设为首页收藏本站

恩山无线论坛

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
小博无线
查看: 388|回复: 8

贴一个gfwlist2dnsmasq的Makefile,实现ss-libev更智能的分流

[复制链接]
发表于 2018-6-13 17:24 | 显示全部楼层 |阅读模式
本帖最后由 wukaisky 于 2018-6-14 09:20 编辑

可以编译到路由器里,方便运行
适用于LEDE及后续的OpenWrt-18.06

LDED的用户,请在DEPENDS:后面再添加上 +ca-bundle

  1. include $(TOPDIR)/rules.mk

  2. PKG_NAME:=gfwlist2dnsmasq
  3. PKG_VERSION:=0.8.0
  4. PKG_RELEASE:=1
  5. PKG_REV:=d06d767ddbfefee14427ce183ec8b20afb957f5b

  6. PKG_SOURCE_PROTO:=git
  7. PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
  8. PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
  9. PKG_SOURCE_URL:=https://github.com/cokebar/gfwlist2dnsmasq.git
  10. PKG_SOURCE_VERSION:=$(PKG_REV)



  11. include $(INCLUDE_DIR)/package.mk

  12. define Package/gfwlist2dnsmasq
  13.         SECTION:=net
  14.         CATEGORY:=Network
  15.         TITLE:=gfwlist to dnsmasq
  16.         URL:=https://github.com/cokebar/gfwlist2dnsmasq
  17.         DEPENDS:=+coreutils +coreutils-base64 +curl +ca-certificates
  18. endef

  19. define Package/gfwlist2dnsmasq/description

  20. endef

  21. define Build/Compile
  22. endef

  23. define Package/gfwlist2dnsmasq/install
  24.         $(INSTALL_DIR) $(1)/usr/bin
  25.         $(INSTALL_DIR) $(1)/etc/dnsmasq.d
  26.         $(INSTALL_BIN) $(PKG_BUILD_DIR)/gfwlist2dnsmasq.sh $(1)/usr/bin/gfwlist2dnsmasq.sh
  27. endef

  28. $(eval $(call BuildPackage,gfwlist2dnsmasq))
复制代码


使用方法:https://cokebar.info/archives/962 里面有提到一些。



下面我说一下我的方法:(适用于openwrt-18.06)


首先ssh进入路由器
  1. cd /etc/dnsmasq.d
复制代码

运行 gfwlist2dnsmasq.sh
假设 ss-redir 端口为1100,ss-tunnel 端口(DNS)为1090,则命令为:
  1. gfwlist2dnsmasq.sh -d 127.0.0.1 -p 1090 -s gfwlist -o /etc/dnsmasq.d/dnsmasq_gfwlist_ipset.conf
复制代码

修改/etc/firewall.user,在末尾添加如下内容:
  1. #创建名为gfwlist,格式为iphash的集合
  2. ipset -N gfwlist iphash
  3. #匹配gfwlist中ip的nat流量均被转发到s-s端口
  4. iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1100
  5. #匹配gfwlist中ip的本机流量均被转发到s-s端口
  6. iptables -t nat -A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1100
复制代码

配置dnsmasq
  1. uci get [email protected][0].confdir
复制代码
如果返回值为 uci: Entry not found 或者其他非  /etc/dnsmasq.d 的值,则执行:
  1. uci add_list [email protected][0].confdir=/etc/dnsmasq.d
  2. uci commit dhcp
复制代码
修改/etc/sysupgrade.conf ,将/etc/dnsmasq.d/添加,以防刷新固件,/etc/dnsmasq.d/dnsmasq_gfwlist_ipset.conf文件丢失
  1. ## This file contains files and directories that should
  2. ## be preserved during an upgrade.


  3. # /etc/example.conf
  4. # /etc/openvirtual**/
  5. /etc/dnsmasq.d/
复制代码

DHCP/DNS保持默认设置即可,不需要设置DNS转发及忽略解析文件
完成后,重启路由器即可。

FireShot Capture 1 - ezPRO - 本地实例 - LuCI_ - http___192.168.1.1_cgi-bin_luci_adm.png


我的恩山、我的无线 The best wifi forum is right here.
发表于 2018-6-13 19:04 | 显示全部楼层
不需要添加 ca-bundle?

点评

谢谢提醒,我刚刚在说明里附上说明了。  详情 回复 发表于 2018-6-14 08:26
我的恩山、我的无线 The best wifi forum is right here.
发表于 2018-6-14 01:06 | 显示全部楼层
刚刚使用OPENWRT编译  make download V=s 时出错
我的恩山、我的无线 The best wifi forum is right here.
发表于 2018-6-14 02:14 | 显示全部楼层
谢谢楼主~虽然不知道怎么用的。
我的恩山、我的无线 The best wifi forum is right here.
 楼主| 发表于 2018-6-14 07:32 | 显示全部楼层
本帖最后由 wukaisky 于 2018-6-14 07:35 编辑

我再贴一个 openwrt-18.06 的 luci-app-s-s-libev 汉化。请下载附件里的汉化,帖子里的关键字被修改了。

  1. msgid ""
  2. msgstr ""
  3. "Project-Id-Version: \n"
  4. "POT-Creation-Date: \n"
  5. "PO-Revision-Date: \n"
  6. "Last-Translator: Kai Wu <[email protected]>\n"
  7. "Language-Team: \n"
  8. "MIME-Version: 1.0\n"
  9. "Content-Type: text/plain; charset=UTF-8\n"
  10. "Content-Transfer-Encoding: 8bit\n"
  11. "X-Generator: Poedit 1.8.11\n"
  12. "Language: zh_CN\n"
  13. "X-Poedit-SourceCharset: UTF-8\n"

  14. msgid "Remote server"
  15. msgstr "远程服务器"

  16. msgid "Local address"
  17. msgstr "本地地址"

  18. msgid "Local port"
  19. msgstr "本地端口"

  20. msgid "Server"
  21. msgstr "服务器"

  22. msgid "Server port"
  23. msgstr "服务器端口"

  24. msgid "Method"
  25. msgstr "加密方式"

  26. msgid "Key (base64 encoding)"
  27. msgstr "密钥(base64编码)"

  28. msgid "Password"
  29. msgstr "密码"

  30. msgid "Mode of operation"
  31. msgstr "操作模式"

  32. msgid "MTU"
  33. msgstr "MTU"

  34. msgid "Timeout (sec)"
  35. msgstr "超时(秒)"

  36. msgid "Run as"
  37. msgstr "以什么身份运行"

  38. msgid "Verbose"
  39. msgstr "详细日志"

  40. msgid "IPv6 First"
  41. msgstr "IPv6 优先"

  42. msgid "Prefer IPv6 addresses when resolving names"
  43. msgstr "解析名称时优先使用 IPv6 地址"

  44. msgid "Enable TCP Fast Open"
  45. msgstr "启用 TCP 快速打开"

  46. msgid "Enable TCP_NODELAY"
  47. msgstr "启用 TCP 无延迟"

  48. msgid "Enable SO_REUSEPORT"
  49. msgstr "启用 SO 端口复用"

  50. msgid "<hidden>"
  51. msgstr "<隐藏>"

  52. msgid "<unset>"
  53. msgstr "<未设置>"

  54. msgid "Package is not installed"
  55. msgstr "软件包未安装"

  56. msgid "Install package %q" % opkg_packag"
  57. msgstr "安装软件包 %q" % opkg_packag"

  58. msgid "General Settings"
  59. msgstr "一般设置"

  60. msgid "Advanced Settings"
  61. msgstr "高级设置"

  62. msgid "Disable"
  63. msgstr "禁用"

  64. msgid "Bind address"
  65. msgstr "绑定地址"

  66. msgid "The address ss-server will initiate connection from"
  67. msgstr "地址 ss-server 将启动连接"

  68. msgid ""
  69. "Instances of s-s-libev components, e.g. ss-local, ss-redir, ss-"
  70. "tunnel, ss-server, etc. To enable an instance it is required to enable both "
  71. "the instance itself and the remote server it refers to."
  72. msgstr ""
  73. "s-s-libev 组件的实例,例如 ss-local,ss-redir,ss-tunnel,ss-server "
  74. "等。要启用实例,需要启用实例本身和它所引用的远程服务器。"

  75. msgid "Tunnel address"
  76. msgstr "隧道地址"

  77. msgid "The address ss-tunnel will forward traffic to"
  78. msgstr "地址 ss-tunnel 将转发流量"

  79. msgid "Local Instances"
  80. msgstr "本地实例"

  81. msgid "Name"
  82. msgstr "名称"

  83. msgid "Overview"
  84. msgstr "概况"

  85. msgid "Running"
  86. msgstr "运行中"

  87. msgid "Enable/Disable"
  88. msgstr "启用/禁用"

  89. msgid "Disabled"
  90. msgstr "已禁用"

  91. msgid "Enabled"
  92. msgstr "已启用"

  93. msgid "Redir Rules"
  94. msgstr "运行规则"

  95. msgid ""
  96. "On this page you can configure how traffics are to be forwarded to ss-redir "
  97. "instances. If enabled, packets will first have their src ip addresses checked "
  98. "against <em>Src ip/net bypass</em>, <em>Src ip/net forward</em>, <em>Src ip/"
  99. "net checkdst</em> and if none matches <em>Src default</em> will give the "
  100. "default action to be taken. If the prior check results in action "
  101. "<em>checkdst</em>, packets will continue to have their dst addresses checked."
  102. msgstr ""
  103. "在此页面上,您可以配置如何将流量转发到 ss-redir 实例。 如果启用,数据包首先会"
  104. "根据 <em>源 ip/net 旁路</em>,<em>源 ip/net 转发</em>,<em>源 ip/net checkdst"
  105. "</em>,如果没有匹配 <em>缺省源</em>会给出默认的操作。 如果先前的检查导致 <em>"
  106. "checkdst</em>动作,数据包将继续检查其目标地址。"

  107. msgid "Source Settings"
  108. msgstr "源设置"

  109. msgid "Destination Settings"
  110. msgstr "目标设置"

  111. msgid "ss-redir for TCP"
  112. msgstr "ss-redir 用于 TCP"

  113. msgid "ss-redir for UDP"
  114. msgstr "ss-redir 用于 UDP"

  115. msgid "Local-out default"
  116. msgstr "本地输出默认值"

  117. msgid "Default action for locally generated TCP packets"
  118. msgstr "本地生成的 TCP 数据包的默认操作"

  119. msgid "Ingress interfaces"
  120. msgstr "进入接口"

  121. msgid "Only apply rules on packets from these network interfaces"
  122. msgstr "仅对来自这些网络接口的数据包应用规则"

  123. msgid "Extra arguments"
  124. msgstr "额外参数"

  125. msgid "Passes additional arguments to iptables. Use with care!"
  126. msgstr "传递到 iptables 的额外参数。小心使用!"

  127. msgid "Src ip/net bypass"
  128. msgstr "源 ip/net 旁路"

  129. msgid "Bypass ss-redir for packets with src address in this list"
  130. msgstr "在此列表中绕过具有源地址的数据包的 ss-redir"

  131. msgid "Src ip/net forward"
  132. msgstr "源 ip/net 转发"

  133. msgid "Forward through ss-redir for packets with src address in this list"
  134. msgstr "通过 ss-redir 转发此列表中带有源地址的数据包"

  135. msgid "Src ip/net checkdst"
  136. msgstr "源 ip/net checkdst"

  137. msgid ""
  138. "Continue to have dst address checked for packets with src address in this list"
  139. msgstr "继续在此列表中检查具有源地址的数据包的目标地址"

  140. msgid "Src default"
  141. msgstr "缺省源"

  142. msgid ""
  143. "Default action for packets whose src address do not match any of the src ip/"
  144. "net list"
  145. msgstr "源地址不匹配任何 源 ip/net 列表 的数据包的默认操作"

  146. msgid "Dst ip/net bypass"
  147. msgstr "目标 ip/net 旁路"

  148. msgid "Bypass ss-redir for packets with dst address in this list"
  149. msgstr "对于列表中具有目标地址的数据包,绕过 ss-redir"

  150. msgid "Dst ip/net forward"
  151. msgstr "目标 ip/net 转发"

  152. msgid "Forward through ss-redir for packets with dst address in this list"
  153. msgstr "通过 ss-redir 转发此列表中具有目标地址的数据包"

  154. msgid "Dst ip/net bypass file"
  155. msgstr "目标 ip/net 旁路文件"

  156. msgid ""
  157. "File containing ip/net for the purposes as with <em>Dst ip/net bypass</em>"
  158. msgstr "包含 ip/net 的文件与<em>目标 ip/net 旁路</em>的用途相同"

  159. msgid "Dst ip/net forward file"
  160. msgstr "目标 ip/net 转发文件"

  161. msgid ""
  162. "File containing ip/net for the purposes as with <em>Dst ip/net forward</em>"
  163. msgstr "包含 ip/net 的文件与<em>目标 ip/net 转发</em>的用途相同"

  164. msgid "Dst default"
  165. msgstr "缺省目的"

  166. msgid ""
  167. "Default action for packets whose dst address do not match any of the dst ip "
  168. "list"
  169. msgstr "目标地址不匹配任何 目标 ip 列表 的数据包的默认操作"

  170. msgid "Install package iptables-mod-conntrack-extra"
  171. msgstr "安装软件包 iptables-mod-conntrack-extra"

  172. msgid "Forward recentrst"
  173. msgstr "转发 recentrst"

  174. msgid ""
  175. "Forward those packets whose dst have recently sent to us multiple tcp-rst"
  176. msgstr "转发目标最近发送给我们多个 tcp-rst 的数据包"

  177. msgid "Remote Servers"
  178. msgstr "远程服务器"

  179. msgid ""
  180. "Definition of remote s-s servers. Disable any of them will also "
  181. "disable instances refering to it."
  182. msgstr ""
  183. "远程 s-s 服务器的定义。禁用它们中的任何一个都会禁用引用它的实例。"
复制代码
ss-libev.zip (2.67 KB, 下载次数: 0)
我的恩山、我的无线 The best wifi forum is right here.
 楼主| 发表于 2018-6-14 08:26 | 显示全部楼层
zshwq5 发表于 2018-6-13 19:04
不需要添加 ca-bundle?

谢谢提醒,我刚刚在说明里附上说明了。
我的恩山、我的无线 The best wifi forum is right here.
发表于 2018-6-14 09:09 | 显示全部楼层
顶,这个高级!
我的恩山、我的无线 The best wifi forum is right here.
发表于 2018-6-14 12:06 来自手机 | 显示全部楼层
老哥这个不好吧!参考了飞羽的教材也要说一下出处
我的恩山、我的无线 The best wifi forum is right here.
发表于 2018-6-14 21:20 | 显示全部楼层
这个好,要好好学习一下。。
我的恩山、我的无线 The best wifi forum is right here.
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|手机版|小黑屋|Archiver|恩山无线论坛 ( 苏ICP备05084872号-1 )  

GMT+8, 2018-6-24 02:06

Powered by Discuz! X3.3

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表