- 查看 iptables NAT 状态
- 查看 redsocks 和 dnsmasq 服务状态
- 测试国内和国外域名解析
- **uninstall.sh**
- 停止并禁用所有服务
- 清理 iptables NAT 规则和 ipset
- 删除配置文件,回滚系统
---
## 3⃣ 部署步骤
1. 下载或复制 `generate_gateway.sh` 脚本到 Ubuntu 22.04 主机:
```bash
wget <你的脚本下载地址> -O generate_gateway.sh

17
gateway/uninstall.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
source ./00_env.sh
set -euo pipefail
systemctl stop redsocks redsocks-dns ipset-load.service dnsmasq || true
systemctl disable redsocks redsocks-dns ipset-load.service dnsmasq || true
iptables -t nat -F
iptables -t nat -X REDSOCKS 2>/dev/null || true
ipset destroy chnroute || true
rm -f /etc/redsocks.conf /etc/ipset/chnroute.ipset /etc/chnroute.list
rm -f /etc/dnsmasq.d/lan.conf /etc/dnsmasq.d/china-domains.conf
rm -f /etc/systemd/system/redsocks* /etc/systemd/system/ipset-load.service
echo "全部配置已卸载"

1
redsocks2 Submodule

@ -0,0 +1 @@
Subproject commit fa3f8948266c96f86e828ba3a03df2653e2df702

7
scripts/redsocks.sh.j2
View File

@ -6,14 +6,15 @@
set -euo pipefail set -euo pipefail
############################ 用户只需改下面 3 行 ############################## ############################ 用户只需改下面 3 行 ##############################
LAN_IF="eth0" # 接内网的接口192.168.16.0/24 LAN_IF="{{ client_lan_interface }}"
SOCKS_IP=""47.236.181.229 # 你的 socks5 境外 IP # 接内网的接口192.168.16.0/24
SOCKS_IP="127.0.0.1" # 你的 socks5 境外 IP
SOCKS_PORT="1086" # 你的 socks5 端口 SOCKS_PORT="1086" # 你的 socks5 端口
############################################################################# #############################################################################
REDSOCKS_BIN=/usr/local/bin/redsocks2 REDSOCKS_BIN=/usr/local/bin/redsocks2
REDSOCKS_CONF=/etc/redsocks.conf REDSOCKS_CONF=/etc/redsocks.conf
LAN_NET="192.168.16.0/24" LAN_NET="{{ gateway_lan_cidr }}"
# ---------- 0. 检测 root ---------- # ---------- 0. 检测 root ----------
[[ $EUID -ne 0 ]] && { echo "请 root 运行"; exit 1; } [[ $EUID -ne 0 ]] && { echo "请 root 运行"; exit 1; }