Raspberry Pi 3 Model B+ 配置AP全局代理

By minirplus on 2019-04-21 in Raspberry Pi

环境

Raspbian Stretch
SSR配置完成
hostapd配置完成
Raspberry无线AP路由模式配置完成

目标

所有通过AP热点连接的设备自动代理

配置redsocks

安装

1	apt install -y redsocks

redsocks配置

1	nano /etc/redsocks.conf

删除redsocks、redudp 和 dnstc 区块，并写入

redsocks {

local_ip = 0.0.0.0;

local_port = 12345;

ip = 127.0.0.1;

port = 1080;

type = socks5;

}

重启

1	service redsocks restart

检查运行状态

1	service redsocks status

配置iptables

增加TCP规则

# 新建规则链

sudo iptables -t nat -N SHADOWSOCKS

# 忽略节点域名

sudo iptables -t nat -A SHADOWSOCKS -d lts.minirplus.com -j RETURN

# 忽略局域网地址

sudo iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN

sudo iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN

sudo iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN

sudo iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN

sudo iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN

sudo iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN

sudo iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN

sudo iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

# 流量转发到redsocks

sudo iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345

sudo iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS

sudo iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS

查看已有的防火墙NAT规则

1	iptables -t nat -L --line-number

删除NAT规则方法

1	iptables -t nat -D PREROUTING 2

配置DNS Over HTTPS

安装Cloudflared

下载地址：https://developers.cloudflare.com/argo-tunnel/downloads/

下载ARM V6二进制文件

放入./cloudflare，修改权限744

测试

1	./cloudflare/cloudflared --version

测试运行

1	./cloudflare/cloudflared proxy-dns --address 0.0.0.0 --port 15353

后台运行

1	nohup ./cloudflare/cloudflared proxy-dns --address 0.0.0.0 --port 15353 &

安装Dig

1	apt install dnsutils

测试

1	dig +short @127.0.0.1 -p 15353 cloudflare.com AAAA

修改 DNS 服务器

1	nano /etc/dnsmasq.conf

写入

1 2	no-resolv server=127.0.0.1#15353

增加DNS规则

1 2	sudo iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 15353 sudo iptables -t nat -A PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 15353

All Done！

Know More

https://developers.cloudflare.com/argo-tunnel/downloads/

https://blog.newnius.com/setup-global-proxy-with-raspberry-pi.html

Top Menu

Navigation

Raspberry Pi 3 Model B+ 配置AP全局代理

配置redsocks

配置iptables

配置DNS Over HTTPS

安装Cloudflared

Know More

There are no comments yet