Skip to content

Instantly share code, notes, and snippets.

@xterat

xterat/Configure-transparent-proxy-for-router-in-IPv6-only-network.md

Created March 10, 2018 15:30
Show Gist options
  • Save xterat/d931a940a890abe69188fe5e8c736962 to your computer and use it in GitHub Desktop.
Save xterat/d931a940a890abe69188fe5e8c736962 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Configure-transparent-proxy-for-router-in-IPv6-only-network.md

Configure transparent proxy for router in IPv6 only network

Environment:

Router: ASUS ac66u_b1

OS: asus merlin 384.3

Shadowsocks: shadowsocks-libev 3.1(can support udp relay)

  1. Make sure router can connect to VPS via IPv6.

  2. Install shadowsocks-libev on VPS, start ss-server with IPv6 enabled and -u (udp relay).

  3. Install ss-redir on router(need to install entware first).

  4. Start ss-redir on router with -u.

    nohup ss-redir -s [VPS's ipv6 address] -p [shadowsocks's port] -m [encrypt method] -k [password] -b 0.0.0.0 -l 1080 -u > /dev/null &

  5. Enable TPROXY on router:

     modprobe ip_set
 modprobe ip_set_hash_net
 modprobe ip_set_hash_ip
 modprobe xt_set
 modprobe xt_TPROXY.ko

  6. Configure iptables: (NOTE: Configurations below is used for IPv6 connection. If you use IPv4 connection, don't forget to set iptables to allow traffics to VPS, or network willl be unreachable)

    # TCP rules
iptables -t nat -N SHADOWSOCKS_TCP
# Uncomment line below on ipv4 environment
# iptables -t nat -A SHADOWSOCKS -d [VPS's ipv4 address] -j RETURN
iptables -t nat -A SHADOWSOCKS_TCP -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS_TCP -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS_TCP -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS_TCP -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS_TCP -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS_TCP -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS_TCP -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS_TCP -d 240.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS_TCP -p tcp -j REDIRECT --to-ports 1080
iptables -t nat -I PREROUTING 1 -p tcp -j SHADOWSOCKS_TCP
iptables -t nat -I OUTPUT 1 -p tcp -j SHADOWSOCKS_TCP

# UDP rules
iptables -t mangle -N SHADOWSOCKS_UDP
iptables -t mangle -N SHADOWSOCKS_MARK
ip rule add fwmark 1 lookup 100
ip route add local default dev lo table 100
# Uncomment line below on ipv4 environment
# iptables -t nat -A SHADOWSOCKS_MARK -d [VPS's ipv4 address] -j RETURN
iptables -t mangle -A SHADOWSOCKS_MARK -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS_MARK -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS_MARK -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS_MARK -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A SHADOWSOCKS_MARK -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A SHADOWSOCKS_MARK -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A SHADOWSOCKS_MARK -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A SHADOWSOCKS_MARK -d 240.0.0.0/4 -j RETURN
# Uncomment line below on ipv4 environment
# iptables -t nat -A SHADOWSOCKS_UDP -d [VPS's ipv4 address] -j RETURN
iptables -t mangle -A SHADOWSOCKS_UDP -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS_UDP -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS_UDP -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS_UDP -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A SHADOWSOCKS_UDP -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A SHADOWSOCKS_UDP -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A SHADOWSOCKS_UDP -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A SHADOWSOCKS_UDP -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A SHADOWSOCKS_MARK -p udp -d 8.8.8.8 --dport 53 -j MARK --set-mark 1
iptables -t mangle -A SHADOWSOCKS_UDP -p udp --dport 53 -j TPROXY --on-port 1080 --on-ip 192.168.50.1 --tproxy-mark 0x01/0x01
iptables -t mangle -A PREROUTING -p udp -j SHADOWSOCKS_UDP
iptables -t mangle -A OUTPUT -p udp -j SHADOWSOCKS_MARK

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment