monsterxx03 / snet Goto Github PK
View Code? Open in Web Editor NEWtransparent proxy works on linux desktop, MacOS, router
License: MIT License
transparent proxy works on linux desktop, MacOS, router
License: MIT License
https://github.com/monsterxx03/snet/blob/master/config.json.example
"ss2-password": "passwd"
snet_mipsle
mode: 'local'
在路由器上工作正常mode: 'router'
在路由器上只能访问国内网站, 无法访问国外网站, 在连接该wifi的电脑上无法访问任何网站iptables -t nat -F
电脑都无法访问外网Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 redir ports 1211
2 SNET tcp -- 0.0.0.0/0 0.0.0.0/0
3 delegate_prerouting all -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 SNET tcp -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 delegate_postrouting all -- 0.0.0.0/0 0.0.0.0/0
Chain MINIUPNPD (1 references)
num target prot opt source destination
Chain SNET (2 references)
num target prot opt source destination
1 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 match-set BYPASS_SNET dst
2 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 redir ports 1111
Chain delegate_postrouting (1 references)
num target prot opt source destination
1 postrouting_rule all -- 0.0.0.0/0 0.0.0.0/0 /* user chain for postrouting */
2 zone_lan_postrouting all -- 0.0.0.0/0 0.0.0.0/0
3 zone_wan_postrouting all -- 0.0.0.0/0 0.0.0.0/0
4 zone_ready_postrouting all -- 0.0.0.0/0 0.0.0.0/0
Chain delegate_prerouting (1 references)
num target prot opt source destination
1 prerouting_rule all -- 0.0.0.0/0 0.0.0.0/0 /* user chain for prerouting */
2 zone_lan_prerouting all -- 0.0.0.0/0 0.0.0.0/0
3 zone_wan_prerouting all -- 0.0.0.0/0 0.0.0.0/0
4 zone_ready_prerouting all -- 0.0.0.0/0 0.0.0.0/0
Chain postrouting_lan_rule (1 references)
num target prot opt source destination
Chain postrouting_ready_rule (1 references)
num target prot opt source destination
Chain postrouting_rule (1 references)
num target prot opt source destination
Chain postrouting_wan_rule (1 references)
num target prot opt source destination
Chain prerouting_lan_rule (1 references)
num target prot opt source destination
1 rr_rule tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 REDIRECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 u32 "0x0>>0x16&0x3c@0x14&0xffdfdfdf=0x3575757&&0x0>>0x16&0x3c@0x18&0xffdfdfdf=0x64d4957&&0x0>>0x16&0x3c@0x1c&0xdfdfdfff=0x49464903&&0x0>>0x16&0x3c@0x20&0xdfdfdf00=0x434f4d00" redir ports 53
3 REDIRECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 u32 "0x0>>0x16&0x3c@0x14&0xffdfdfdf=0x64d4957&&0x0>>0x16&0x3c@0x18&0xdfdfdfff=0x49464903&&0x0>>0x16&0x3c@0x1c&0xdfdfdf00=0x434f4d00" redir ports 53
Chain prerouting_ready_rule (1 references)
num target prot opt source destination
Chain prerouting_rule (1 references)
num target prot opt source destination
Chain prerouting_wan_rule (1 references)
num target prot opt source destination
Chain rr_rule (1 references)
num target prot opt source destination
Chain zone_lan_postrouting (1 references)
num target prot opt source destination
1 postrouting_lan_rule all -- 0.0.0.0/0 0.0.0.0/0 /* user chain for postrouting */
Chain zone_lan_prerouting (1 references)
num target prot opt source destination
1 prerouting_lan_rule all -- 0.0.0.0/0 0.0.0.0/0 /* user chain for prerouting */
2 REDIRECT tcp -- 0.0.0.0/0 198.51.100.9 tcp dpt:80 /* nxdomain */ redir ports 8190
Chain zone_ready_postrouting (1 references)
num target prot opt source destination
1 postrouting_ready_rule all -- 0.0.0.0/0 0.0.0.0/0 /* user chain for postrouting */
Chain zone_ready_prerouting (1 references)
num target prot opt source destination
1 prerouting_ready_rule all -- 0.0.0.0/0 0.0.0.0/0 /* user chain for prerouting */
Chain zone_wan_postrouting (1 references)
num target prot opt source destination
1 postrouting_wan_rule all -- 0.0.0.0/0 0.0.0.0/0 /* user chain for postrouting */
2 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_prerouting (1 references)
num target prot opt source destination
1 MINIUPNPD all -- 0.0.0.0/0 0.0.0.0/0
2 prerouting_wan_rule all -- 0.0.0.0/0 0.0.0.0/0 /* user chain for prerouting */
sudo sysctl -w net.inet.ip.forwarding=1
lo="lo0"
dev="en0"
client = "192.168.1.5"
rdr on $lo inet proto tcp from {$dev $client} to any port 1:65535 -> {{.snetHost }} port {{ .snetPort }} # let proxy handle tcp
rdr on $lo inet proto udp from {$dev $client} to any port 53 -> {{ .snetHost }} port {{ .dnsPort }} # let proxy handle dns query
pass out on $dev route-to $lo inet proto tcp from {$dev} to any port 1:65535 # re-route outgoing tcp
pass out on $dev route-to $lo inet proto udp from {$dev} to any port 53 # re-route outgoing udp
首先, 谢谢作者 创建了 Snet, 已经切换该工具作为默认
因为从其他工具转换过来, 有强迫症想知道 哪些请求走了代理, 哪些没有
配置了
{
'proxy-scope': 'bypassCN',
}
能否获取 某个 域名 是用了哪个DNS查询返回的IP, 通过代理还是本地直接请求的?
speedtest -f json -P 8 --accept-license -p
progress
大概到 40几 50几 的时候 ctrl +c
终止 speedtest, 但是 依然能检测到网络带宽非常高(持续5秒以上)我和vps通讯是走udp的,fq-dns可以增加udp server的选项吗
还有
dig google.com
curl google.com
时
snet可以显示log吗
建议,来源,本地网络环境恶劣,本地宽带200m联通,光猫已改桥接,i7软路由,千兆网卡,运营商QOS限速,udp阻断(超级长城宽带,我感觉也就西北大省和我这有的一拼)
本地网络环境(以阿里云北京BGP-1000Mbps测速):
隧道实际测试情况:
也就是我这里要想愉悦的使用,只能使用wss,并且cdn优选,目前我这里是用go简单写了个wss在使用,套娃clash,但是iptables下tproxy导致的锥形网络始终有瓶颈,这也算给大家一种解决方案吧,有时候有全栈网络需求时候,只能用socks over tun来搞,因为基本一到下午4点,城际出口只有2m,王者荣耀ping值没低于200的时候
算是个建议吧
T_T
关于Tproxy的问题可以参考:
https://blog.51cto.com/dog250/1315782
个人建议能不用这玩意做透明代理就别用
我目前的方案:
CN2 GIA LSJ-DC6和ASN9929圣何塞两台vps做前端,nginx做wss负载均衡,后端用8刀一年的同机房vps做后端,本地用wss客户端,走cdn到前端,目前除了谷歌不定时需要点验证码,速度基本能压榨到极限
刷路由表需要 sudo 权限,运行需要输入密码会比较麻烦,如果能够分开的话,可以把 snet 一直放在后台运行,而只需要在终端控制一下路由表来控制是否走代理,这样会方便许多。
hi, any plan for supporting udp protocol ? i think the kcptun has significant improvement to speed up network
可以的
https://github.com/FlowerWrong/tun2socks
https://github.com/xjasonlyu/tun2socks
这两个已经实现fake dns
surge增强模式也是这样
有两种方式
google.com -> 192.18.0.1
google.com.hk -> 192.18.0.2
google.com -> 192.18.0.1:1111
google.com.hk -> 192.18.0.2:1112
通过这种关联即可
个人系统192.168.1.2开启
net.inet.ip.forwarding=1
开启tun2socks
sudo route add 198.18.0.2/24 240.0.0.1(tun网关)
手机设置网关192.168.1.2
所有流量走192.168.1.2了吧
192.168.1.2开启fake dns
手机dns服务器也设置为192.168.1.2
手机访问google.com 得到ip 192.18.0.1
手机连接192.18.0.1经过192.168.1.2
192.18.0.1走tun接口
tun2socks检测到访问192.18.0.1->google.com
此时tun2socks->v2ray inbounds
由v2ray来识别国外国内 google facebook twitter等域名
假如手机访问baidu,v2ray直接识别为geosite:cn ip 流量直接国内走
tun2socks只需要提供fake dns和代理功能
分流交给v2ray来做
这样
你好,有支持v2ray的打算吗。谢谢
谢谢你
2022年了
有不少走udp 443的了
Windows Subsystem for Linux 下 是否能兼容下?
本机v2ray监听了一个socks5 支持udp的那种
Chrome's cache for google.com is wired
实测 OSX 10.14.6 可以用
sudo killall -HUP mDNSResponder
清除缓存, chrome 也会刷新缓存
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.