Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
升级 小米路由器3 可以ssh 可以 Shadowsocks [Tags]: 小米路由, 小米路由3, 小米路由器, 小米路由器3, ssh, shadowsocks
#!/usr/bin/env python
#coding=utf-8
#
# Generate a list of dnsmasq rules with ipset for gfwlist
#
# Copyright (C) 2014 http://www.shuyz.com
# Ref https://code.google.com/p/autoproxy-gfwlist/wiki/Rules
import urllib2
import re
import os
import datetime
import base64
import shutil
# opendns master server
mydnsip = '208.67.222.222'
mydnsport = '443'
# the url of gfwlist
baseurl = 'https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt'
# match comments/title/whitelist/ip address
comment_pattern = '^\!|\[|^@@|^\d+\.\d+\.\d+\.\d+'
domain_pattern = '([\w\-\_]+\.[\w\.\-\_]+)[\/\*]*'
tmpfile = '/tmp/gfwlisttmp'
# do not write to router internal flash directly
outfile = '/tmp/gfwlist.conf'
rulesfile = '/etc/dnsmasq.d/gfwlist.conf'
fs = file(outfile, 'w')
fs.write('# gfw list ipset rules for dnsmasq\n')
fs.write('# updated on ' + datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S") + '\n')
fs.write('#\n')
#print 'fetching list...'
content = urllib2.urlopen(baseurl, timeout=15).read().decode('base64')
# write the decoded content to file then read line by line
tfs = open(tmpfile, 'w')
tfs.write(content)
tfs.close()
tfs = open(tmpfile, 'r')
#print 'page content fetched, analysis...'
# remember all blocked domains, in case of duplicate records
domainlist = []
for line in tfs.readlines():
if not re.findall(comment_pattern, line):
#print 'this is a comment line: ' + line
#fs.write('#' + line)
#else:
domain = re.findall(domain_pattern, line)
if domain:
try:
found = domainlist.index(domain[0])
#print domain[0] + ' exists.'
except ValueError:
#print 'saving ' + domain[0]
domainlist.append(domain[0])
fs.write('server=/.%s/%s#%s\n'%(domain[0],mydnsip,mydnsport))
fs.write('ipset=/.%s/ss\n'%domain[0])
#else:
#print 'no valid domain in this line: ' + line
tfs.close()
fs.close();
#print 'moving generated file to dnsmasg directory'
#shutil.move(outfile, rulesfile)
#print 'restart dnsmasq...'
#print os.popen('/etc/init.d/dnsmasq restart').read()
#print 'done!'

升级小米路由器3 SSH + Shadowsocks

起因

因为,希望要让Apple TV能够直接访问Youtube。如果在路由器不翻墙的情况,即使直接通过手机AirPlay也是无法直接投影Youbute等墙外的信息的。 必须Apple TV本身的链路能够访问Youtube才行。

因此,这说明了Airplay的协议是传递的访问「地址」而非直接推送视频镜像流。

升级到开发版

下载开发版rom

从小米官网下载相关开发版ROM,这样是支持SSH的。对应地址http://www1.miwifi.com/miwifi_download.html

升级到开发版rom

直接访问 http://miwifi.com 登录后选择升级系统,并选择手工升级。

选择直接从文件中(即刚才下载的rom文件),类似miwifi_r3_all_55ac7_2.11.20.bin。 -- 截止到目前(2017年03月21日),最合适的版本是之前比较旧的。miwifi_r3_all_55ac7_2.11.20.bin这个版本。

在我自己的VPS中备份一个bin文件。

一定要注意版本,目前,测试最新版本。例如miwifi_r3_firmware_e87c6_2.13.75.bin可以从官网下载到的。或者,直接通过后台管理页面升级到的「最新版」都是无法使用当前的「破解」支持SSH的方法。

点击「升级」,期间路由器会重启。为了保证清理干净,建议直接选择「不保留配置」。虽然这样会导致需要重新配置宽带帐号,但是,避免了配置文件降级(目前,开发版的版本号是低于发行版的版本号的--我也不知道这个是什么逻辑)。

重启后,等待路由器的指示灯重新变成「蓝色」,即可以连接一个没有密码的设置的Miwifi信号。

注意,不要这么操作了。证明这样是不行的

重新登录 http://miwifi.com 在系统配置中,检查一下,是否有新的开发版本支持。本次,我就碰到官网中显示的开发版,并不是最新版。导致我还需要进行一次「自动升级」

重新配置上网帐号

连接到Miwifi信号后,按照Wizard提示,配置宽带帐号和Wifi SSID后。等待路由重启后,如果SSID和Password与刷机之前没有变化,那么,相关的所有设备可以自动重新连接到路由器上。

破解ssh登录

前提,下面描述的方法针对的条件如下:

通过访问4个一系列的URL,crack SSH。具体Link如下。在操作过程中需要注意:

**登录管理页面,替换stok后陆续在地址栏执行以下4条(注意每次执行要等待指令执行完成后,即页面打开状态的小圆圈转完)。 **

http://192.168.31.1/cgi-bin/luci/;stok=【你的stok,登录路由器管理界面在地址栏可以看到】/api/xqnetwork/set_wifi_ap?ssid=tianbao&encryption=NONE&enctype=NONE&channel=1%3Bnvram%20set%20ssh%5Fen%3D1%3B%20nvram%20commit


http://192.168.31.1/cgi-bin/luci/;stok=【你的stok,登录路由器管理界面在地址栏可以看到】/api/xqnetwork/set_wifi_ap?ssid=tianbao&encryption=NONE&enctype=NONE&channel=1%3Bsed%20%2Di%20%22%3Ax%3AN%3As%2Fif%20%5C%5B%2E%2A%5C%3B%20then%5Cn%2E%2Areturn%200%5Cn%2E%2Afi%2F%23tb%2F%3Bb%20x%22%20%2Fetc%2Finit.d%2Fdropbear


http://192.168.31.1/cgi-bin/luci/;stok=【你的stok,登录路由器管理界面在地址栏可以看到】/api/xqnetwork/set_wifi_ap?ssid=tianbao&encryption=NONE&enctype=NONE&channel=1%3B%2Fetc%2Finit.d%2Fdropbear%20start


http://192.168.31.1/cgi-bin/luci/;stok=【你的stok,登录路由器管理界面在地址栏可以看到】/api/xqsystem/set_name_password?oldPwd=路由器管理密码&newPwd=路由器管理密码 

前三个URL返回的相关错误代码是:

{
    "msg": "未能连接到指定WiFi(Probe timeout)",
    "code": 1616
}

最后一个是root ssh登录小米路由器的密码设置,因此,只有返回如下,才能说明ssh破解正常:

{
    "code": 0
}

安装配置 Shadowsocks

使用一键安装脚本

参考:https://github.com/JeansHuang/miwifi-ss

cd /userdisk && rm -rf miwifi.sh && wget http://7xo6sw.com1.z0.glb.clouddn.com/miwifi.sh && chmod +x miwifi.sh && sh ./miwifi.sh

其中,miwifi.sh 的访问地址可以根据具体情况调整,我使用的文件内容如下:

#!/bin/sh
cd /tmp
echo "*********************************************************"
echo "*                    SS插件安装器                         *"
echo "*                                                       *"
echo "*          安装前请关闭小米路由器自带VPN功能                  *"
echo "*                                                       *"
echo "*         支持路由型号:mini | r1d | r2d | r3              *"
echo "*                                                       *"
echo "*     没SS帐号?这里:http://bbs.xiaomi.cn/t-13066771      *"
echo "*                                                       *"
echo "*********************************************************"
echo "                                                         "
echo "请选择需要的操作(按下对应数字后回车确认)"
echo "1:安装r1d&r2d版SS插件"
echo "2:卸载r1d&r2d版SS插件"
echo "3:安装mini版ss插件"
echo "4:卸载mini版ss插件"
echo "5:安装r3版ss插件"
echo "6:卸载r3版ss插件"
echo "0:退出"
read num

if [ "${num}" == "1" ]
then
cd /tmp
rm -rf *.sh
wget http://7xo6sw.com1.z0.glb.clouddn.com/r2d_ss.sh
chmod -R 777 r2d_ss.sh
./r2d_ss.sh
fi
if [ "${num}" == "2" ]
then
cd /tmp
rm -rf *.sh
wget http://7xo6sw.com1.z0.glb.clouddn.com/r2d_uninstall.sh
chmod -R 777 r2d_uninstall.sh
./r2d_uninstall.sh
fi


if [ "${num}" == "3" ]
then
cd /tmp
rm -rf *.sh
wget http://7xo6sw.com1.z0.glb.clouddn.com/mini_ss.sh
chmod -R 777 mini_ss.sh
./mini_ss.sh
fi

if [ "${num}" == "4" ]
then
cd /tmp
rm -rf *.sh
wget http://7xo6sw.com1.z0.glb.clouddn.com/mini_uninstall.sh
chmod -R 777 mini_uninstall.sh
sh mini_uninstall.sh
fi

if [ "${num}" == "5" ]
then
cd /tmp
rm -rf *.sh
wget http://7xo6sw.com1.z0.glb.clouddn.com/r3_ss.sh
chmod -R 777 r3_ss.sh
./r3_ss.sh
fi

if [ "${num}" == "6" ]
then
cd /tmp
rm -rf *.sh
wget http://7xo6sw.com1.z0.glb.clouddn.com/r3_uninstall.sh
chmod -R 777 r3_uninstall.sh
sh r3_uninstall.sh
fi

if [ "${num}" == "0" ]
then
exit
fi

核心脚本 r3_ss.shr3_uninstall.sh

r3_ss.sh

#!/bin/sh

clear
echo "#############################################################"
echo "# Install Shadowsocks for Miwifi(r3)"
echo "#############################################################"

# Make sure only root can run our script
if [[ $EUID -ne 0 ]]; then
   echo "Error:This script must be run as root!" 1>&2
   exit 1
fi
cd /tmp
rm -f shadowsocks_r3.tar.gz
wget http://7xo6sw.com1.z0.glb.clouddn.com/shadowsocks_r3.tar.gz
tar zxf shadowsocks_r3.tar.gz

# install shadowsocks ss-redir to /data/usr/sbin
mkdir -p /data/usr/sbin
cp -f ./shadowsocks_r3/ss-redir  /data/usr/sbin/ss-redir
chmod +x /data/usr/sbin/ss-redir

# Config shadowsocks init script
cp ./shadowsocks_r3/shadowsocks /etc/init.d/shadowsocks
chmod +x /etc/init.d/shadowsocks

#config setting and save settings.
echo "#############################################################"
echo "#"
echo "# Please input your shadowsocks configuration"
echo "#"
echo "#############################################################"
echo ""
echo "请输入服务器IP:"
read serverip
echo "请输入服务器端口:"
read serverport
echo "请输入密码:"
read shadowsockspwd
echo "请输入加密方式"
read method

# Config shadowsocks
cat > /etc/shadowsocks.json<<-EOF
{
  "server":"${serverip}",
  "server_port":${serverport},
  "local_address":"127.0.0.1",
  "local_port":1081,
  "password":"${shadowsockspwd}",
  "timeout":600,
  "method":"${method}"
}
EOF

#config dnsmasq
cp -f ./shadowsocks_r3/dnsmasq_list.conf /etc/dnsmasq.d/dnsmasq_list.conf

#config firewall
cp -f /etc/firewall.user /etc/firewall.user.back
echo "ipset -N gfwlist iphash -! " >> /etc/firewall.user
echo "iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081" >> /etc/firewall.user

#restart all service
/etc/init.d/dnsmasq restart
/etc/init.d/firewall restart
/etc/init.d/shadowsocks start
/etc/init.d/shadowsocks enable

#install successfully
rm -rf /tmp/shadowsocks_r3
rm -f /tmp/shadowsocks_r3.tar.gz
echo ""
echo "Shadowsocks安装成功!"
echo ""
exit 0

此处备份一下 shadowsocks_r3.tar.gz shadowsocks_r3.tar.gz

echo "开始卸载Shadowsocks"
echo -e "停止相关进程--------------------------------------\c"
/etc/init.d/shadowsocks stop 1>/dev/null 2>&1
/etc/init.d/shadowsocks disable 1>/dev/null 2>&1
echo -e "[\e[32m完成\e[37m]"
echo -e "删除相关文件--------------------------------------\c"
rm -rf /etc/init.d/shadowsocks
rm -rf /etc/dnsmasq.d/dnsmasq_list.conf
rm -rf /data/usr/sbin
rm -rf /etc/shadowsocks.json
sed -i '/ipset -N gfwlist iphash -!/d' /etc/firewall.user
sed -i '/iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081/d' /etc/firewall.user
/etc/init.d/firewall restart
/etc/init.d/dnsmasq restart
echo "卸载Shadowsocks完成"
cd /tmp && rm -rf *.sh && wget http://7xo6sw.com1.z0.glb.clouddn.com/miwifi.sh && sh ./miwifi.sh && rm -rf *.sh

脚本都做了什么

  • 获取 shadowsocks_r3.tar.gz
  • 安装 ss-redir
  • 配置 init.d shadowsocks
  • 配置 shadowsocks.json
  • 配置 dnsmasq
  • 配置 iptables
  • 重启服务

补充

升级到新版的ROM

我并没有选择让小米路由器自己升级到最新的ROM。但是,第二天早晨起来后,小米路由器确实升级到了最新的版本。当前版本号是:MiWiFi 开发版 2.19.65

还好SSH登录的破解还是生效被保留下来了。

导致的问题就是,shadowsocks 服务丢失了。需要自己重新跑脚本进行安装。

性能问题

对比之前老的初代高性能版的小米路由器,现在只有128Mb的小米路由3,每次打开web控制面板,都能发现会导致CPU短期100%。

整体性能感觉都是很一般。后续不知道我是否加入NAS后是否需要考虑一个性能更好的路由器进行配合了。

后续(Todo-List):

自动更新 dnsmasq conf

参考相关

附录:

参考连接

@ystarlongzi

This comment has been minimized.

Show comment Hide comment
@ystarlongzi

ystarlongzi May 1, 2017

按照步骤在小米路由器3上成功安装 ss 后,还是无法翻墙(ss 服务器是正常可用的)。
还需要其它配置嘛?

按照步骤在小米路由器3上成功安装 ss 后,还是无法翻墙(ss 服务器是正常可用的)。
还需要其它配置嘛?

@rambolee

This comment has been minimized.

Show comment Hide comment
@rambolee

rambolee May 2, 2017

@ystarlongzi 你看一下 /etc/dnsmasq.d/dnsmasq_list.conf 这个是否正常生成了。

Owner

rambolee commented May 2, 2017

@ystarlongzi 你看一下 /etc/dnsmasq.d/dnsmasq_list.conf 这个是否正常生成了。

@wplct

This comment has been minimized.

Show comment Hide comment
@wplct

wplct Jun 4, 2017

该脚本的2号操作有个hhttp,导致卸载失败,不过还是谢谢你的工作,我成功一键安装了

wplct commented Jun 4, 2017

该脚本的2号操作有个hhttp,导致卸载失败,不过还是谢谢你的工作,我成功一键安装了

@rambolee

This comment has been minimized.

Show comment Hide comment
@rambolee

rambolee Jun 4, 2017

@wplct 感谢指正,已经修改了。

Owner

rambolee commented Jun 4, 2017

@wplct 感谢指正,已经修改了。

@c446984928

This comment has been minimized.

Show comment Hide comment
@c446984928

c446984928 Jun 6, 2017

新的开发版固件似乎已经不行了,最后一步会参数错误

新的开发版固件似乎已经不行了,最后一步会参数错误

@rambolee

This comment has been minimized.

Show comment Hide comment
@rambolee

rambolee Jun 9, 2017

@c446984928 最后一步有什么具体报错么?我还没更新到最新的 ROM

Owner

rambolee commented Jun 9, 2017

@c446984928 最后一步有什么具体报错么?我还没更新到最新的 ROM

@rambolee

This comment has been minimized.

Show comment Hide comment
@rambolee

rambolee Jun 9, 2017

@c446984928 我现在还能正常使用的开发版本号是: 2.19.93(开发版)

Owner

rambolee commented Jun 9, 2017

@c446984928 我现在还能正常使用的开发版本号是: 2.19.93(开发版)

@KaneOne

This comment has been minimized.

Show comment Hide comment
@KaneOne

KaneOne Jun 17, 2017

安装成功了,可是好像路由器还是获取的运营商的dns,所以域名解析不出来,请哪里可以指定dns

KaneOne commented Jun 17, 2017

安装成功了,可是好像路由器还是获取的运营商的dns,所以域名解析不出来,请哪里可以指定dns

@rambolee

This comment has been minimized.

Show comment Hide comment
@rambolee

rambolee Jun 18, 2017

@KaneOne dnsmasq 是否启动了?

Owner

rambolee commented Jun 18, 2017

@KaneOne dnsmasq 是否启动了?

@wenshiqiang

This comment has been minimized.

Show comment Hide comment
@wenshiqiang

wenshiqiang Jul 1, 2017

今天试了一下发现小米路由3已经可以用官方的工具包打开SSH了,不过一路装到后面还是没法工作,没有任何错误信息,但墙外的还是连不上。这个能打开shadowsocks的console输出么?

今天试了一下发现小米路由3已经可以用官方的工具包打开SSH了,不过一路装到后面还是没法工作,没有任何错误信息,但墙外的还是连不上。这个能打开shadowsocks的console输出么?

@c446984928

This comment has been minimized.

Show comment Hide comment
@c446984928

c446984928 Jul 2, 2017

官方工具包确实可以直接打开ssh,已验证

官方工具包确实可以直接打开ssh,已验证

@wenshiqiang

This comment has been minimized.

Show comment Hide comment
@wenshiqiang

wenshiqiang Jul 2, 2017

今天鼓捣了一天也没弄好,降级成上文说的2.11.20,起firewall的时候报下面的错

  • Running script '/lib/firewall/rr.load reload'
    iptables v1.4.12.2: Set rr_404 doesn't exist.

升级成最新的2.21.52,错误变成
......

  • Running script '/lib/firewall/rr.load reload'
    ! Failed with exit code 1
    ......
    /etc/rc.common: line 92: /usr/sbin/firewall.webinitrdr: not found

ss-redir是在正常听着1081端口的,但是貌似没有包转过来。所以墙内的功能正常,墙外的还是访问不了。

非常恼火,恢复出厂设置,然后依然不行。

wenshiqiang commented Jul 2, 2017

今天鼓捣了一天也没弄好,降级成上文说的2.11.20,起firewall的时候报下面的错

  • Running script '/lib/firewall/rr.load reload'
    iptables v1.4.12.2: Set rr_404 doesn't exist.

升级成最新的2.21.52,错误变成
......

  • Running script '/lib/firewall/rr.load reload'
    ! Failed with exit code 1
    ......
    /etc/rc.common: line 92: /usr/sbin/firewall.webinitrdr: not found

ss-redir是在正常听着1081端口的,但是貌似没有包转过来。所以墙内的功能正常,墙外的还是访问不了。

非常恼火,恢复出厂设置,然后依然不行。

@Thanolee

This comment has been minimized.

Show comment Hide comment
@Thanolee

Thanolee Jul 8, 2017

请问如何手动更新GFWList呢

Thanolee commented Jul 8, 2017

请问如何手动更新GFWList呢

@shmilychomi

This comment has been minimized.

Show comment Hide comment
@shmilychomi

shmilychomi Jul 17, 2017

请问这个是全局模式还是代理模式?

请问这个是全局模式还是代理模式?

@rambolee

This comment has been minimized.

Show comment Hide comment
@rambolee

rambolee Jul 29, 2017

@shmilychomi 是代理模式

Owner

rambolee commented Jul 29, 2017

@shmilychomi 是代理模式

@rambolee

This comment has been minimized.

Show comment Hide comment
@rambolee

rambolee Jul 29, 2017

@Thanolee 稍微麻烦一点我是通过第一个文件 update-dnsmasq-from-gfwlist.py 去转换上传到路由器上的

Owner

rambolee commented Jul 29, 2017

@Thanolee 稍微麻烦一点我是通过第一个文件 update-dnsmasq-from-gfwlist.py 去转换上传到路由器上的

@ppq1991

This comment has been minimized.

Show comment Hide comment
@ppq1991

ppq1991 Aug 3, 2017

@wenshiqiang 哎我也遇到了一样的问题,请问你解决了吗?

ppq1991 commented Aug 3, 2017

@wenshiqiang 哎我也遇到了一样的问题,请问你解决了吗?

@archerfeel

This comment has been minimized.

Show comment Hide comment
@archerfeel

archerfeel Aug 26, 2017

我单独把ss-redir拿出来试了下, 还没到iptables那一层

root@XiaoQiang:/userdisk# /data/usr/sbin/ss-redir -c /etc/shadowsocks.json -v &
2017-08-26 21:27:18 INFO: initialize ciphers... aes-256-cfb
2017-08-26 21:27:18 INFO: listening at 127.0.0.1:1081

然后在路由器上用curl走1081端口试了下, 问题在ss-redir这里

root@XiaoQiang:/userdisk# curl --socks5 localhost:1081 www.google.com -v
* Unable to receive initial SOCKS5 response.
curl: (7) Unable to receive initial SOCKS5 response.

archerfeel commented Aug 26, 2017

我单独把ss-redir拿出来试了下, 还没到iptables那一层

root@XiaoQiang:/userdisk# /data/usr/sbin/ss-redir -c /etc/shadowsocks.json -v &
2017-08-26 21:27:18 INFO: initialize ciphers... aes-256-cfb
2017-08-26 21:27:18 INFO: listening at 127.0.0.1:1081

然后在路由器上用curl走1081端口试了下, 问题在ss-redir这里

root@XiaoQiang:/userdisk# curl --socks5 localhost:1081 www.google.com -v
* Unable to receive initial SOCKS5 response.
curl: (7) Unable to receive initial SOCKS5 response.
@star739

This comment has been minimized.

Show comment Hide comment
@star739

star739 Sep 14, 2017

http://7xo6sw.com1.z0.glb.clouddn.com/

我用这个网址装上了SS,配置了SS的帐号,现在也能翻墙了,但是有个问题:https://www.tumblr.com/ 这个网站打不开,要如何把这个网址加进自动代理的列表里去,请指点,谢谢!

star739 commented Sep 14, 2017

http://7xo6sw.com1.z0.glb.clouddn.com/

我用这个网址装上了SS,配置了SS的帐号,现在也能翻墙了,但是有个问题:https://www.tumblr.com/ 这个网站打不开,要如何把这个网址加进自动代理的列表里去,请指点,谢谢!

@flynigege

This comment has been minimized.

Show comment Hide comment
@flynigege

flynigege Sep 16, 2017

你好,小米路由3,使用安装脚本执行完成:Shadowsocks安装成功!
执行 curl www.google.com
curl: (7) Failed connect to www.google.com:80; Connection timed out
@能求助帮忙解决下么?谢谢

你好,小米路由3,使用安装脚本执行完成:Shadowsocks安装成功!
执行 curl www.google.com
curl: (7) Failed connect to www.google.com:80; Connection timed out
@能求助帮忙解决下么?谢谢

@rambolee

This comment has been minimized.

Show comment Hide comment
@rambolee

rambolee Sep 21, 2017

@wenshiqiang @archerfeel 我近期帮朋友再弄了一台小米3也有这个 rr_404 的问题。处理方法就是重启大法。直接重启路由器后,重新 ssh 登录,重启跑服务脚本

/etc/init.d/dnsmasq restart
/etc/init.d/firewall restart
/etc/init.d/shadowsocks start
/etc/init.d/shadowsocks enable

就没有再出现 rr_404 问题。

请再试试看。

Owner

rambolee commented Sep 21, 2017

@wenshiqiang @archerfeel 我近期帮朋友再弄了一台小米3也有这个 rr_404 的问题。处理方法就是重启大法。直接重启路由器后,重新 ssh 登录,重启跑服务脚本

/etc/init.d/dnsmasq restart
/etc/init.d/firewall restart
/etc/init.d/shadowsocks start
/etc/init.d/shadowsocks enable

就没有再出现 rr_404 问题。

请再试试看。

@rambolee

This comment has been minimized.

Show comment Hide comment
@rambolee

rambolee Sep 21, 2017

@star739
主要就是分析一下脚本原理。所以,对于你这个需求,可以收工修改dnsmasq的配置文件即可。
煮个栗子:

root@XiaoQiang:~# vi /etc/dnsmasq.d/dnsmasq_list.conf

增加如下配置

server=/.tumblr.com/208.67.222.222#443
ipset=/.tumblr.com/gfwlist

重启dnsmasq服务

$ root@XiaoQiang:~# /etc/init.d/dnsmasq restart
Owner

rambolee commented Sep 21, 2017

@star739
主要就是分析一下脚本原理。所以,对于你这个需求,可以收工修改dnsmasq的配置文件即可。
煮个栗子:

root@XiaoQiang:~# vi /etc/dnsmasq.d/dnsmasq_list.conf

增加如下配置

server=/.tumblr.com/208.67.222.222#443
ipset=/.tumblr.com/gfwlist

重启dnsmasq服务

$ root@XiaoQiang:~# /etc/init.d/dnsmasq restart
@WilliamZhu915

This comment has been minimized.

Show comment Hide comment
@WilliamZhu915

WilliamZhu915 Oct 2, 2017

请问有办法修改成全局模式吗,还有重开机似乎不会自动启动

请问有办法修改成全局模式吗,还有重开机似乎不会自动启动

@rqzheng2015

This comment has been minimized.

Show comment Hide comment
@rqzheng2015

rqzheng2015 Oct 15, 2017

第一个py文件如何执行呢?有步骤吗?求救!!!

第一个py文件如何执行呢?有步骤吗?求救!!!

@rambolee

This comment has been minimized.

Show comment Hide comment
@rambolee

rambolee Oct 19, 2017

@rqzheng2015 第一个 python 文件是用来更新转换 dnsmasq 的配置的。不一定非要跑。可以自己收工维护 dnsmasq 配置。

Owner

rambolee commented Oct 19, 2017

@rqzheng2015 第一个 python 文件是用来更新转换 dnsmasq 的配置的。不一定非要跑。可以自己收工维护 dnsmasq 配置。

@loveward

This comment has been minimized.

Show comment Hide comment
@loveward

loveward Nov 25, 2017

小米路由器3g使用失败

小米路由器3g使用失败

@rambolee

This comment has been minimized.

Show comment Hide comment
@rambolee

rambolee Dec 8, 2017

@loveward 具体什么报错?

Owner

rambolee commented Dec 8, 2017

@loveward 具体什么报错?

@jocongmin

This comment has been minimized.

Show comment Hide comment
@jocongmin

jocongmin Dec 25, 2017

我试了,第一天可以正常用,第二天/etc/init.d/ 里面的shadow文件不见了,这是什么情况

我试了,第一天可以正常用,第二天/etc/init.d/ 里面的shadow文件不见了,这是什么情况

@AlbaHoo

This comment has been minimized.

Show comment Hide comment
@AlbaHoo

AlbaHoo Jan 9, 2018

@rambolee @wenshiqiang
一样的问题。
也试过了重启大法,rr_404 还是出现。
我用小米路由器作为repeater(中继)挂在家里另一个路由器下面,是这个原因吗?

今天鼓捣了一天也没弄好,降级成上文说的2.11.20,起firewall的时候报下面的错

Running script '/lib/firewall/rr.load reload'
iptables v1.4.12.2: Set rr_404 doesn't exist.
升级成最新的2.21.52,错误变成
......

Running script '/lib/firewall/rr.load reload'
! Failed with exit code 1
......
/etc/rc.common: line 92: /usr/sbin/firewall.webinitrdr: not found
ss-redir是在正常听着1081端口的,但是貌似没有包转过来。所以墙内的功能正常,墙外的还是访问不了。

AlbaHoo commented Jan 9, 2018

@rambolee @wenshiqiang
一样的问题。
也试过了重启大法,rr_404 还是出现。
我用小米路由器作为repeater(中继)挂在家里另一个路由器下面,是这个原因吗?

今天鼓捣了一天也没弄好,降级成上文说的2.11.20,起firewall的时候报下面的错

Running script '/lib/firewall/rr.load reload'
iptables v1.4.12.2: Set rr_404 doesn't exist.
升级成最新的2.21.52,错误变成
......

Running script '/lib/firewall/rr.load reload'
! Failed with exit code 1
......
/etc/rc.common: line 92: /usr/sbin/firewall.webinitrdr: not found
ss-redir是在正常听着1081端口的,但是貌似没有包转过来。所以墙内的功能正常,墙外的还是访问不了。

@AlbaHoo

This comment has been minimized.

Show comment Hide comment
@AlbaHoo

AlbaHoo Jan 9, 2018

$ top
19438 1 root S 2644 2.1 0 0.0 /data/usr/sbin/ss-redir -c /etc/shadowsocks.json -b 0.0.0.0

ss-redir 就足够了吗,不需要ss-tunnel ss-local吗??

AlbaHoo commented Jan 9, 2018

$ top
19438 1 root S 2644 2.1 0 0.0 /data/usr/sbin/ss-redir -c /etc/shadowsocks.json -b 0.0.0.0

ss-redir 就足够了吗,不需要ss-tunnel ss-local吗??

@Ash1ey-S

This comment has been minimized.

Show comment Hide comment
@Ash1ey-S

Ash1ey-S Jan 11, 2018

小米3g 失败……
提示:
root@XiaoQiang:/# /etc/init.d/myshadowsocks start
-ash: /etc/init.d/myshadowsocks: Permission denied
有没有解决的办法?
怀疑是整个安装时有问题,但是有安装成功的提示。。。不知道到底安装好了没

  • Flushing IPv4 filter table
  • Flushing IPv4 nat table
  • Flushing IPv4 mangle table
  • Flushing IPv4 raw table
  • Flushing IPv6 filter table
  • Flushing IPv6 mangle table
  • Flushing IPv6 raw table
  • Flushing conntrack table ...
  • Populating IPv4 filter table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
    • Rule 'Allow-DHCP-Renew'
    • Rule 'Allow-Ping'
    • Rule 'shuijing wan accept tcp port 4593'
    • Rule 'shuijing wan accept udp port 4693'
    • Rule 'Hello wifi 8999'
    • Rule 'Hello wifi 8300'
    • Rule 'Hello wifi 7080'
    • Rule 'DHCP for ready'
    • Rule 'DHCP for ready'
    • Rule 'tbus for ready'
    • Rule 'tbus for ready'
    • Rule 'ingress port for PT download'
    • Rule #15
    • Rule #16
    • Rule 'xunlei wan accept tcp port 1080 4662 2080 2062'
    • Rule 'xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066'
    • Rule 'xunlei_port_limit_localhost 9000'
    • Redirect 'nxdomain'
    • Forward 'lan' -> 'wan'
    • Forward 'guest' -> 'wan'
  • Populating IPv4 nat table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
    • Redirect 'nxdomain'
  • Populating IPv4 mangle table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
  • Populating IPv4 raw table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
  • Populating IPv6 filter table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
    • Rule 'Allow-DHCPv6'
    • Rule 'Allow-ICMPv6-Input'
    • Rule 'Allow-ICMPv6-Forward'
    • Rule 'shuijing wan accept tcp port 4593'
    • Rule 'shuijing wan accept udp port 4693'
    • Rule 'Hello wifi 8999'
    • Rule 'Hello wifi 8300'
    • Rule 'Hello wifi 7080'
    • Rule 'DHCP for ready'
    • Rule 'DHCP for ready'
    • Rule 'tbus for ready'
    • Rule 'tbus for ready'
    • Rule 'ingress port for PT download'
    • Rule #15
    • Rule #16
    • Rule 'xunlei wan accept tcp port 1080 4662 2080 2062'
    • Rule 'xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066'
    • Rule 'xunlei_port_limit_localhost 9000'
    • Forward 'lan' -> 'wan'
    • Forward 'guest' -> 'wan'
  • Populating IPv6 mangle table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
  • Populating IPv6 raw table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
  • Set tcp_ecn to off
  • Set tcp_syncookies to on
    ! Unable to write value /proc/sys/net/ipv4/tcp_syncookies: No such file or directory
  • Set tcp_window_scaling to on
  • Running script '/lib/firewall.sysapi.loader webinitrdr'
  • Running script '/lib/firewall.sysapi.loader dnsmiwifi'
  • Running script '/lib/firewall.sysapi.loader macfilter'
  • Running script '/lib/firewall.sysapi.loader miqos'
  • Running script '/lib/firewall.sysapi.loader turbo'
  • Running script '/lib/firewall.sysapi.loader xqfp'
  • Running script '/etc/firewall.user'
  • Running script '/lib/firewall.sysapi.loader dmz_bypass_ctf'
  • Running script '/lib/firewall/rr.load reload'
    ! Failed with exit code 1
  • Running script '/usr/sbin/wifishare.sh reload'
    /bin/sh: /usr/sbin/wifishare.sh: line 21: timeout_default=86400: not found
    17683 root 2128 S {wifishare_daemo} /bin/sh /usr/sbin/wifishare_daemon.sh daemon
    curent try pid 17683 end
    wifishare kill 17683
    wifishare daemon stop
  • Running script '/lib/firewall.sysapi.loader apk_proxy'
    /usr/sbin/wifishare_daemon.sh: /usr/sbin/wifishare.sh: line 21: timeout_default=86400: not found
  • Running script '/lib/firewall.sysapi.loader parentalctl'
  • Running script '/lib/firewall/ipset_redirect.loader'
  • Running script '/usr/share/miniupnpd/firewall.include'
  • Running script '/lib/firewall.sysapi.loader kr_query'

Shadowsocks安装成功!

root@XiaoQiang:/userdisk# /usr/sbin/wifishare_daemon.sh: /usr/sbin/wifishare.sh: line 21: timeout_default=86400: not found
rm: can't remove '/tmp/wifishare_timeout_mac': No such file or directory
cat: can't open '/tmp/wifishare_timeout_mac': No such file or directory
rm: can't remove '/tmp/wifishare_timeout_mac': No such file or directory

Ash1ey-S commented Jan 11, 2018

小米3g 失败……
提示:
root@XiaoQiang:/# /etc/init.d/myshadowsocks start
-ash: /etc/init.d/myshadowsocks: Permission denied
有没有解决的办法?
怀疑是整个安装时有问题,但是有安装成功的提示。。。不知道到底安装好了没

  • Flushing IPv4 filter table
  • Flushing IPv4 nat table
  • Flushing IPv4 mangle table
  • Flushing IPv4 raw table
  • Flushing IPv6 filter table
  • Flushing IPv6 mangle table
  • Flushing IPv6 raw table
  • Flushing conntrack table ...
  • Populating IPv4 filter table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
    • Rule 'Allow-DHCP-Renew'
    • Rule 'Allow-Ping'
    • Rule 'shuijing wan accept tcp port 4593'
    • Rule 'shuijing wan accept udp port 4693'
    • Rule 'Hello wifi 8999'
    • Rule 'Hello wifi 8300'
    • Rule 'Hello wifi 7080'
    • Rule 'DHCP for ready'
    • Rule 'DHCP for ready'
    • Rule 'tbus for ready'
    • Rule 'tbus for ready'
    • Rule 'ingress port for PT download'
    • Rule #15
    • Rule #16
    • Rule 'xunlei wan accept tcp port 1080 4662 2080 2062'
    • Rule 'xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066'
    • Rule 'xunlei_port_limit_localhost 9000'
    • Redirect 'nxdomain'
    • Forward 'lan' -> 'wan'
    • Forward 'guest' -> 'wan'
  • Populating IPv4 nat table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
    • Redirect 'nxdomain'
  • Populating IPv4 mangle table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
  • Populating IPv4 raw table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
  • Populating IPv6 filter table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
    • Rule 'Allow-DHCPv6'
    • Rule 'Allow-ICMPv6-Input'
    • Rule 'Allow-ICMPv6-Forward'
    • Rule 'shuijing wan accept tcp port 4593'
    • Rule 'shuijing wan accept udp port 4693'
    • Rule 'Hello wifi 8999'
    • Rule 'Hello wifi 8300'
    • Rule 'Hello wifi 7080'
    • Rule 'DHCP for ready'
    • Rule 'DHCP for ready'
    • Rule 'tbus for ready'
    • Rule 'tbus for ready'
    • Rule 'ingress port for PT download'
    • Rule #15
    • Rule #16
    • Rule 'xunlei wan accept tcp port 1080 4662 2080 2062'
    • Rule 'xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066'
    • Rule 'xunlei_port_limit_localhost 9000'
    • Forward 'lan' -> 'wan'
    • Forward 'guest' -> 'wan'
  • Populating IPv6 mangle table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
  • Populating IPv6 raw table
    • Zone 'lan'
    • Zone 'wan'
    • Zone 'ready'
    • Zone 'guest'
  • Set tcp_ecn to off
  • Set tcp_syncookies to on
    ! Unable to write value /proc/sys/net/ipv4/tcp_syncookies: No such file or directory
  • Set tcp_window_scaling to on
  • Running script '/lib/firewall.sysapi.loader webinitrdr'
  • Running script '/lib/firewall.sysapi.loader dnsmiwifi'
  • Running script '/lib/firewall.sysapi.loader macfilter'
  • Running script '/lib/firewall.sysapi.loader miqos'
  • Running script '/lib/firewall.sysapi.loader turbo'
  • Running script '/lib/firewall.sysapi.loader xqfp'
  • Running script '/etc/firewall.user'
  • Running script '/lib/firewall.sysapi.loader dmz_bypass_ctf'
  • Running script '/lib/firewall/rr.load reload'
    ! Failed with exit code 1
  • Running script '/usr/sbin/wifishare.sh reload'
    /bin/sh: /usr/sbin/wifishare.sh: line 21: timeout_default=86400: not found
    17683 root 2128 S {wifishare_daemo} /bin/sh /usr/sbin/wifishare_daemon.sh daemon
    curent try pid 17683 end
    wifishare kill 17683
    wifishare daemon stop
  • Running script '/lib/firewall.sysapi.loader apk_proxy'
    /usr/sbin/wifishare_daemon.sh: /usr/sbin/wifishare.sh: line 21: timeout_default=86400: not found
  • Running script '/lib/firewall.sysapi.loader parentalctl'
  • Running script '/lib/firewall/ipset_redirect.loader'
  • Running script '/usr/share/miniupnpd/firewall.include'
  • Running script '/lib/firewall.sysapi.loader kr_query'

Shadowsocks安装成功!

root@XiaoQiang:/userdisk# /usr/sbin/wifishare_daemon.sh: /usr/sbin/wifishare.sh: line 21: timeout_default=86400: not found
rm: can't remove '/tmp/wifishare_timeout_mac': No such file or directory
cat: can't open '/tmp/wifishare_timeout_mac': No such file or directory
rm: can't remove '/tmp/wifishare_timeout_mac': No such file or directory

@taogogo

This comment has been minimized.

Show comment Hide comment
@taogogo

taogogo Jan 15, 2018

没有在小米路由器3的插件列表内找到ss

taogogo commented Jan 15, 2018

没有在小米路由器3的插件列表内找到ss

@mervynyang

This comment has been minimized.

Show comment Hide comment
@mervynyang

mervynyang Jan 23, 2018

@rambolee
server=/.tumblr.com/208.67.222.222#443 ipset=/.tumblr.com/gfwlist

这个配置似乎没用

@rambolee
server=/.tumblr.com/208.67.222.222#443 ipset=/.tumblr.com/gfwlist

这个配置似乎没用

@jocongmin

This comment has been minimized.

Show comment Hide comment
@jocongmin

jocongmin Feb 14, 2018

开机启动方法 /etc/init.d/shadowsocks enable

开机启动方法 /etc/init.d/shadowsocks enable

@haijohn

This comment has been minimized.

Show comment Hide comment
@haijohn

haijohn Apr 5, 2018

@wenshiqiang 问题解决了吗

haijohn commented Apr 5, 2018

@wenshiqiang 问题解决了吗

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment