Skip to content

Instantly share code, notes, and snippets.

@fuyufjh

fuyufjh/readme.md

Created February 19, 2017 06:12
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fuyufjh/86f2512c0bf66ba68a526d54e9fd8b0a to your computer and use it in GitHub Desktop.
Save fuyufjh/86f2512c0bf66ba68a526d54e9fd8b0a to your computer and use it in GitHub Desktop.
Download ZIP
树莓派+shadowsocks实现科学上网
Raw
readme.md

安装 shadowsocks-libev

参考 https://teddysun.com/358.html

配置文件

vim /etc/shadowsocks-libev/redir.json

{
    "server":"<server_ip>",
    "server_port":8388,
    "local_address":"0.0.0.0",
    "local_port":7777,
    "password":"<server_password>",
    "timeout":600,
    "method":"aes-256-cfb"
}

启动:

ss-redir -u -c /etc/shadowsocks-libev/redir.json

设置路由表

# Create new chain
iptables -t nat -N SHADOWSOCKS

# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
iptables -t nat -A SHADOWSOCKS -d [SS_SERVER_IP] -j RETURN

# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

# China IPs
curl http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest | grep 'apnic|CN|ipv4' | awk -F\| '{ printf("iptables -t nat -A SHADOWSOCKS -d %s/%d -j RETURN\n", $4, 32-log($5)/log(2)) }' > cn_rules.conf
sh cn_rules.conf

# Anything else should be redirected to shadowsocks's local port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-port 7777

# SNAT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

# Apply the rules
iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS

安装成systemd service

vim /etc/systemd/system/ss-redir.service

[Unit]
Description=Shadowsocks Redir Client
After=network.target

[Service]
Type=forking
PIDFile=/run/shadowsocks/redir.pid
PermissionsStartOnly=true
ExecStartPre=/bin/mkdir -p /run/shadowsocks
ExecStart=/usr/local/bin/ss-redir -u -f /var/run/shadowsocks/redir.pid -c /etc/shadowsocks-libev/redir.json
Restart=on-abort
UMask=0027

[Install]
WantedBy=multi-user.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment