|
晕, 一开始发错在新手专版, 重发一遍.
大致是按照 https://cokebar.info/archives/962 这篇文章里面做的
路由器本身可以fan greatwall
31.13.95.36是一个被墙的ip
路由器
curl 31.13.95.36
ss-redir verbose模式显示
redir to 31.13.95.36:80, len=75, recv=75
没有问题
但是连接的PC却不行,
curl 31.13.95.36
结果是
curl: (7) Failed to connect to 31.13.95.36 port 80: Connection refused
iptables具体配置
root@OpenWrt:~# iptables -t nat -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
s-s tcp -- anywhere anywhere
Chain s-s (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere match-set gfwlist dst redir ports 1080
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere match-set gfwlist dst redir ports 1080
其中OUTPUT是路由器本身fan greatwall用的.
我尝试在OPENWRT内使用tcpdump抓包
tcpdump -i any dst src 31.13.95.36
路由器成功的结果:
09:03:10.426163 IP 31.13.95.36.www > 10.109.132.123.34169: Flags [P.], seq 1:278, ack 76, win 2731, options [nop,nop,TS val 10529912 ecr 10529868], length 277
09:03:10.427642 IP 31.13.95.36.www > 10.109.132.123.34169: Flags [F.], seq 278, ack 77, win 2731, options [nop,nop,TS val 10529913 ecr 10529913], length 0
PC失败的结果
08:48:06.053797 IP 31.13.95.36.www > homepc.lan.52142: Flags [R.], seq 0, ack 2855908407, win 0, length 0
08:48:06.053822 IP 31.13.95.36.www > homepc.lan.52142: Flags [R.], seq 0, ack 1, win 0, length 0
我到这里不知道该怎么调试下去了, 请各位指点一下.
这个论坛和xie的方式好有趣... |
|