Comments (81)
baggiogogo
commented on August 18, 2024
1
这个应该没那么麻烦的,tcp部分不用管,重新开个ss进程专门处理udp。只开一个进程的话,都是指向服务器,udp无法指向本地speeder。
from udpspeeder.
genics
commented on August 18, 2024
晕,我lede是x64的, x86的貌似用不了,老大帮忙看看。
root@LEDE-X64:# speeder# ./speeder
/usr/bin/speeder: line 1: syntax error: unexpected "("
root@LEDE-X64:
-ash: ./speeder: not found
root@LEDE-X64:~# speeder -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd"
/usr/bin/speeder: line 1: syntax error: unexpected "("
from udpspeeder.
wangyu-
commented on August 18, 2024
用amd64版试试?你说的这个lede是什么型号?
from udpspeeder.
genics
commented on August 18, 2024
amd64可以了。:)
是http://firmware.koolshare.cn/LEDE_X64_fw867/ 这个lede。
from udpspeeder.
genics
commented on August 18, 2024
还是有问题。服务器那边是运行起来了。
root@LEDE-X64:~# speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd"
Segmentation fault
from udpspeeder.
wangyu-
commented on August 18, 2024
也许你得自己编译一下了。
可以先用电脑试试。
from udpspeeder.
wangyu-
commented on August 18, 2024
你应该是在lede上给其他设备做了透明代理吧?
可以在电脑用vmware上开个桥接模式的虚拟机,让lede上的ss-local或者ss-redir连到虚拟机里的speeder监听的端口。
==update==
多提供点关于你环境的信息吧。 游戏运行在windows上还是主机上?用什么方式做的代理?你的lede上的ss是怎么编译出来的?
from udpspeeder.
genics
commented on August 18, 2024
是有透明代理。也就是我虚拟机上得运行一个ss 和speed客户端, 本地和服务器是通过speed链接。 虚拟机和lede是通过ss链接,对吧?
from udpspeeder.
wangyu-
commented on August 18, 2024
你的游戏运行在哪? 代理是用socks5还是透明代理?你的这个lede是做本地的路由器还是远程的服务器?
详细说一下,然后我告诉你最简单的方案。
from udpspeeder.
genics
commented on August 18, 2024
我游戏运行在ps4上。代理是透明代理,(路由ssr翻墙,开的gfw模式,默认udp不转发)我这个lede是本地路由器(直接拨号)
from udpspeeder.
wangyu-
commented on August 18, 2024
假设远程服务器ip是44.55.66.77,ssr监听在443。
在远程服务器运行个speeder server, -l0.0.0.0:8888 -r127.0.0.1:443,
在windows上开个桥接模式的虚拟机,假设获得的ip是192.168.1.100. 运行speeer client, -l0.0.0.0:9999 -r44.55.66.77:8888
然后在路由器上更改ssr的设置,把ssr的服务器地址从44.55.66.77:443改成192.168.1.100:9999,就可以了。
ssr_client(在路由器上)----->speederclient(在虚拟机上)---->speeder_server(在远程服务器上)---->ssr_server(在远程服务器上)
from udpspeeder.
genics
commented on August 18, 2024
好的,我理解对了,试试
from udpspeeder.
genics
commented on August 18, 2024
但是有个问题是,默认ss是不转发udp的,我是不是需要打开lede的ss的游戏模式?从而让udp也能通过vps转发?
from udpspeeder.
wangyu-
commented on August 18, 2024
这个我也不清楚呀 = =。你这个透明代理不是ss-dir这种标准模式,是路由器的固件自己做的,就像个黑盒,我也不知道里面有什么。
但是udp模式是一定要想办法打开的。
from udpspeeder.
genics
commented on August 18, 2024
好,我先测试测试。
from udpspeeder.
wangyu-
commented on August 18, 2024
给speeder client和server加上参数--report 10,观察是否有数据包流过,如果有大量的包流过,就说明udp的流量被中转了。
from udpspeeder.
wangyu-
commented on August 18, 2024
我想到一个问题。你从虚拟机访问44.55.66.77的流量也会被透明代理,会造成环路。
需要配置路由器,让虚拟机的流量不走代理。如果配不了,得研究下路由器的iptables,然后自己加一条规则。
from udpspeeder.
genics
commented on August 18, 2024
有点搞不定了,太复杂了:( 虚拟机我到是装好了。 iptables太难。
from udpspeeder.
wangyu-
commented on August 18, 2024
那自己编译吧。如果路由器能本地运行speeder就没这个问题了。
from udpspeeder.
genics
commented on August 18, 2024
从来没有编译过,现在遇到如下问题aarch64-openwrt-linux-g++: warning: environment variable 'STAGING_DIR' not defined
from udpspeeder.
wangyu-
commented on August 18, 2024
这个warning: environment variable 'STAGING_DIR' not defined可以忽略,我这边也有,而且是很多条。
这要编译出了binary就可以。
from udpspeeder.
genics
commented on August 18, 2024
生成了一个speeder-cross文件,是这个吧?600多kb
from udpspeeder.
wangyu-
commented on August 18, 2024
对
from udpspeeder.
genics
commented on August 18, 2024
运行显示这些错误。。
root@LEDE-X64:/usr/bin# speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd"
: no such fileer_amd64: line 2: can't open KQL+I�%49.JN=60
/usr/bin/speeder_amd64: line 2:ELF����?.@@. not found
/usr/bin/speeder_amd64: line 2: y
�R�.�: not found �J���ii
/usr/bin/speeder_amd64: line 3: syntax error: unexpected "("
root@LEDE-X64:/usr/bin# /usr/bin/speeder_amd64: line 2: 3BH�5�������
: not found
/usr/bin/speeder_amd64: line 2: @8@22064�@@@@@..��??@?@����@@l??��P??P?? not found
还那么多乱码。。
from udpspeeder.
wangyu-
commented on August 18, 2024
一般编译出的binary跟实际运行环境的cpu不符才这样。
from udpspeeder.
genics
commented on August 18, 2024
好,我再研究下
from udpspeeder.
wangyu-
commented on August 18, 2024
你的文件名为什么不是speeder_cross?自己改的吗
也许你下载的编译环境的gcc是32位,而你的64位lede上没装兼容32位的库。
from udpspeeder.
genics
commented on August 18, 2024
嗯,名字是编译好的speeder_cross 改成speeder_amd64 的。
我下载的sdk是这个https://downloads.lede-project.org/snapshots/targets/arm64/generic/lede-sdk-arm64_gcc-5.4.0_musl.Linux-x86_64.tar.xz
看上去就是64的啊。
from udpspeeder.
wangyu-
commented on August 18, 2024
从名字上看, 这个包应该是在linux-x86_64的环境编译,编译好了生成arm64的binary。
用错了。
from udpspeeder.
genics
commented on August 18, 2024
。。。。。。。。我眼看花了,把arm64看成amd64,等下重新编译~
from udpspeeder.
genics
commented on August 18, 2024
终于成功了,
root@LEDE-X64:/usr/bin# speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd"
[2017-08-12 13:27:47][INFO]argc=8 speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k passwd
from udpspeeder.
wangyu-
commented on August 18, 2024
恭喜,剩下的就是研究下路由器固件哪个模式能代理udp了。
from udpspeeder.
genics
commented on August 18, 2024
root@LEDE-X64:/usr/bin# speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd" --report 10
[2017-08-12 14:21:20][INFO]argc=10 speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k passwd --report 10
[2017-08-12 14:21:20][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:21:30][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:21:41][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:21:51][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:22:01][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:22:12][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:22:22][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
老大,两边都没流量,是不是防火墙的锅?
设置如下
客户端 speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd" --report 10
服务器端 speeder_amd64 -l0.0.0.0:8855 -r127.0.0.1:11981 -s -d2 -k "passwd" --report 10
客户端ssr设置是 相同的加密,协议 地址是127.0.0.1:3333
from udpspeeder.
wangyu-
commented on August 18, 2024
应该是的,你把iptables-save的输出给我,我看一下。
from udpspeeder.
genics
commented on August 18, 2024
谷歌了一下下没弄懂, iptables-save 没有任何输出啊
是需要服务器端还是lede的?
from udpspeeder.
wangyu-
commented on August 18, 2024
是在lede。没有提示找不到命令,但就是没有输出?
from udpspeeder.
genics
commented on August 18, 2024
root@LEDE-X64:/usr/bin# iptables-save
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:48:34 2017
*nat
:PREROUTING ACCEPT [87:20819]
:INPUT ACCEPT [20:2242]
:OUTPUT ACCEPT [125:9831]
:POSTROUTING ACCEPT [34:2678]
:KOOLPROXY - [0:0]
:KOOLPROXY_ADB - [0:0]
:KOOLPROXY_GLO - [0:0]
:KOOLPROXY_HTTPS_ADB - [0:0]
:KOOLPROXY_HTTPS_GLO - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:SHADOWSOCKS - [0:0]
:SHADOWSOCKS_CHN - [0:0]
:SHADOWSOCKS_GAM - [0:0]
:SHADOWSOCKS_GFW - [0:0]
:SHADOWSOCKS_GLO - [0:0]
:SHADOWSOCKS_HOME - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: user chain for prerouting" -j prerouting_rule
-A PREROUTING -p tcp -j SHADOWSOCKS
-A PREROUTING -p tcp -j KOOLPROXY
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.1
-A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 1080
-A POSTROUTING -m comment --comment "!fw3: user chain for postrouting" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A KOOLPROXY -d 0.0.0.0/8 -j RETURN
-A KOOLPROXY -d 10.0.0.0/8 -j RETURN
-A KOOLPROXY -d 127.0.0.0/8 -j RETURN
-A KOOLPROXY -d 169.254.0.0/16 -j RETURN
-A KOOLPROXY -d 172.16.0.0/12 -j RETURN
-A KOOLPROXY -d 192.168.0.0/16 -j RETURN
-A KOOLPROXY -d 224.0.0.0/4 -j RETURN
-A KOOLPROXY -d 240.0.0.0/4 -j RETURN
-A KOOLPROXY -p tcp -j KOOLPROXY_GLO
-A KOOLPROXY_ADB -p tcp -m tcp --dport 80 -m set --match-set adblock dst -j REDIRECT --to-ports 3000
-A KOOLPROXY_GLO -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3000
-A KOOLPROXY_HTTPS_ADB -p tcp -m multiport --dports 80,443 -m set --match-set adblock dst -j REDIRECT --to-ports 3000
-A KOOLPROXY_HTTPS_GLO -p tcp -m multiport --dports 80,443 -j REDIRECT --to-ports 3000
-A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
-A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
-A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
-A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 127.0.0.1/32 -j RETURN
-A SHADOWSOCKS -j SHADOWSOCKS_GFW
-A SHADOWSOCKS_CHN -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_CHN -p tcp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GAM -p tcp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GFW -p tcp -m set --match-set gfwlist dst -m set ! --match-set cdn dst -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GLO -p tcp -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_HOME -p tcp -m geoip --destination-country CN -j REDIRECT --to-ports 1080
-A zone_lan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: DSM 80 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 5000 -m comment --comment "!fw3: DSM 5000 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.14/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.14/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.15/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.15/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Forward8888 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Forward8888 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80 (reflection)" -j DNAT --to-destination 192.168.1.12:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80 (reflection)" -j DNAT --to-destination 192.168.1.12:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000 (reflection)" -j DNAT --to-destination 192.168.1.12:5000
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000 (reflection)" -j DNAT --to-destination 192.168.1.12:5000
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j DNAT --to-destination 192.168.1.12:6999
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j DNAT --to-destination 192.168.1.12:6999
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80" -j DNAT --to-destination 192.168.1.12:80
-A zone_wan_prerouting -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000" -j DNAT --to-destination 192.168.1.12:5000
-A zone_wan_prerouting -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234" -j DNAT --to-destination 192.168.1.14:1234
-A zone_wan_prerouting -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234" -j DNAT --to-destination 192.168.1.14:1234
-A zone_wan_prerouting -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235" -j DNAT --to-destination 192.168.1.15:1235
-A zone_wan_prerouting -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235" -j DNAT --to-destination 192.168.1.15:1235
-A zone_wan_prerouting -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800" -j DNAT --to-destination 192.168.1.12:6800
-A zone_wan_prerouting -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800" -j DNAT --to-destination 192.168.1.12:6800
-A zone_wan_prerouting -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt" -j DNAT --to-destination 192.168.1.12:6999
COMMIT
# Completed on Sat Aug 12 14:48:34 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:48:34 2017
*raw
:PREROUTING ACCEPT [16482:15864902]
:OUTPUT ACCEPT [713:251108]
COMMIT
# Completed on Sat Aug 12 14:48:34 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:48:34 2017
*mangle
:PREROUTING ACCEPT [16458:15856130]
:INPUT ACCEPT [639:130084]
:FORWARD ACCEPT [15816:15721397]
:OUTPUT ACCEPT [701:250317]
:POSTROUTING ACCEPT [16489:15970632]
:SHADOWSOCKS - [0:0]
:SHADOWSOCKS_GAM - [0:0]
-A PREROUTING -p udp -j SHADOWSOCKS
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-wan2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
-A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
-A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
-A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
-A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 127.0.0.1/32 -j RETURN
-A SHADOWSOCKS_GAM -p udp -m set --match-set gfwlist dst -j TPROXY --on-port 1080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A SHADOWSOCKS_GAM -p udp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j TPROXY --on-port 1080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
COMMIT
# Completed on Sat Aug 12 14:48:34 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:48:34 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: user chain for input" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: user chain for forwarding" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: user chain for output" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: forwarding lan -> wan" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: user chain for input" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: user chain for output" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-wan2 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: user chain for input" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8855 -m comment --comment "!fw3: Open3333" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 8855 -m comment --comment "!fw3: Open3333" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: user chain for output" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-wan2 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sat Aug 12 14:48:34 2017
好了~
from udpspeeder.
genics
commented on August 18, 2024
8855端口是我在luci下后来打开的
from udpspeeder.
wangyu-
commented on August 18, 2024
好长。你再暂时把路由器设置成不走speeder。然后iptables-save我对比一下。
貌似你不走speeder的时候路由器会对的你服务器ip添加例外,现在走了speeder因为speeder在本地,你的路由器不知道服务器的ip,所以没添加例外造成的。
from udpspeeder.
genics
commented on August 18, 2024
确实他这个固件的ssr有很多模式,iptables很复杂,我还有mwan3多线共用,所以长。这是改回我默认能工作的ssr服务器后的输出。估计变化不大。
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:59:22 2017
*nat
:PREROUTING ACCEPT [26:7721]
:INPUT ACCEPT [1:76]
:OUTPUT ACCEPT [57:4481]
:POSTROUTING ACCEPT [23:1893]
:KOOLPROXY - [0:0]
:KOOLPROXY_ADB - [0:0]
:KOOLPROXY_GLO - [0:0]
:KOOLPROXY_HTTPS_ADB - [0:0]
:KOOLPROXY_HTTPS_GLO - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:SHADOWSOCKS - [0:0]
:SHADOWSOCKS_CHN - [0:0]
:SHADOWSOCKS_GAM - [0:0]
:SHADOWSOCKS_GFW - [0:0]
:SHADOWSOCKS_GLO - [0:0]
:SHADOWSOCKS_HOME - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: user chain for prerouting" -j prerouting_rule
-A PREROUTING -p tcp -j SHADOWSOCKS
-A PREROUTING -p tcp -j KOOLPROXY
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.1
-A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 1080
-A POSTROUTING -m comment --comment "!fw3: user chain for postrouting" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A KOOLPROXY -d 0.0.0.0/8 -j RETURN
-A KOOLPROXY -d 10.0.0.0/8 -j RETURN
-A KOOLPROXY -d 127.0.0.0/8 -j RETURN
-A KOOLPROXY -d 169.254.0.0/16 -j RETURN
-A KOOLPROXY -d 172.16.0.0/12 -j RETURN
-A KOOLPROXY -d 192.168.0.0/16 -j RETURN
-A KOOLPROXY -d 224.0.0.0/4 -j RETURN
-A KOOLPROXY -d 240.0.0.0/4 -j RETURN
-A KOOLPROXY -p tcp -j KOOLPROXY_GLO
-A KOOLPROXY_ADB -p tcp -m tcp --dport 80 -m set --match-set adblock dst -j REDIRECT --to-ports 3000
-A KOOLPROXY_GLO -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3000
-A KOOLPROXY_HTTPS_ADB -p tcp -m multiport --dports 80,443 -m set --match-set adblock dst -j REDIRECT --to-ports 3000
-A KOOLPROXY_HTTPS_GLO -p tcp -m multiport --dports 80,443 -j REDIRECT --to-ports 3000
-A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
-A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
-A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
-A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 118.193.241.124/32 -j RETURN
-A SHADOWSOCKS -j SHADOWSOCKS_GFW
-A SHADOWSOCKS_CHN -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_CHN -p tcp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GAM -p tcp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GFW -p tcp -m set --match-set gfwlist dst -m set ! --match-set cdn dst -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GLO -p tcp -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_HOME -p tcp -m geoip --destination-country CN -j REDIRECT --to-ports 1080
-A zone_lan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: DSM 80 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 5000 -m comment --comment "!fw3: DSM 5000 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.14/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.14/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.15/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.15/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Forward8888 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Forward8888 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80 (reflection)" -j DNAT --to-destination 192.168.1.12:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80 (reflection)" -j DNAT --to-destination 192.168.1.12:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000 (reflection)" -j DNAT --to-destination 192.168.1.12:5000
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000 (reflection)" -j DNAT --to-destination 192.168.1.12:5000
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j DNAT --to-destination 192.168.1.12:6999
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j DNAT --to-destination 192.168.1.12:6999
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80" -j DNAT --to-destination 192.168.1.12:80
-A zone_wan_prerouting -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000" -j DNAT --to-destination 192.168.1.12:5000
-A zone_wan_prerouting -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234" -j DNAT --to-destination 192.168.1.14:1234
-A zone_wan_prerouting -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234" -j DNAT --to-destination 192.168.1.14:1234
-A zone_wan_prerouting -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235" -j DNAT --to-destination 192.168.1.15:1235
-A zone_wan_prerouting -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235" -j DNAT --to-destination 192.168.1.15:1235
-A zone_wan_prerouting -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800" -j DNAT --to-destination 192.168.1.12:6800
-A zone_wan_prerouting -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800" -j DNAT --to-destination 192.168.1.12:6800
-A zone_wan_prerouting -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt" -j DNAT --to-destination 192.168.1.12:6999
COMMIT
# Completed on Sat Aug 12 14:59:22 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:59:22 2017
*raw
:PREROUTING ACCEPT [3323:2923480]
:OUTPUT ACCEPT [566:204652]
COMMIT
# Completed on Sat Aug 12 14:59:22 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:59:22 2017
*mangle
:PREROUTING ACCEPT [3297:2923386]
:INPUT ACCEPT [448:43156]
:FORWARD ACCEPT [2849:2880230]
:OUTPUT ACCEPT [536:193355]
:POSTROUTING ACCEPT [3381:3073425]
:SHADOWSOCKS - [0:0]
:SHADOWSOCKS_GAM - [0:0]
-A PREROUTING -p udp -j SHADOWSOCKS
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-wan2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
-A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
-A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
-A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
-A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 118.193.241.124/32 -j RETURN
-A SHADOWSOCKS_GAM -p udp -m set --match-set gfwlist dst -j TPROXY --on-port 1080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A SHADOWSOCKS_GAM -p udp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j TPROXY --on-port 1080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
COMMIT
# Completed on Sat Aug 12 14:59:22 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:59:22 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: user chain for input" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: user chain for forwarding" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: user chain for output" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: forwarding lan -> wan" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: user chain for input" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: user chain for output" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-wan2 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: user chain for input" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8855 -m comment --comment "!fw3: Open3333" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 8855 -m comment --comment "!fw3: Open3333" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: user chain for output" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-wan2 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sat Aug 12 14:59:22 2017
from udpspeeder.
wangyu-
commented on August 18, 2024
你把路由器重新设置成走speeder,所有都好了以后,然后执行:
iptables -t nat -I SHADOWSOCKS -d 118.193.241.124/32 -j RETURN
估计就可以了。
from udpspeeder.
wangyu-
commented on August 18, 2024
不好意思,漏了一条,还需要执行
iptables -t mangle -I SHADOWSOCKS -d 118.193.241.124/32 -j RETURN
from udpspeeder.
genics
commented on August 18, 2024
两条都加了,还是不行,没流量,防火墙重启的话就没这两条了,不重启iptables的情况下还是不行。。。。
from udpspeeder.
wangyu-
commented on August 18, 2024
你有没有用kcptun代理了ss的tcp端口到本地?
Kcptun要和speeder一起用。kcptun代理ss的tcp端口,speeder代理udp端口。
代理udp端口也需要那个tcp开着,socks5需要先连上tcp去通知一下,然后udp的tunnel才能建立。
from udpspeeder.
wangyu-
commented on August 18, 2024
从你之前的输出看,不是speeder client和server不通,是你的路由器没连到speeder。
如果连上了,不管speeder client和server通不通,都会有这种输出:
[2017-08-12 15:24:19][INFO][main.cpp,func:event_loop,line:754]new connection from 127.0.0.1:46697 ,created new udp fd 8
``
from udpspeeder.
genics
commented on August 18, 2024
没有,这个固件有kcptun加速ssr的模式,但是我现在没用,以前用过。
必须打开kcptun吗?
from udpspeeder.
wangyu-
commented on August 18, 2024
必须同时中转ssr的tcp端口和udp端口,才能用ssr代理udp。
之前我可能理解错了,我以为你已经把kcptun的中转做好了,只是不能加速udp。
from udpspeeder.
wangyu-
commented on August 18, 2024
ss_client的udp端口----->speeder_client----->speeder_server---->ss_server的udp端口
ss_client的tcp端口----->kcptun_client----->kcptun_server---->ss_server的tcp端口
from udpspeeder.
wangyu-
commented on August 18, 2024
现在你用speed把远程ss的udp端口中转到了本地。但是你远程ss的tcp端口还在远程,所以就连不上了。
socks5不管代理tcp还是udp都得用tcp握手一下。
from udpspeeder.
wangyu-
commented on August 18, 2024
不用kcptun也行,但是必须得想办法把远程的tcp端口(和udp的端口号相同)中转到本地。
如果你的lede环境有ncat,只要在lede执行下面的命令(server不用管):
ncat --sh-exec "ncat 118.193.241.124 服务器ss端口" -l 本地端口 --keep-open
但是这个东西一般都得单独装
from udpspeeder.
genics
commented on August 18, 2024
我现在把kcptun中转ssr打开了,youtube什么的都工作正常,问题是,如何让udp走这个127.0.0.1的3333端口呢?(这个lede的luci只能开一个kcptun,并且链接一个ssr服务器) 有点晕。
等于speed只转发了udp包,tcp包还在远程,没有转发是吧?
from udpspeeder.
genics
commented on August 18, 2024
openwrt我看了下没有ncat。。。。
from udpspeeder.
wangyu-
commented on August 18, 2024
我现在把kcptun中转ssr打开了,youtube什么的都工作正常,问题是,如何让udp走这个127.0.0.1的3333端口呢?(这个lede的luci只能开一个kcptun,并且链接一个ssr服务器) 有点晕。
确实有点晕,因为现在kcptun中转ssr这个过程是路由器固件实现的,过程不透明,路由器固件也没考虑到有人要在中间串联个udp加速器,要想在上面打补丁很麻烦。
我建你不用路由器自己的kcptun中转ssr功能。 自己用kcptun_client和speeder把隧道做好,把远程ss的tcp和udp端口都中转到本地。然后把ssr的ip填本机。再用我给你的那两条iptables.
等于speed只转发了udp包,tcp包还在远程,没有转发是吧?
是的,没有tcp包做握手,udp是代理不起来的。
from udpspeeder.
wangyu-
commented on August 18, 2024
https://github.com/wangyu-/udp2raw-tunnel/issues/1
这个issue里,baggiogogo他做的透明代理就是完全自己用ss-redir kcptun实现的。
你可以用我刚才说的方法尝试一下。 如果还是不行,可以尝试像baggiogogo一样手工搭建透明代理,了解一些原理,慢慢来。自己搭出来的可以随意扩展,不用想尽办法在路由器固件上打补丁。
from udpspeeder.
genics
commented on August 18, 2024
好的,谢谢,我先看看
from udpspeeder.
wangyu-
commented on August 18, 2024
openwrt上有ncat的。
opkg update
opkg install ncat
如果还是不行,下载后手动安装(这个是我的mips CPU的,你的lede我也不知道在哪里= =):
https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/packages/ncat_6.47-2_ar71xx.ipk
from udpspeeder.
wangyu-
commented on August 18, 2024
我这边路由器已经装过了
[root@tplink-wdr4310:~]
$ ncat -h
Ncat 6.47 ( http://nmap.org/ncat )
Usage: ncat [options] [hostname] [port]
Options taking a time assume seconds. Append 'ms' for milliseconds,
's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms).
-4 Use IPv4 only
-6 Use IPv6 only
-U, --unixsock Use Unix domain sockets only
-C, --crlf Use CRLF for EOL sequence
-c, --sh-exec <command> Executes the given command via /bin/sh
-e, --exec <command> Executes the given command
-g hop1[,hop2,...] Loose source routing hop points (8 max)
-G <n> Loose source routing hop pointer (4, 8, 12, ...)
-m, --max-conns <n> Maximum <n> simultaneous connections
-h, --help Display this help screen
-d, --delay <time> Wait between read/writes
-o, --output <filename> Dump session data to a file
-x, --hex-dump <filename> Dump session data as hex to a file
-i, --idle-timeout <time> Idle read/write timeout
-p, --source-port port Specify source port to use
-s, --source addr Specify source address to use (doesn't affect -l)
-l, --listen Bind and listen for incoming connections
-k, --keep-open Accept multiple connections in listen mode
-n, --nodns Do not resolve hostnames via DNS
-t, --telnet Answer Telnet negotiations
-u, --udp Use UDP instead of default TCP
--sctp Use SCTP instead of default TCP
-v, --verbose Set verbosity level (can be used several times)
-w, --wait <time> Connect timeout
--append-output Append rather than clobber specified output files
--send-only Only send data, ignoring received; quit on EOF
--recv-only Only receive data, never send anything
--allow Allow only given hosts to connect to Ncat
--allowfile A file of hosts allowed to connect to Ncat
--deny Deny given hosts from connecting to Ncat
--denyfile A file of hosts denied from connecting to Ncat
--broker Enable Ncat's connection brokering mode
--chat Start a simple Ncat chat server
--proxy <addr[:port]> Specify address of host to proxy through
--proxy-type <type> Specify proxy type ("http" or "socks4" or "socks5")
--proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server
--version Display Ncat's version information and exit
See the ncat(1) manpage for full options, descriptions and usage examples
from udpspeeder.
wangyu-
commented on August 18, 2024
@baggiogogo 这个好像不行吧。socks5协议的tcp和udp要互相配合才能代理udp的。 如果sock5的tcp端口在本地,udp端口在远程。貌似就不能用了。 可以实验一下,我也不确定。
哦,不对,我觉得我好像想错了,试试吧。
from udpspeeder.
wangyu-
commented on August 18, 2024
这个图里的方案我验证过,如果按照这个来,把sserver的tcp和udp端口同时中转到本地,肯定是可以正常工作的。
但是像@baggiogogo说的开个单独的ss处理udp,能不能工作,我就不确定了。
还有如果只中转udp不中转tcp,能不能代理udp,我也不确定了,得看一下SS的实现。
====update====
给图片添加了点信息。 图里的方案是把用kcptun把远程ssserver的tcp443中转到本地的tcp12345,用speeder把远程ssserver的udp443中转到本地的udp12345,然后ssserver就相当于运行在本地127.0.0.1:12345了。然后让路由器的ssclient连本的127.0.0.1:12345 。
from udpspeeder.
genics
commented on August 18, 2024
把openwrt的lede装到lede了,不能运行。。算了,放弃这个方法
root@LEDE-X64:/tmp# opkg install ncat_6.47-2_x86_64.ipk
Installing ncat (6.47-2) to root...
Configuring ncat.
root@LEDE-X64:/tmp# cd
root@LEDE-X64:~# ncat
-ash: ncat: not found
from udpspeeder.
genics
commented on August 18, 2024
这个本地的kcptun和speeder监听的端口必须一样吗?只是一个tcp一个udp?
from udpspeeder.
wangyu-
commented on August 18, 2024
这个本地的kcptun和speeder监听的端口必须一样吗?
如果按这个来肯定没问题,我测试过的。
只是一个tcp一个udp?
是的,相同端口号,一个tcp一个udp。
from udpspeeder.
genics
commented on August 18, 2024
1那理论上我tcp可以不通过kcptun吧,直接ssr的tcp走。
2或者tcp必须走kcptun然后kcptun的tcp流量其实是打包成udp和speed的本身udp一起走的speed。
1对还是2对呢?
from udpspeeder.
baggiogogo
commented on August 18, 2024
肯定可以的,用ss-redir,quic、udp443,我一直那么抛出去的。服务器开一个ss-server就可以,加-u。
客户端ss-redirA监听1080处理tcp
客户端ss-redirB监听1081处理udp,加-u参数。
唯一麻烦的是udp也要配置iptables
from udpspeeder.
wangyu-
commented on August 18, 2024
1那理论上我tcp可以不通过kcptun吧,直接ssr的tcp走。
这个我也不清楚了,我只是知道一种方法可行。其他方法可不可行,不实验一下我也不知道。
2或者tcp必须走kcptun然后kcptun的tcp流量其实是打包成udp和speed的本身udp一起走的speed。
kcptun的流量打包成udp后不用走speeder。如果想走speeder也可以(如果想让kcptun的udp流量也走speeder你得开另一个speeder)。
from udpspeeder.
baggiogogo
commented on August 18, 2024
整个流程是这样的
服务端:ss-server -u
客户端:ss-redirA(tcp)-------->ss-server直连
ss-redirB -u (udp)---------->speeder C----------->speeder S---------->ss-server
不过这是基于我树莓派,路由固件的话,因为还涉及到DNS,处理不好也许会有麻烦。
iptables -t mangle -N SHADOWSOCKS
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A SHADOWSOCKS -p udp --dport 443 -j TPROXY --on-port 1081 --tproxy-mark 0x01/0x01
自家udp规则,也一并放这供参考提供思路。
from udpspeeder.
wangyu-
commented on August 18, 2024
1那理论上我tcp可以不通过kcptun吧,直接ssr的tcp走。
我有一个问题。如果你只启动一个ssr_client的话。你怎么让这个ssr_client的tcp端口连44.55.66.77:4443,而让udp连127.0.0.1:12345 ?
如果启两个ssr_client可行的话,你说的应该没问题。
from udpspeeder.
wangyu-
commented on August 18, 2024
@baggiogogo 看起来不错,我刚买了个树莓派,等有时间我也尝试一下。
有一个困难是,genics的ss-redir是路由器固件自带的,他自己不会配= =。所以我就推荐他把远程的tcp和udp同时中转到本地了。
from udpspeeder.
genics
commented on August 18, 2024
我自己配置也行,就是开两个ss-redir什么的操作,都是命令。。没有luci。还要解决自启动,要修改一个配置什么的很麻烦(比如切换服务器啥的) 对了还有个iptables的配置,确实是自己搞不定 :)
from udpspeeder.
baggiogogo
commented on August 18, 2024
嗯,路由器确实麻烦,原来树莓派我刷lede。,后来索性自己搞,灵活点。
from udpspeeder.
wangyu-
commented on August 18, 2024
@baggiogogo 哈哈我的情况也类似。不过我没完全抛弃openwrt,我让openwrt做最简单的事。其他的用自己的外挂脚本解决。
from udpspeeder.
baggiogogo
commented on August 18, 2024
@genics
先尝试@wangyu的方案吧,我这个备用,因为牵扯的东西多,命令行倒是简单,无非是找到文件所在位置,启动的话命令行丢到启动脚本就好,我担心的是你iptables搞不好,到时网页上不了。
from udpspeeder.
baggiogogo
commented on August 18, 2024
还有个办法,但我是瞎想的
就是把去向127.0.0.1:12345的udp重新定向(劫持)到x.x.x.x:speeder S的端口,但俺不是专业的,不知能否用iptables简单实现。
不,写反了,应该是把去向服务器的UDP劫持到127.0.0.1:12345(speeder C端口)
from udpspeeder.
baggiogogo
commented on August 18, 2024
好人做到底,试验了两个ss-redir的方法,实际是通连了,但不知是都因为是y2be的缘故还是mtu的缘故,最终y2be又走回tcp,我去找找ss怎么改mtu再说。
[2017-08-12 19:14:38][WARN]huge packet,data len=1405 (>1350).strongly suggested to set a smaller mtu at upper level,to get rid of this warn
[2017-08-12 19:14:38][INFO]new connection from 127.0.0.1:47256 ,created new udp fd 8
[2017-08-12 19:14:39][WARN]huge packet,data len=1405 (>1350).strongly suggested to set a smaller mtu at upper level,to get rid of this warn
[2017-08-12 19:14:39][WARN]huge packet,data len=1405 (>1350).strongly suggested to set a smaller mtu at upper level,to get rid of this warn
[2017-08-12 19:14:40][WARN]huge packet,data len=1405 (>1350).strongly suggested to set a smaller mtu at upper level,to get rid of this warn
[2017-08-12 19:14:41][WARN]huge packet,data len=1405 (>1350).strongly suggested to set a smaller mtu at upper level,to get rid of this warn
[2017-08-12 19:15:03][INFO]fd 8 cleared,assocated adress 127.0.0.1,47256
from udpspeeder.
wangyu-
commented on August 18, 2024
这个mtu应该在ss的上层改吧。就是走ss代理的那个udp程序,ss对udp本身就是转发,他没有分片这个过程。
kcptun承载的是tcp,tcp本身是个数据流,没有边界,所以kcptun有“分片”的问题。
==updated==
可能应该叫ss的“前端”,在ss的前端改。
from udpspeeder.
baggiogogo
commented on August 18, 2024
不知了,上层是y2be,如果不套speeder是可以出去的。如果是y2be的话就没法改了。
from udpspeeder.
baggiogogo
commented on August 18, 2024
如果是游戏这些应该没问题吧,我想。
from udpspeeder.
baggiogogo
commented on August 18, 2024
出去一会儿,环境已经搭建好了,可能目前大流量不是speeder的目标,如需试验请留言,回来我会继续。
from udpspeeder.
baggiogogo
commented on August 18, 2024
反馈一下,DNS是发出去了,使用了一段时间没有报错,我想游戏也该是没问题的。
因为没有游戏需求,其它想不出神马udp了。
[2017-08-13 01:37:38][INFO]new connection from 127.0.0.1:48182 ,created new udp fd 8
[2017-08-13 01:39:39][INFO]fd 8 cleared,assocated adress 127.0.0.1,48182
[2017-08-13 01:39:55][INFO]new connection from 127.0.0.1:48182 ,created new udp fd 8
[2017-08-13 01:40:24][INFO]fd 8 cleared,assocated adress 127.0.0.1,48182
[2017-08-13 01:40:36][INFO]new connection from 127.0.0.1:48182 ,created new udp fd 8
[2017-08-13 01:41:18][INFO]fd 8 cleared,assocated adress 127.0.0.1,48182
[2017-08-13 01:41:19][INFO]new connection from 127.0.0.1:48182 ,created new udp fd 8
[2017-08-13 01:41:39][INFO]fd 8 cleared,assocated adress 127.0.0.1,48182
[2017-08-13 01:42:00][INFO]new connection from 127.0.0.1:48182 ,created new udp fd 8
[2017-08-13 01:42:25][INFO]fd 8 cleared,assocated adress 127.0.0.1,48182
from udpspeeder.
wangyu-
commented on August 18, 2024
@baggiogogo 感谢!
from udpspeeder.
wangyu-
commented on August 18, 2024
这个问题在koolshare x86版lede上已经有了官方解决办法。
在koolshare的软件中心里安装UDPspeeder后,可以看到UDPspeeder加速SS游戏模式udp的简要操作手册。
from udpspeeder.
Related Issues (20)
- 原理确实比我牛逼多了,就是代码写的真jb烂
- 编译了一个优化版本 HOT 7
- Add the ability to not bind() and not connect(), at least on client mode. It's UDP anyway. HOT 6
- How to configure UDPspeeder for Wireguard? HOT 4
- How to use UDPspeeder HOT 2
- 本项目能否运行在Render或Replit项目中? HOT 1
- 请问下, 有啥法子能直接转发tcp的流量? HOT 1
- could you please add some systemd auto run script? HOT 1
- Multiplexing function suggestion HOT 8
- max_conv_num max number HOT 1
- OpenVPN connection is established correctly over multi client configuration, but no ping HOT 1
- :error: -r not found" pls help me thx HOT 2
- Keep using old ipv6 address when preferred lifetime already out date HOT 4
- Udpspeeder with Shadowsocks or Socks5 possible? HOT 3
- Incomplete transfer when testing speeder using netcat HOT 7
- 用的教程里的虚拟机,如何配置开机自启? HOT 2
- When the host IP changes while running, the connection cannot be recovered automatically. HOT 2
- 是否支持UDP组播multicast
- 请问这个可以在安卓和iOS 平台集成吗? 对特定udp端口数据加速
- Add multi core support HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from udpspeeder.