Comments (81)
这个应该没那么麻烦的,tcp部分不用管,重新开个ss进程专门处理udp。只开一个进程的话,都是指向服务器,udp无法指向本地speeder。
from udpspeeder.
晕,我lede是x64的, x86的貌似用不了,老大帮忙看看。
root@LEDE-X64:# speeder# ./speeder
/usr/bin/speeder: line 1: syntax error: unexpected "("
root@LEDE-X64:
-ash: ./speeder: not found
root@LEDE-X64:~# speeder -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd"
/usr/bin/speeder: line 1: syntax error: unexpected "("
from udpspeeder.
用amd64版试试?你说的这个lede是什么型号?
from udpspeeder.
amd64可以了。:)
是http://firmware.koolshare.cn/LEDE_X64_fw867/ 这个lede。
from udpspeeder.
还是有问题。服务器那边是运行起来了。
root@LEDE-X64:~# speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd"
Segmentation fault
from udpspeeder.
也许你得自己编译一下了。
可以先用电脑试试。
from udpspeeder.
你应该是在lede上给其他设备做了透明代理吧?
可以在电脑用vmware上开个桥接模式的虚拟机,让lede上的ss-local或者ss-redir连到虚拟机里的speeder监听的端口。
==update==
多提供点关于你环境的信息吧。 游戏运行在windows上还是主机上?用什么方式做的代理?你的lede上的ss是怎么编译出来的?
from udpspeeder.
是有透明代理。也就是我虚拟机上得运行一个ss 和speed客户端, 本地和服务器是通过speed链接。 虚拟机和lede是通过ss链接,对吧?
from udpspeeder.
你的游戏运行在哪? 代理是用socks5还是透明代理?你的这个lede是做本地的路由器还是远程的服务器?
详细说一下,然后我告诉你最简单的方案。
from udpspeeder.
我游戏运行在ps4上。代理是透明代理,(路由ssr翻墙,开的gfw模式,默认udp不转发)我这个lede是本地路由器(直接拨号)
from udpspeeder.
假设远程服务器ip是44.55.66.77,ssr监听在443。
在远程服务器运行个speeder server, -l0.0.0.0:8888 -r127.0.0.1:443,
在windows上开个桥接模式的虚拟机,假设获得的ip是192.168.1.100. 运行speeer client, -l0.0.0.0:9999 -r44.55.66.77:8888
然后在路由器上更改ssr的设置,把ssr的服务器地址从44.55.66.77:443改成192.168.1.100:9999,就可以了。
ssr_client(在路由器上)----->speederclient(在虚拟机上)---->speeder_server(在远程服务器上)---->ssr_server(在远程服务器上)
from udpspeeder.
好的,我理解对了,试试
from udpspeeder.
但是有个问题是,默认ss是不转发udp的,我是不是需要打开lede的ss的游戏模式?从而让udp也能通过vps转发?
from udpspeeder.
这个我也不清楚呀 = =。你这个透明代理不是ss-dir这种标准模式,是路由器的固件自己做的,就像个黑盒,我也不知道里面有什么。
但是udp模式是一定要想办法打开的。
from udpspeeder.
好,我先测试测试。
from udpspeeder.
给speeder client和server加上参数--report 10,观察是否有数据包流过,如果有大量的包流过,就说明udp的流量被中转了。
from udpspeeder.
我想到一个问题。你从虚拟机访问44.55.66.77的流量也会被透明代理,会造成环路。
需要配置路由器,让虚拟机的流量不走代理。如果配不了,得研究下路由器的iptables,然后自己加一条规则。
from udpspeeder.
有点搞不定了,太复杂了:( 虚拟机我到是装好了。 iptables太难。
from udpspeeder.
那自己编译吧。如果路由器能本地运行speeder就没这个问题了。
from udpspeeder.
从来没有编译过,现在遇到如下问题aarch64-openwrt-linux-g++: warning: environment variable 'STAGING_DIR' not defined
from udpspeeder.
这个warning: environment variable 'STAGING_DIR' not defined可以忽略,我这边也有,而且是很多条。
这要编译出了binary就可以。
from udpspeeder.
生成了一个speeder-cross文件,是这个吧?600多kb
from udpspeeder.
对
from udpspeeder.
运行显示这些错误。。
root@LEDE-X64:/usr/bin# speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd"
: no such fileer_amd64: line 2: can't open KQL+I�%49.JN=60
/usr/bin/speeder_amd64: line 2:ELF����?.@@. not found
/usr/bin/speeder_amd64: line 2: y
�R�.�: not found �J���ii
/usr/bin/speeder_amd64: line 3: syntax error: unexpected "("
root@LEDE-X64:/usr/bin# /usr/bin/speeder_amd64: line 2: 3BH�5�������
: not found
/usr/bin/speeder_amd64: line 2: @8@22064�@@@@@..��??@?@����@@l??��P??P?? not found
还那么多乱码。。
from udpspeeder.
一般编译出的binary跟实际运行环境的cpu不符才这样。
from udpspeeder.
好,我再研究下
from udpspeeder.
你的文件名为什么不是speeder_cross?自己改的吗
也许你下载的编译环境的gcc是32位,而你的64位lede上没装兼容32位的库。
from udpspeeder.
嗯,名字是编译好的speeder_cross 改成speeder_amd64 的。
我下载的sdk是这个https://downloads.lede-project.org/snapshots/targets/arm64/generic/lede-sdk-arm64_gcc-5.4.0_musl.Linux-x86_64.tar.xz
看上去就是64的啊。
from udpspeeder.
从名字上看, 这个包应该是在linux-x86_64的环境编译,编译好了生成arm64的binary。
用错了。
from udpspeeder.
。。。。。。。。我眼看花了,把arm64看成amd64,等下重新编译~
from udpspeeder.
终于成功了,
root@LEDE-X64:/usr/bin# speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd"
[2017-08-12 13:27:47][INFO]argc=8 speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k passwd
from udpspeeder.
恭喜,剩下的就是研究下路由器固件哪个模式能代理udp了。
from udpspeeder.
root@LEDE-X64:/usr/bin# speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd" --report 10
[2017-08-12 14:21:20][INFO]argc=10 speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k passwd --report 10
[2017-08-12 14:21:20][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:21:30][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:21:41][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:21:51][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:22:01][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:22:12][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
[2017-08-12 14:22:22][INFO]client-->server: 0,0(include dup); server-->client 0,0(include dup)
老大,两边都没流量,是不是防火墙的锅?
设置如下
客户端 speeder_amd64 -l0.0.0.0:3333 -r 118.193.241.124:8855 -c -d2 -k "passwd" --report 10
服务器端 speeder_amd64 -l0.0.0.0:8855 -r127.0.0.1:11981 -s -d2 -k "passwd" --report 10
客户端ssr设置是 相同的加密,协议 地址是127.0.0.1:3333
from udpspeeder.
应该是的,你把iptables-save的输出给我,我看一下。
from udpspeeder.
谷歌了一下下没弄懂, iptables-save 没有任何输出啊
是需要服务器端还是lede的?
from udpspeeder.
是在lede。没有提示找不到命令,但就是没有输出?
from udpspeeder.
root@LEDE-X64:/usr/bin# iptables-save
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:48:34 2017
*nat
:PREROUTING ACCEPT [87:20819]
:INPUT ACCEPT [20:2242]
:OUTPUT ACCEPT [125:9831]
:POSTROUTING ACCEPT [34:2678]
:KOOLPROXY - [0:0]
:KOOLPROXY_ADB - [0:0]
:KOOLPROXY_GLO - [0:0]
:KOOLPROXY_HTTPS_ADB - [0:0]
:KOOLPROXY_HTTPS_GLO - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:SHADOWSOCKS - [0:0]
:SHADOWSOCKS_CHN - [0:0]
:SHADOWSOCKS_GAM - [0:0]
:SHADOWSOCKS_GFW - [0:0]
:SHADOWSOCKS_GLO - [0:0]
:SHADOWSOCKS_HOME - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: user chain for prerouting" -j prerouting_rule
-A PREROUTING -p tcp -j SHADOWSOCKS
-A PREROUTING -p tcp -j KOOLPROXY
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.1
-A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 1080
-A POSTROUTING -m comment --comment "!fw3: user chain for postrouting" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A KOOLPROXY -d 0.0.0.0/8 -j RETURN
-A KOOLPROXY -d 10.0.0.0/8 -j RETURN
-A KOOLPROXY -d 127.0.0.0/8 -j RETURN
-A KOOLPROXY -d 169.254.0.0/16 -j RETURN
-A KOOLPROXY -d 172.16.0.0/12 -j RETURN
-A KOOLPROXY -d 192.168.0.0/16 -j RETURN
-A KOOLPROXY -d 224.0.0.0/4 -j RETURN
-A KOOLPROXY -d 240.0.0.0/4 -j RETURN
-A KOOLPROXY -p tcp -j KOOLPROXY_GLO
-A KOOLPROXY_ADB -p tcp -m tcp --dport 80 -m set --match-set adblock dst -j REDIRECT --to-ports 3000
-A KOOLPROXY_GLO -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3000
-A KOOLPROXY_HTTPS_ADB -p tcp -m multiport --dports 80,443 -m set --match-set adblock dst -j REDIRECT --to-ports 3000
-A KOOLPROXY_HTTPS_GLO -p tcp -m multiport --dports 80,443 -j REDIRECT --to-ports 3000
-A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
-A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
-A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
-A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 127.0.0.1/32 -j RETURN
-A SHADOWSOCKS -j SHADOWSOCKS_GFW
-A SHADOWSOCKS_CHN -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_CHN -p tcp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GAM -p tcp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GFW -p tcp -m set --match-set gfwlist dst -m set ! --match-set cdn dst -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GLO -p tcp -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_HOME -p tcp -m geoip --destination-country CN -j REDIRECT --to-ports 1080
-A zone_lan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: DSM 80 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 5000 -m comment --comment "!fw3: DSM 5000 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.14/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.14/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.15/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.15/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Forward8888 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Forward8888 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80 (reflection)" -j DNAT --to-destination 192.168.1.12:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80 (reflection)" -j DNAT --to-destination 192.168.1.12:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000 (reflection)" -j DNAT --to-destination 192.168.1.12:5000
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000 (reflection)" -j DNAT --to-destination 192.168.1.12:5000
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j DNAT --to-destination 192.168.1.12:6999
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j DNAT --to-destination 192.168.1.12:6999
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80" -j DNAT --to-destination 192.168.1.12:80
-A zone_wan_prerouting -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000" -j DNAT --to-destination 192.168.1.12:5000
-A zone_wan_prerouting -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234" -j DNAT --to-destination 192.168.1.14:1234
-A zone_wan_prerouting -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234" -j DNAT --to-destination 192.168.1.14:1234
-A zone_wan_prerouting -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235" -j DNAT --to-destination 192.168.1.15:1235
-A zone_wan_prerouting -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235" -j DNAT --to-destination 192.168.1.15:1235
-A zone_wan_prerouting -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800" -j DNAT --to-destination 192.168.1.12:6800
-A zone_wan_prerouting -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800" -j DNAT --to-destination 192.168.1.12:6800
-A zone_wan_prerouting -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt" -j DNAT --to-destination 192.168.1.12:6999
COMMIT
# Completed on Sat Aug 12 14:48:34 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:48:34 2017
*raw
:PREROUTING ACCEPT [16482:15864902]
:OUTPUT ACCEPT [713:251108]
COMMIT
# Completed on Sat Aug 12 14:48:34 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:48:34 2017
*mangle
:PREROUTING ACCEPT [16458:15856130]
:INPUT ACCEPT [639:130084]
:FORWARD ACCEPT [15816:15721397]
:OUTPUT ACCEPT [701:250317]
:POSTROUTING ACCEPT [16489:15970632]
:SHADOWSOCKS - [0:0]
:SHADOWSOCKS_GAM - [0:0]
-A PREROUTING -p udp -j SHADOWSOCKS
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-wan2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
-A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
-A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
-A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
-A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 127.0.0.1/32 -j RETURN
-A SHADOWSOCKS_GAM -p udp -m set --match-set gfwlist dst -j TPROXY --on-port 1080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A SHADOWSOCKS_GAM -p udp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j TPROXY --on-port 1080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
COMMIT
# Completed on Sat Aug 12 14:48:34 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:48:34 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: user chain for input" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: user chain for forwarding" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: user chain for output" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: forwarding lan -> wan" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: user chain for input" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: user chain for output" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-wan2 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: user chain for input" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8855 -m comment --comment "!fw3: Open3333" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 8855 -m comment --comment "!fw3: Open3333" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: user chain for output" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-wan2 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sat Aug 12 14:48:34 2017
好了~
from udpspeeder.
8855端口是我在luci下后来打开的
from udpspeeder.
好长。你再暂时把路由器设置成不走speeder。然后iptables-save我对比一下。
貌似你不走speeder的时候路由器会对的你服务器ip添加例外,现在走了speeder因为speeder在本地,你的路由器不知道服务器的ip,所以没添加例外造成的。
from udpspeeder.
确实他这个固件的ssr有很多模式,iptables很复杂,我还有mwan3多线共用,所以长。这是改回我默认能工作的ssr服务器后的输出。估计变化不大。
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:59:22 2017
*nat
:PREROUTING ACCEPT [26:7721]
:INPUT ACCEPT [1:76]
:OUTPUT ACCEPT [57:4481]
:POSTROUTING ACCEPT [23:1893]
:KOOLPROXY - [0:0]
:KOOLPROXY_ADB - [0:0]
:KOOLPROXY_GLO - [0:0]
:KOOLPROXY_HTTPS_ADB - [0:0]
:KOOLPROXY_HTTPS_GLO - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:SHADOWSOCKS - [0:0]
:SHADOWSOCKS_CHN - [0:0]
:SHADOWSOCKS_GAM - [0:0]
:SHADOWSOCKS_GFW - [0:0]
:SHADOWSOCKS_GLO - [0:0]
:SHADOWSOCKS_HOME - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: user chain for prerouting" -j prerouting_rule
-A PREROUTING -p tcp -j SHADOWSOCKS
-A PREROUTING -p tcp -j KOOLPROXY
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.1
-A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 1080
-A POSTROUTING -m comment --comment "!fw3: user chain for postrouting" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A KOOLPROXY -d 0.0.0.0/8 -j RETURN
-A KOOLPROXY -d 10.0.0.0/8 -j RETURN
-A KOOLPROXY -d 127.0.0.0/8 -j RETURN
-A KOOLPROXY -d 169.254.0.0/16 -j RETURN
-A KOOLPROXY -d 172.16.0.0/12 -j RETURN
-A KOOLPROXY -d 192.168.0.0/16 -j RETURN
-A KOOLPROXY -d 224.0.0.0/4 -j RETURN
-A KOOLPROXY -d 240.0.0.0/4 -j RETURN
-A KOOLPROXY -p tcp -j KOOLPROXY_GLO
-A KOOLPROXY_ADB -p tcp -m tcp --dport 80 -m set --match-set adblock dst -j REDIRECT --to-ports 3000
-A KOOLPROXY_GLO -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3000
-A KOOLPROXY_HTTPS_ADB -p tcp -m multiport --dports 80,443 -m set --match-set adblock dst -j REDIRECT --to-ports 3000
-A KOOLPROXY_HTTPS_GLO -p tcp -m multiport --dports 80,443 -j REDIRECT --to-ports 3000
-A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
-A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
-A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
-A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 118.193.241.124/32 -j RETURN
-A SHADOWSOCKS -j SHADOWSOCKS_GFW
-A SHADOWSOCKS_CHN -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_CHN -p tcp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GAM -p tcp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GFW -p tcp -m set --match-set gfwlist dst -m set ! --match-set cdn dst -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_GLO -p tcp -j REDIRECT --to-ports 1080
-A SHADOWSOCKS_HOME -p tcp -m geoip --destination-country CN -j REDIRECT --to-ports 1080
-A zone_lan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: DSM 80 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 5000 -m comment --comment "!fw3: DSM 5000 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.14/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.14/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.15/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.15/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Forward8888 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Forward8888 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.12/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80 (reflection)" -j DNAT --to-destination 192.168.1.12:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80 (reflection)" -j DNAT --to-destination 192.168.1.12:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000 (reflection)" -j DNAT --to-destination 192.168.1.12:5000
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000 (reflection)" -j DNAT --to-destination 192.168.1.12:5000
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234 (reflection)" -j DNAT --to-destination 192.168.1.14:1234
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235 (reflection)" -j DNAT --to-destination 192.168.1.15:1235
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800 (reflection)" -j DNAT --to-destination 192.168.1.12:6800
-A zone_lan_prerouting -s 192.168.1.0/24 -d 125.71.134.54/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j DNAT --to-destination 192.168.1.12:6999
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.170.216.68/32 -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt (reflection)" -j DNAT --to-destination 192.168.1.12:6999
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 88 -m comment --comment "!fw3: DSM 80" -j DNAT --to-destination 192.168.1.12:80
-A zone_wan_prerouting -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: DSM 5000" -j DNAT --to-destination 192.168.1.12:5000
-A zone_wan_prerouting -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: Forward1234" -j DNAT --to-destination 192.168.1.14:1234
-A zone_wan_prerouting -p udp -m udp --dport 1234 -m comment --comment "!fw3: Forward1234" -j DNAT --to-destination 192.168.1.14:1234
-A zone_wan_prerouting -p tcp -m tcp --dport 1235 -m comment --comment "!fw3: Forward1235" -j DNAT --to-destination 192.168.1.15:1235
-A zone_wan_prerouting -p udp -m udp --dport 1235 -m comment --comment "!fw3: Forward1235" -j DNAT --to-destination 192.168.1.15:1235
-A zone_wan_prerouting -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Forward8888" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p udp -m udp --dport 8888 -m comment --comment "!fw3: Forward8888" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: Forward6800" -j DNAT --to-destination 192.168.1.12:6800
-A zone_wan_prerouting -p udp -m udp --dport 6800 -m comment --comment "!fw3: Forward6800" -j DNAT --to-destination 192.168.1.12:6800
-A zone_wan_prerouting -p udp -m udp --dport 6999 -m comment --comment "!fw3: DSM bt" -j DNAT --to-destination 192.168.1.12:6999
COMMIT
# Completed on Sat Aug 12 14:59:22 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:59:22 2017
*raw
:PREROUTING ACCEPT [3323:2923480]
:OUTPUT ACCEPT [566:204652]
COMMIT
# Completed on Sat Aug 12 14:59:22 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:59:22 2017
*mangle
:PREROUTING ACCEPT [3297:2923386]
:INPUT ACCEPT [448:43156]
:FORWARD ACCEPT [2849:2880230]
:OUTPUT ACCEPT [536:193355]
:POSTROUTING ACCEPT [3381:3073425]
:SHADOWSOCKS - [0:0]
:SHADOWSOCKS_GAM - [0:0]
-A PREROUTING -p udp -j SHADOWSOCKS
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-wan2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
-A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
-A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
-A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
-A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
-A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
-A SHADOWSOCKS -d 118.193.241.124/32 -j RETURN
-A SHADOWSOCKS_GAM -p udp -m set --match-set gfwlist dst -j TPROXY --on-port 1080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A SHADOWSOCKS_GAM -p udp -m set ! --match-set cdn dst -m geoip ! --destination-country CN -j TPROXY --on-port 1080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
COMMIT
# Completed on Sat Aug 12 14:59:22 2017
# Generated by iptables-save v1.6.1 on Sat Aug 12 14:59:22 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: user chain for input" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: user chain for forwarding" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: user chain for output" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-wan2 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: forwarding lan -> wan" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: user chain for input" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: user chain for output" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-wan2 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: user chain for input" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8855 -m comment --comment "!fw3: Open3333" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 8855 -m comment --comment "!fw3: Open3333" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: user chain for output" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-wan2 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sat Aug 12 14:59:22 2017
from udpspeeder.
你把路由器重新设置成走speeder,所有都好了以后,然后执行:
iptables -t nat -I SHADOWSOCKS -d 118.193.241.124/32 -j RETURN
估计就可以了。
from udpspeeder.
不好意思,漏了一条,还需要执行
iptables -t mangle -I SHADOWSOCKS -d 118.193.241.124/32 -j RETURN
from udpspeeder.
两条都加了,还是不行,没流量,防火墙重启的话就没这两条了,不重启iptables的情况下还是不行。。。。
from udpspeeder.
你有没有用kcptun代理了ss的tcp端口到本地?
Kcptun要和speeder一起用。kcptun代理ss的tcp端口,speeder代理udp端口。
代理udp端口也需要那个tcp开着,socks5需要先连上tcp去通知一下,然后udp的tunnel才能建立。
from udpspeeder.
从你之前的输出看,不是speeder client和server不通,是你的路由器没连到speeder。
如果连上了,不管speeder client和server通不通,都会有这种输出:
[2017-08-12 15:24:19][INFO][main.cpp,func:event_loop,line:754]new connection from 127.0.0.1:46697 ,created new udp fd 8
``
from udpspeeder.
没有,这个固件有kcptun加速ssr的模式,但是我现在没用,以前用过。
必须打开kcptun吗?
from udpspeeder.
必须同时中转ssr的tcp端口和udp端口,才能用ssr代理udp。
之前我可能理解错了,我以为你已经把kcptun的中转做好了,只是不能加速udp。
from udpspeeder.
ss_client的udp端口----->speeder_client----->speeder_server---->ss_server的udp端口
ss_client的tcp端口----->kcptun_client----->kcptun_server---->ss_server的tcp端口
from udpspeeder.
现在你用speed把远程ss的udp端口中转到了本地。但是你远程ss的tcp端口还在远程,所以就连不上了。
socks5不管代理tcp还是udp都得用tcp握手一下。
from udpspeeder.
不用kcptun也行,但是必须得想办法把远程的tcp端口(和udp的端口号相同)中转到本地。
如果你的lede环境有ncat,只要在lede执行下面的命令(server不用管):
ncat --sh-exec "ncat 118.193.241.124 服务器ss端口" -l 本地端口 --keep-open
但是这个东西一般都得单独装
from udpspeeder.
我现在把kcptun中转ssr打开了,youtube什么的都工作正常,问题是,如何让udp走这个127.0.0.1的3333端口呢?(这个lede的luci只能开一个kcptun,并且链接一个ssr服务器) 有点晕。
等于speed只转发了udp包,tcp包还在远程,没有转发是吧?
from udpspeeder.
openwrt我看了下没有ncat。。。。
from udpspeeder.
我现在把kcptun中转ssr打开了,youtube什么的都工作正常,问题是,如何让udp走这个127.0.0.1的3333端口呢?(这个lede的luci只能开一个kcptun,并且链接一个ssr服务器) 有点晕。
确实有点晕,因为现在kcptun中转ssr这个过程是路由器固件实现的,过程不透明,路由器固件也没考虑到有人要在中间串联个udp加速器,要想在上面打补丁很麻烦。
我建你不用路由器自己的kcptun中转ssr功能。 自己用kcptun_client和speeder把隧道做好,把远程ss的tcp和udp端口都中转到本地。然后把ssr的ip填本机。再用我给你的那两条iptables.
等于speed只转发了udp包,tcp包还在远程,没有转发是吧?
是的,没有tcp包做握手,udp是代理不起来的。
from udpspeeder.
https://github.com/wangyu-/udp2raw-tunnel/issues/1
这个issue里,baggiogogo他做的透明代理就是完全自己用ss-redir kcptun实现的。
你可以用我刚才说的方法尝试一下。 如果还是不行,可以尝试像baggiogogo一样手工搭建透明代理,了解一些原理,慢慢来。自己搭出来的可以随意扩展,不用想尽办法在路由器固件上打补丁。
from udpspeeder.
好的,谢谢,我先看看
from udpspeeder.
openwrt上有ncat的。
opkg update
opkg install ncat
如果还是不行,下载后手动安装(这个是我的mips CPU的,你的lede我也不知道在哪里= =):
https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/packages/ncat_6.47-2_ar71xx.ipk
from udpspeeder.
我这边路由器已经装过了
[root@tplink-wdr4310:~]
$ ncat -h
Ncat 6.47 ( http://nmap.org/ncat )
Usage: ncat [options] [hostname] [port]
Options taking a time assume seconds. Append 'ms' for milliseconds,
's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms).
-4 Use IPv4 only
-6 Use IPv6 only
-U, --unixsock Use Unix domain sockets only
-C, --crlf Use CRLF for EOL sequence
-c, --sh-exec <command> Executes the given command via /bin/sh
-e, --exec <command> Executes the given command
-g hop1[,hop2,...] Loose source routing hop points (8 max)
-G <n> Loose source routing hop pointer (4, 8, 12, ...)
-m, --max-conns <n> Maximum <n> simultaneous connections
-h, --help Display this help screen
-d, --delay <time> Wait between read/writes
-o, --output <filename> Dump session data to a file
-x, --hex-dump <filename> Dump session data as hex to a file
-i, --idle-timeout <time> Idle read/write timeout
-p, --source-port port Specify source port to use
-s, --source addr Specify source address to use (doesn't affect -l)
-l, --listen Bind and listen for incoming connections
-k, --keep-open Accept multiple connections in listen mode
-n, --nodns Do not resolve hostnames via DNS
-t, --telnet Answer Telnet negotiations
-u, --udp Use UDP instead of default TCP
--sctp Use SCTP instead of default TCP
-v, --verbose Set verbosity level (can be used several times)
-w, --wait <time> Connect timeout
--append-output Append rather than clobber specified output files
--send-only Only send data, ignoring received; quit on EOF
--recv-only Only receive data, never send anything
--allow Allow only given hosts to connect to Ncat
--allowfile A file of hosts allowed to connect to Ncat
--deny Deny given hosts from connecting to Ncat
--denyfile A file of hosts denied from connecting to Ncat
--broker Enable Ncat's connection brokering mode
--chat Start a simple Ncat chat server
--proxy <addr[:port]> Specify address of host to proxy through
--proxy-type <type> Specify proxy type ("http" or "socks4" or "socks5")
--proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server
--version Display Ncat's version information and exit
See the ncat(1) manpage for full options, descriptions and usage examples
from udpspeeder.
@baggiogogo 这个好像不行吧。socks5协议的tcp和udp要互相配合才能代理udp的。 如果sock5的tcp端口在本地,udp端口在远程。貌似就不能用了。 可以实验一下,我也不确定。
哦,不对,我觉得我好像想错了,试试吧。
from udpspeeder.
这个图里的方案我验证过,如果按照这个来,把sserver的tcp和udp端口同时中转到本地,肯定是可以正常工作的。
但是像@baggiogogo说的开个单独的ss处理udp,能不能工作,我就不确定了。
还有如果只中转udp不中转tcp,能不能代理udp,我也不确定了,得看一下SS的实现。
====update====
给图片添加了点信息。 图里的方案是把用kcptun把远程ssserver的tcp443中转到本地的tcp12345,用speeder把远程ssserver的udp443中转到本地的udp12345,然后ssserver就相当于运行在本地127.0.0.1:12345了。然后让路由器的ssclient连本的127.0.0.1:12345 。
from udpspeeder.
把openwrt的lede装到lede了,不能运行。。算了,放弃这个方法
root@LEDE-X64:/tmp# opkg install ncat_6.47-2_x86_64.ipk
Installing ncat (6.47-2) to root...
Configuring ncat.
root@LEDE-X64:/tmp# cd
root@LEDE-X64:~# ncat
-ash: ncat: not found
from udpspeeder.
这个本地的kcptun和speeder监听的端口必须一样吗?只是一个tcp一个udp?
from udpspeeder.
这个本地的kcptun和speeder监听的端口必须一样吗?
如果按这个来肯定没问题,我测试过的。
只是一个tcp一个udp?
是的,相同端口号,一个tcp一个udp。
from udpspeeder.
1那理论上我tcp可以不通过kcptun吧,直接ssr的tcp走。
2或者tcp必须走kcptun然后kcptun的tcp流量其实是打包成udp和speed的本身udp一起走的speed。
1对还是2对呢?
from udpspeeder.
肯定可以的,用ss-redir,quic、udp443,我一直那么抛出去的。服务器开一个ss-server就可以,加-u。
客户端ss-redirA监听1080处理tcp
客户端ss-redirB监听1081处理udp,加-u参数。
唯一麻烦的是udp也要配置iptables
from udpspeeder.
1那理论上我tcp可以不通过kcptun吧,直接ssr的tcp走。
这个我也不清楚了,我只是知道一种方法可行。其他方法可不可行,不实验一下我也不知道。
2或者tcp必须走kcptun然后kcptun的tcp流量其实是打包成udp和speed的本身udp一起走的speed。
kcptun的流量打包成udp后不用走speeder。如果想走speeder也可以(如果想让kcptun的udp流量也走speeder你得开另一个speeder)。
from udpspeeder.
整个流程是这样的
服务端:ss-server -u
客户端:ss-redirA(tcp)-------->ss-server直连
ss-redirB -u (udp)---------->speeder C----------->speeder S---------->ss-server
不过这是基于我树莓派,路由固件的话,因为还涉及到DNS,处理不好也许会有麻烦。
iptables -t mangle -N SHADOWSOCKS
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A SHADOWSOCKS -p udp --dport 443 -j TPROXY --on-port 1081 --tproxy-mark 0x01/0x01
自家udp规则,也一并放这供参考提供思路。
from udpspeeder.
1那理论上我tcp可以不通过kcptun吧,直接ssr的tcp走。
我有一个问题。如果你只启动一个ssr_client的话。你怎么让这个ssr_client的tcp端口连44.55.66.77:4443,而让udp连127.0.0.1:12345 ?
如果启两个ssr_client可行的话,你说的应该没问题。
from udpspeeder.
@baggiogogo 看起来不错,我刚买了个树莓派,等有时间我也尝试一下。
有一个困难是,genics的ss-redir是路由器固件自带的,他自己不会配= =。所以我就推荐他把远程的tcp和udp同时中转到本地了。
from udpspeeder.
我自己配置也行,就是开两个ss-redir什么的操作,都是命令。。没有luci。还要解决自启动,要修改一个配置什么的很麻烦(比如切换服务器啥的) 对了还有个iptables的配置,确实是自己搞不定 :)
from udpspeeder.
嗯,路由器确实麻烦,原来树莓派我刷lede。,后来索性自己搞,灵活点。
from udpspeeder.
@baggiogogo 哈哈我的情况也类似。不过我没完全抛弃openwrt,我让openwrt做最简单的事。其他的用自己的外挂脚本解决。
from udpspeeder.
@genics
先尝试@wangyu的方案吧,我这个备用,因为牵扯的东西多,命令行倒是简单,无非是找到文件所在位置,启动的话命令行丢到启动脚本就好,我担心的是你iptables搞不好,到时网页上不了。
from udpspeeder.
还有个办法,但我是瞎想的
就是把去向127.0.0.1:12345的udp重新定向(劫持)到x.x.x.x:speeder S的端口,但俺不是专业的,不知能否用iptables简单实现。
不,写反了,应该是把去向服务器的UDP劫持到127.0.0.1:12345(speeder C端口)
from udpspeeder.
好人做到底,试验了两个ss-redir的方法,实际是通连了,但不知是都因为是y2be的缘故还是mtu的缘故,最终y2be又走回tcp,我去找找ss怎么改mtu再说。
[2017-08-12 19:14:38][WARN]huge packet,data len=1405 (>1350).strongly suggested to set a smaller mtu at upper level,to get rid of this warn
[2017-08-12 19:14:38][INFO]new connection from 127.0.0.1:47256 ,created new udp fd 8
[2017-08-12 19:14:39][WARN]huge packet,data len=1405 (>1350).strongly suggested to set a smaller mtu at upper level,to get rid of this warn
[2017-08-12 19:14:39][WARN]huge packet,data len=1405 (>1350).strongly suggested to set a smaller mtu at upper level,to get rid of this warn
[2017-08-12 19:14:40][WARN]huge packet,data len=1405 (>1350).strongly suggested to set a smaller mtu at upper level,to get rid of this warn
[2017-08-12 19:14:41][WARN]huge packet,data len=1405 (>1350).strongly suggested to set a smaller mtu at upper level,to get rid of this warn
[2017-08-12 19:15:03][INFO]fd 8 cleared,assocated adress 127.0.0.1,47256
from udpspeeder.
这个mtu应该在ss的上层改吧。就是走ss代理的那个udp程序,ss对udp本身就是转发,他没有分片这个过程。
kcptun承载的是tcp,tcp本身是个数据流,没有边界,所以kcptun有“分片”的问题。
==updated==
可能应该叫ss的“前端”,在ss的前端改。
from udpspeeder.
不知了,上层是y2be,如果不套speeder是可以出去的。如果是y2be的话就没法改了。
from udpspeeder.
如果是游戏这些应该没问题吧,我想。
from udpspeeder.
出去一会儿,环境已经搭建好了,可能目前大流量不是speeder的目标,如需试验请留言,回来我会继续。
from udpspeeder.
反馈一下,DNS是发出去了,使用了一段时间没有报错,我想游戏也该是没问题的。
因为没有游戏需求,其它想不出神马udp了。
[2017-08-13 01:37:38][INFO]new connection from 127.0.0.1:48182 ,created new udp fd 8
[2017-08-13 01:39:39][INFO]fd 8 cleared,assocated adress 127.0.0.1,48182
[2017-08-13 01:39:55][INFO]new connection from 127.0.0.1:48182 ,created new udp fd 8
[2017-08-13 01:40:24][INFO]fd 8 cleared,assocated adress 127.0.0.1,48182
[2017-08-13 01:40:36][INFO]new connection from 127.0.0.1:48182 ,created new udp fd 8
[2017-08-13 01:41:18][INFO]fd 8 cleared,assocated adress 127.0.0.1,48182
[2017-08-13 01:41:19][INFO]new connection from 127.0.0.1:48182 ,created new udp fd 8
[2017-08-13 01:41:39][INFO]fd 8 cleared,assocated adress 127.0.0.1,48182
[2017-08-13 01:42:00][INFO]new connection from 127.0.0.1:48182 ,created new udp fd 8
[2017-08-13 01:42:25][INFO]fd 8 cleared,assocated adress 127.0.0.1,48182
from udpspeeder.
@baggiogogo 感谢!
from udpspeeder.
这个问题在koolshare x86版lede上已经有了官方解决办法。
在koolshare的软件中心里安装UDPspeeder后,可以看到UDPspeeder加速SS游戏模式udp的简要操作手册
。
from udpspeeder.
Related Issues (20)
- 原理确实比我牛逼多了,就是代码写的真jb烂
- 编译了一个优化版本 HOT 7
- Add the ability to not bind() and not connect(), at least on client mode. It's UDP anyway. HOT 6
- How to configure UDPspeeder for Wireguard? HOT 4
- How to use UDPspeeder HOT 2
- 本项目能否运行在Render或Replit项目中? HOT 1
- 请问下, 有啥法子能直接转发tcp的流量? HOT 1
- could you please add some systemd auto run script? HOT 1
- Multiplexing function suggestion HOT 8
- max_conv_num max number HOT 1
- OpenVPN connection is established correctly over multi client configuration, but no ping HOT 1
- :error: -r not found" pls help me thx HOT 2
- Keep using old ipv6 address when preferred lifetime already out date HOT 4
- Udpspeeder with Shadowsocks or Socks5 possible? HOT 3
- Incomplete transfer when testing speeder using netcat HOT 7
- 用的教程里的虚拟机,如何配置开机自启? HOT 2
- When the host IP changes while running, the connection cannot be recovered automatically. HOT 2
- 是否支持UDP组播multicast
- 请问这个可以在安卓和iOS 平台集成吗? 对特定udp端口数据加速
- Add multi core support HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from udpspeeder.