gateway/00_env.sh

@@ -1,27 +0,0 @@
-#!/bin/bash
-# 全局环境变量
-WAN_IF="eno1"
-LAN_IF="enx00e04c6800ae"
-LAN_NET="192.168.2.0/24"
-LAN_GW="192.168.2.1"
-
-SOCKS5_SERVER="127.0.0.1"
-SOCKS5_PORT="1080"
-REDSOCKS_PORT="12345"
-REDSOCKS_DNS_PORT="5353"
-
-CHNROUTE_URLS=(
-  "https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt"
-  "https://raw.githubusercontent.com/ruijzhan/chnroute/master/chnroute.txt"
-)
-
-DNSMASQ_CHINA_URL="https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china"
-
-CHINA_DNS1="223.5.5.5"
-CHINA_DNS2="119.29.29.29"
-FOREIGN_DNS1="8.8.8.8"
-FOREIGN_DNS2="1.1.1.1"
-
-IPSET_FILE="/etc/ipset/chnroute.ipset"
-CHN_FILE="/etc/chnroute.list"
-DNSMASQ_CHINA_FILE="/etc/dnsmasq.d/china-domains.conf"

gateway/10_dhcp_dns.sh

@@ -1,32 +0,0 @@
-#!/bin/bash
-source ./00_env.sh
-set -euo pipefail
-
-if [[ $EUID -ne 0 ]]; then echo "请用 root/sudo 运行"; exit 1; fi
-
-apt update
-apt install -y dnsmasq ipset curl || true
-
-cat >/etc/dnsmasq.d/lan.conf <<EOL
-interface=$LAN_IF
-bind-interfaces
-dhcp-range=192.168.2.100,192.168.2.200,12h
-dhcp-option=3,$LAN_GW
-dhcp-option=6,$LAN_GW
-server=$FOREIGN_DNS1
-server=$FOREIGN_DNS2
-EOL
-
-curl -fsSL "$DNSMASQ_CHINA_URL" -o /tmp/accelerated.domains || true
-echo "# Auto-generated China domains" > "$DNSMASQ_CHINA_FILE"
-while IFS= read -r domain; do
-  [[ -z "$domain" || "$domain" =~ ^# ]] && continue
-  d=$(echo "$domain" | awk '{print $1}')
-  echo "server=/$d/$CHINA_DNS1" >> "$DNSMASQ_CHINA_FILE"
-  echo "server=/$d/$CHINA_DNS2" >> "$DNSMASQ_CHINA_FILE"
-done < /tmp/accelerated.domains
-
-systemctl restart dnsmasq || true
-systemctl enable dnsmasq || true
-
-echo "DHCP + 国内 DNS 配置完成"

gateway/20_nat_forward.sh

@@ -1,11 +0,0 @@
-#!/bin/bash
-source ./00_env.sh
-set -euo pipefail
-
-echo 1 > /proc/sys/net/ipv4/ip_forward
-grep -q '^net.ipv4.ip_forward' /etc/sysctl.conf || echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
-
-iptables -t nat -A POSTROUTING -s $LAN_NET -o $WAN_IF -j MASQUERADE
-netfilter-persistent save || true
-
-echo "NAT 出口 + IP 转发配置完成"

gateway/30_chnroute.sh

@@ -1,43 +0,0 @@
-#!/bin/bash
-source ./00_env.sh
-set -euo pipefail
-
-apt install -y ipset || true
-mkdir -p /etc/ipset
-
-rm -f "$CHN_FILE"
-for url in "${CHNROUTE_URLS[@]}"; do
-  curl -fsSL "$url" -o /tmp/chn.tmp && grep -E '^[0-9]' /tmp/chn.tmp | sed 's/\r//g' > "$CHN_FILE" && break
-done
-
-ipset list chnroute -n &>/dev/null && ipset flush chnroute && ipset destroy chnroute || true
-ipset create chnroute hash:net family inet maxelem 65536 || true
-
-for net in 0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16; do
-  ipset add chnroute $net || true
-done
-
-while IFS= read -r line; do
-  [[ -z "$line" || "$line" =~ ^# ]] && continue
-  ipset add chnroute "$line" || true
-done < "$CHN_FILE"
-
-ipset save > "$IPSET_FILE"
-
-cat >/etc/systemd/system/ipset-load.service <<EOL
-[Unit]
-Description=Load ipset rules
-After=network.target
-[Service]
-Type=oneshot
-ExecStart=/sbin/ipset restore -f $IPSET_FILE
-RemainAfterExit=yes
-[Install]
-WantedBy=multi-user.target
-EOL
-
-systemctl daemon-reload
-systemctl enable ipset-load.service
-systemctl start ipset-load.service || true
-
-echo "CHNROUTE ipset 已安装"

gateway/40_redsocks.sh

@@ -1,58 +0,0 @@
-#!/bin/bash
-source ./00_env.sh
-set -euo pipefail
-
-apt install -y build-essential libevent-dev libssl-dev git || true
-
-if ! command -v redsocks >/dev/null 2>&1; then
-  cd /tmp
-  git clone https://github.com/semigodking/redsocks.git
-  cd redsocks
-  make
-  cp redsocks /usr/sbin/redsocks
-fi
-
-cat >/etc/redsocks.conf <<EOL
-base {
-  log_debug = off;
-  log_info = on;
-  daemon = on;
-  redirector = iptables;
-}
-
-redsocks {
-  local_ip = 127.0.0.1;
-  local_port = $REDSOCKS_PORT;
-  ip = $SOCKS5_SERVER;
-  port = $SOCKS5_PORT;
-  type = socks5;
-  autoproxy = 0;
-}
-
-redsocks {
-  local_ip = 127.0.0.1;
-  local_port = $REDSOCKS_DNS_PORT;
-  ip = $SOCKS5_SERVER;
-  port = $SOCKS5_PORT;
-  type = socks5;
-  autoproxy = 0;
-}
-EOL
-
-cat >/etc/systemd/system/redsocks.service <<EOL
-[Unit]
-Description=Redsocks2 transparent proxy
-After=network-online.target ipset-load.service
-Wants=network-online.target
-[Service]
-ExecStart=/usr/sbin/redsocks -c /etc/redsocks.conf
-Restart=on-failure
-[Install]
-WantedBy=multi-user.target
-EOL
-
-systemctl daemon-reload
-systemctl enable redsocks
-systemctl restart redsocks || true
-
-echo "redsocks2 配置完成"

gateway/50_dns_over_proxy.sh

@@ -1,23 +0,0 @@
-#!/bin/bash
-source ./00_env.sh
-set -euo pipefail
-
-apt install -y redsocks2 || true
-
-cat >/etc/systemd/system/redsocks-dns.service <<EOL
-[Unit]
-Description=Redirect DNS queries over redsocks2
-After=network-online.target redsocks.service
-[Service]
-Type=simple
-ExecStart=/usr/sbin/redsocks -c /etc/redsocks.conf
-Restart=always
-[Install]
-WantedBy=multi-user.target
-EOL
-
-systemctl daemon-reload
-systemctl enable redsocks-dns
-systemctl start redsocks-dns || true
-
-echo "国外 DNS 代理（防污染）已启动"

gateway/60_iptables_rules.sh

@@ -1,15 +0,0 @@
-#!/bin/bash
-source ./00_env.sh
-set -euo pipefail
-
-iptables -t nat -F
-iptables -t nat -X REDSOCKS 2>/dev/null || true
-iptables -t nat -N REDSOCKS
-
-iptables -t nat -A REDSOCKS -m set --match-set chnroute dst -j RETURN
-iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports $REDSOCKS_PORT
-iptables -t nat -A PREROUTING -s $LAN_NET -p tcp -j REDSOCKS
-iptables -t nat -A POSTROUTING -s $LAN_NET -o $WAN_IF -j MASQUERADE
-
-netfilter-persistent save || true
-echo "iptables 分流规则已应用"

gateway/90_status.sh

@@ -1,21 +0,0 @@
-#!/bin/bash
-source ./00_env.sh
-set -euo pipefail
-
-echo "=== ipset 状态 ==="
-ipset list chnroute
-
-echo "=== iptables NAT 状态 ==="
-iptables -t nat -L -n -v --line-numbers
-
-echo "=== redsocks 状态 ==="
-systemctl status redsocks
-
-echo "=== dnsmasq 状态 ==="
-systemctl status dnsmasq
-
-echo "=== 测试国内解析 ==="
-dig @127.0.0.1 www.baidu.com
-
-echo "=== 测试国外解析 ==="
-dig @127.0.0.1 www.google.com

gateway/README.md

@@ -1,53 +0,0 @@
-
-### 脚本功能说明
-
-- **00_env.sh**  
-  - 配置 WAN / LAN 网卡名、下层网段、SOCKS5 地址与端口、CHNROUTE 地址等。
-
-- **10_dhcp_dns.sh**  
-  - 安装 dnsmasq  
-  - 下层 DHCP 分配 IP  
-  - 国内域名直连 DNS 配置，提升国内访问速度
-
-- **20_nat_forward.sh**  
-  - 开启 IPv4 转发  
-  - 配置 NAT 出口，允许下层网络访问上层网络
-
-- **30_chnroute.sh**  
-  - 下载最新 CHNROUTE 国内 IP 列表  
-  - 创建 ipset `chnroute`  
-  - 添加私有网段和国内 IP，用于国内外分流
-
-- **40_redsocks.sh**  
-  - 安装 redsocks2  
-  - 配置透明代理，将 TCP 流量重定向到 SOCKS5 代理  
-  - 启动 systemd 服务，自动运行
-
-- **50_dns_over_proxy.sh**  
-  - 将国外 DNS 查询通过 redsocks2 转发，防止 DNS 污染  
-  - 启动 systemd 服务，开机自启
-
-- **60_iptables_rules.sh**  
-  - 设置 iptables NAT 链和 REDSOCKS 链  
-  - 国内 IP 直连，国外 TCP 流量重定向到 redsocks2  
-  - 配合 CHNROUTE ipset 使用，实现国内外分流
-
-- **90_status.sh**  
-  - 查看 ipset 状态  
-  - 查看 iptables NAT 状态  
-  - 查看 redsocks 和 dnsmasq 服务状态  
-  - 测试国内和国外域名解析
-
-- **uninstall.sh**  
-  - 停止并禁用所有服务  
-  - 清理 iptables NAT 规则和 ipset  
-  - 删除配置文件，回滚系统
-
----
-
-## 3️⃣ 部署步骤
-
-1. 下载或复制 `generate_gateway.sh` 脚本到 Ubuntu 22.04 主机：
-```bash
-wget <你的脚本下载地址> -O generate_gateway.sh
-

gateway/uninstall.sh

@@ -1,17 +0,0 @@
-#!/bin/bash
-source ./00_env.sh
-set -euo pipefail
-
-systemctl stop redsocks redsocks-dns ipset-load.service dnsmasq || true
-systemctl disable redsocks redsocks-dns ipset-load.service dnsmasq || true
-
-iptables -t nat -F
-iptables -t nat -X REDSOCKS 2>/dev/null || true
-
-ipset destroy chnroute || true
-
-rm -f /etc/redsocks.conf /etc/ipset/chnroute.ipset /etc/chnroute.list
-rm -f /etc/dnsmasq.d/lan.conf /etc/dnsmasq.d/china-domains.conf
-rm -f /etc/systemd/system/redsocks* /etc/systemd/system/ipset-load.service
-
-echo "全部配置已卸载"

redsocks2

@@ -1 +0,0 @@
-Subproject commit fa3f8948266c96f86e828ba3a03df2653e2df702

scripts/redsocks.sh.j2

@@ -6,15 +6,14 @@
 set -euo pipefail
 
 ############################ 用户只需改下面 3 行 ##############################
-LAN_IF="{{ client_lan_interface }}"
+LAN_IF="eth0"                 # 接内网的接口（192.168.16.0/24）
-# 接内网的接口（192.168.16.0/24）
+SOCKS_IP=""47.236.181.229            # 你的 socks5 境外 IP
-SOCKS_IP="127.0.0.1"            # 你的 socks5 境外 IP
 SOCKS_PORT="1086"            # 你的 socks5 端口
 #############################################################################
 
 REDSOCKS_BIN=/usr/local/bin/redsocks2
 REDSOCKS_CONF=/etc/redsocks.conf
-LAN_NET="{{ gateway_lan_cidr }}"
+LAN_NET="192.168.16.0/24"
 
 # ---------- 0. 检测 root ----------
 [[ $EUID -ne 0 ]] && { echo "请 root 运行"; exit 1; }