|
|
本帖最后由 99010 于 2024-4-5 16:59 编辑
能谷歌搜索、油管(我这里ipv6直连,8k秒开),所以老套路的dnsmasq-full + ipset + iptables用了很久。
openwrt使用fw4防火墙后,套路也要更新了,依然是dnsmasq-full这个老伙计加上nftset、nftables。
以下基于 OpenWrt 官方23.05.x。
1.安装dnsmasq-full
- sed -i 's#downloads.openwrt.org#mirrors.ustc.edu.cn/openwrt#g' /etc/opkg/distfeeds.conf
- opkg update
- opkg remove dnsmasq
- opkg install dnsmasq-full
- service dnsmasq restart
- mkdir -p /etc/dnsmasq.d
- cat << EOF > /etc/dnsmasq.d/gfwlist.conf
- server=/githubusercontent.com/127.0.0.1#5353
- nftset=/githubusercontent.com/4#inet#fw4#gfwlist
- server=/github.com/127.0.0.1#5353
- nftset=/github.com/4#inet#fw4#gfwlist
- EOF
- uci set dhcp.@dnsmasq[-1].confdir="/etc/dnsmasq.d"
- uci commit
- service dnsmasq restart
3.创建透明代理规则文件(注意:代理端口1080可换成你自己的)。(下面命令可全部直接复制粘贴运行)
- cat << EOF > /etc/nftables.d/gfwlist.nft
- set gfwlist {
- type ipv4_addr
- flags interval
- elements = { 91.108.56.0/22,
- 91.108.4.0/22,
- 91.108.8.0/22,
- 91.108.16.0/22,
- 91.108.12.0/22,
- 149.154.160.0/20,
- 91.105.192.0/23,
- 91.108.20.0/22,
- 185.76.151.0/24,
- }
- }
- chain gfwlist-redirect {
- type nat hook prerouting priority 0; policy accept;
- ip daddr @gfwlist ip protocol tcp redirect to :1080
- }
- EOF
- service firewall restart
相关文件
- {
- "inbounds":[
- {
- "protocol": "dokodemo-door",
- "port": 1080,
- "listen": "0.0.0.0",
- "settings": {
- "network": "tcp, udp",
- "timeout": 30,
- "followRedirect": true
- }
- },
- {
- "protocol": "dokodemo-door",
- "port": 5353,
- "settings": {
- "address": "8.8.8.8",
- "port": 53,
- "network": "udp",
- "timeout": 30
- }
- }
- ],
- "outbounds": [
- {
- //对应的服务端配置
- }
- ]
- }
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?立即注册
×
|
/1 
简体中文
繁體中文
English
日本語
Deutsch
한국 사람
بالعربية
TÜRKÇE
português
คนไทย
IP卡
狗仔卡
置顶卡
沉默卡
喧嚣卡
顶贴卡
显身卡
