Last active
January 13, 2025 08:54
-
-
Save ahhajlou/9a196a83b673f601acb025f4bef6d898 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # For CIDR IP range | |
| ipset create bypass hash:net hashsize 4096 maxelem 16384 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## https://serverfault.com/a/389004 | |
| iptables -t mangle -A PREROUTING -s 10.1.1.3 ! --destination 10.1.1.0/24 -j MARK --set-mark 3 | |
| iptables -t nat -A POSTROUTING -o tun0 -j SNAT --to-source 192.168.255.6 (openvpn and not necessary for sing-box) | |
| ( | |
| iptables -A FORWARD -j ACCEPT | |
| OR | |
| iptables -A FORWARD -s 10.1.1.0/24 -j ACCEPT | |
| iptables -A FORWARD -d 10.1.1.0/24 -j ACCEPT | |
| ) | |
| ip rule add fwmark 3 table 5 | |
| ip route add default via 192.168.255.5 table 5 | |
| ip route flush cache | |
| # Not sure | |
| sysctl -w net.ipv4.conf.tap0.rp_filter=2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Specify different route for some IPs | |
| echo "100 custom" >> /etc/iproute2/rt_tables | |
| ip rule add to 8.8.8.8 table custom | |
| ip route add default via 192.168.122.1 dev enp1s0 table custom |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Specify different route for some IPs (Better version, using ipset) | |
| echo "100 custom" >> /etc/iproute2/rt_tables | |
| ipset create bypass hash:ip | |
| ipset add bypass {IP} | |
| # Mark packets in both PREROUTING and OUTPUT chains | |
| iptables -t mangle -A PREROUTING -m set --match-set bypass dst -j MARK --set-mark 1 | |
| iptables -t mangle -A OUTPUT -m set --match-set bypass dst -j MARK --set-mark 1 | |
| # Ensure conntrack marks the connection | |
| #iptables -t mangle -A PREROUTING -d 8.8.8.8 -j CONNMARK --save-mark | |
| #iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark | |
| # Add the rule and route | |
| ip rule add fwmark 1 table custom | |
| ip route add default via 192.168.122.1 dev enp8s0 table custom | |
| ip route flush cache |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment