Tomato-ARM部署ShadowSocks科学上网(2)
|
- UID
- 1029342
- 性别
- 男
|
Tomato-ARM部署ShadowSocks科学上网(2)
8.设置透明代理和UDP转发脚本并加入自动启动选项
| 1 | root@unknown:/# /jffs/shadowsocks set_up |
shadowsocks部分脚本
| 02 | sed -e "s/shadowsocks.json\"/shadowsocks.json\"/" -e "s/PROCS=ss-local/PROCS=ss-redir/" -i /opt/etc/init.d/S22shadowsocks |
| 03 | # sed -e "s/shadowsocks.json\"/shadowsocks.json -b 0.0.0.0 -l 5300 -L 8.8.8.8:53 -u\"/" -e "s/PROCS=ss-redir/PROCS=ss-tunnel/" /opt/etc/init.d/S22shadowsocks > /opt/etc/init.d/S23ss-tunnel |
| 04 | sed '4c PROCS=chinadns' /opt/etc/init.d/S22shadowsocks > /opt/etc/init.d/S24cn |
| 05 | # sed '5c ARGS="-b 127.0.0.1 -p 5353 -c /opt/etc/chnroute.txt -s 114.114.114.114,208.67.222.222:443,8.8.8.8:53"' /opt/etc/init.d/S24cn > /opt/etc/init.d/S24chinadns |
| 06 | # sed '5c ARGS="-b 127.0.0.1 -p 5353 -c /opt/etc/chnroute.txt -s 114.114.114.114,127.0.0.1:5300"' /opt/etc/init.d/S24cn > /opt/etc/init.d/S24chinadns |
| 08 | rm -f /opt/etc/init.d/S24cn |
| 09 | chmod +x /opt/etc/init.d/S2* |
加入自动启动init选项,Administration >> Scripts >> init选项写入/jffs/shadowsocks run
9.配置加载防火墙策略和加载ipset内核模块脚本(具有jffs)
说明!前几次更新都是利用gfwlist来通过dnsmasq解析出来IP加入到ipset集合中,但这次更新直接用chnroutes来导入中国IP段来判断。
集成多个子脚本shadowsocks
| 005 | # This program is distributed in the hope that it will be useful, |
| 006 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 007 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 008 | # GNU General Public License for more details. |
| 010 | # You should have received a copy of the GNU General Public License |
| 011 | # along with this program; if not, write to the Free Software |
| 016 | sed -e "s/shadowsocks.json\"/shadowsocks.json\"/" -e "s/PROCS=ss-local/PROCS=ss-redir/" -i /opt/etc/init.d/S22shadowsocks |
| 017 | # sed -e "s/shadowsocks.json\"/shadowsocks.json -b 0.0.0.0 -l 5300 -L 8.8.8.8:53 -u\"/" -e "s/PROCS=ss-redir/PROCS=ss-tunnel/" /opt/etc/init.d/S22shadowsocks > /opt/etc/init.d/S23ss-tunnel |
| 018 | sed '4c PROCS=chinadns' /opt/etc/init.d/S22shadowsocks > /opt/etc/init.d/S24cn |
| 019 | # sed '5c ARGS="-b 127.0.0.1 -p 5353 -c /opt/etc/chnroute.txt -s 114.114.114.114,208.67.222.222:443,8.8.8.8:53"' /opt/etc/init.d/S24cn > /opt/etc/init.d/S24chinadns |
| 020 | # sed '5c ARGS="-b 127.0.0.1 -p 5353 -c /opt/etc/chnroute.txt -s 114.114.114.114,127.0.0.1:5300"' /opt/etc/init.d/S24cn > /opt/etc/init.d/S24chinadns |
| 022 | cat /etc/resolv.dnsmasq | awk '/^nameserver/{print $2}' > /jffs/dns.list |
| 023 | DNS=`sed -n '1p' /jffs/dns.list` |
| 024 | sed -i "s/^ARGS=\(.*\)114.114.114.114\(.*\)$/ARGS=\1$DNS\2/" /opt/etc/init.d/S24chinadns |
| 026 | rm -f /opt/etc/init.d/S24cn |
| 027 | chmod +x /opt/etc/init.d/S2* |
| 031 | /opt/etc/init.d/S22shadowsocks start |
| 033 | # /opt/etc/init.d/S23ss-tunnel start |
| 034 | /opt/etc/init.d/S24chinadns start |
| 038 | CHAIN=`lsmod | grep -i xt_set` |
| 039 | _input=/jffs/ignore.list |
| 043 | for module in ip_set ip_set_bitmap_ip ip_set_bitmap_ipmac ip_set_bitmap_port ip_set_hash_ip ip_set_hash_ipport ip_set_hash_ipportip ip_set_hash_ipportnet ip_set_hash_net ip_set_hash_netport ip_set_list_set xt_set |
| 049 | ipset -N ss_spec_lan_ac hash:net |
| 050 | sed -e "s/^/-A ss_spec_wan_ac &/g" -e "1 i\-N ss_spec_wan_ac hash:net " $_input | ipset -R -! |
| 054 | SS=`sed -n 's/.*ver":"\(.*\)".*/\1/p' /opt/etc/shadowsocks.json` |
| 056 | iptables -t nat -N SS_SPEC_WAN_AC |
| 057 | iptables -t nat -N SS_SPEC_WAN_FW |
| 058 | iptables -t nat -A SS_SPEC_WAN_AC -d $SS -j RETURN |
| 059 | iptables -t nat -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN |
| 060 | iptables -t nat -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW |
| 061 | iptables -t nat -A SS_SPEC_WAN_FW -p tcp -j REDIRECT --to-ports 1080 |
| 062 | iptables -t nat -A PREROUTING -p tcp -m multiport --dports 22,80,443 -m set ! --match-set ss_spec_lan_ac src -j SS_SPEC_WAN_AC |
| 063 | iptables -t nat -A OUTPUT -p tcp -m multiport --dports 22,80,443 -j SS_SPEC_WAN_AC |
|
|
|
|
|
|
