From 3314ae7c8b2332b7e6526f4ef7d6016e6aae2b50 Mon Sep 17 00:00:00 2001 From: Dreagonmon <531486058@qq.com> Date: Sat, 30 Jul 2022 19:38:52 +0800 Subject: [PATCH] improvement --- .gitignore | 1 + README.md | 17 +++++++++++++++++ bashrc.sh | 35 +++++++++++++++++++++++++++++++++++ config/local.json | 30 ++++++++++++++++++++++++++++++ kill.sh | 2 +- table.sh | 23 +++++++++++++++++------ 6 files changed, 101 insertions(+), 7 deletions(-) create mode 100644 README.md create mode 100644 bashrc.sh create mode 100755 config/local.json diff --git a/.gitignore b/.gitignore index d71f10b..8d6db5b 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ __pycache__ /config/* !/config/xray !/config/xray.* +!/config/local.json diff --git a/README.md b/README.md new file mode 100644 index 0000000..3ab3020 --- /dev/null +++ b/README.md @@ -0,0 +1,17 @@ +# Xray 订阅管理脚本 + +## 关键文件 +- xray_manager.py 管理订阅,选择服务器生成配置文件 +- xray_run.py 前台运行代理服务 +- table.sh 写入iptables,默认tproxy组运行的程序的流量会被代理 +- kill.sh 杀死后台运行的xray_run.py +- config/local.json xray配置模板文件,outbound留空,让管理脚本生成 +- config/xray xray可执行文件 + +## tproxy透明代理分流逻辑 +table.sh脚本设置iptables的逻辑如下: +- 基于gid组id分流(默认使用组tproxy,需要提前创建) +- 所有非英特网的流量不走代理 +- 所有转发流量都走代理(其它设备将本机设为网关的情况) + +使用时,对于需要代理的软件,使用命令`newgrp tproxy`更改用户组之后运行,或者使用`sg tproxy `执行单个命令。 diff --git a/bashrc.sh b/bashrc.sh new file mode 100644 index 0000000..6555cb9 --- /dev/null +++ b/bashrc.sh @@ -0,0 +1,35 @@ +#!/bin/sh +_XRAY_DIR="/home/dreagonmon/scripts/v2xray" + +# proxy +httpproxy-server () { + eval $(ps -ef | grep -m 1 "python .*xray_run\.py a" | awk '{print "sudo kill "$2}') + sudo nohup python ${_XRAY_DIR}/xray_run.py a >> /dev/null 2>&1 & +} + +getip () { + curl https://ip.gs +} + +allproxy () { + export ALL_PROXY="socks5://127.0.0.1:1080" + export all_proxy="socks5://127.0.0.1:1080" +} + +httpproxy () { + export HTTP_PROXY="http://127.0.0.1:2802" + export http_proxy="http://127.0.0.1:2802" + export HTTPS_PROXY="http://127.0.0.1:2802" + export https_proxy="http://127.0.0.1:2802" + export FTP_PROXY="http://127.0.0.1:2802" + export ftp_proxy="http://127.0.0.1:2802" +} + +nohttpproxy () { + unset HTTP_PROXY + unset http_proxy + unset HTTPS_PROXY + unset https_proxy + unset FTP_PROXY + unset ftp_proxy +} diff --git a/config/local.json b/config/local.json new file mode 100755 index 0000000..0515c4e --- /dev/null +++ b/config/local.json @@ -0,0 +1,30 @@ +{ + "inbounds": [ + { + "port": 2801, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + }, + { + "port": 2802, + "listen": "127.0.0.1", + "protocol": "http" + }, + { + "protocol": "dokodemo-door", + "port": 2803, + "settings": { + "network": "tcp,udp", + "followRedirect": true + }, + "streamSettings": { + "sockopt": { + "tproxy": "tproxy" + } + } + } + ] +} diff --git a/kill.sh b/kill.sh index e1d3eff..72bbce7 100755 --- a/kill.sh +++ b/kill.sh @@ -1,3 +1,3 @@ #!/bin/sh -eval $(ps -ef | grep -m 1 "python .*xray_run\.py a" | awk '{print "sudo kill -9 "$2}') +eval $(ps -ef | grep -m 1 "python .*xray_run\.py" | awk '{print "sudo kill "$2}') diff --git a/table.sh b/table.sh index 92dcbda..17679e8 100755 --- a/table.sh +++ b/table.sh @@ -1,5 +1,16 @@ #!/bin/sh +PX_GROUP="tproxy" +PX_PORT="2803" +GID=`getent group ${PX_GROUP} | cut -d: -f3` + +if [[ -n ${GID} && ${GID} -gt 0 ]]; then + echo "Applying iptables rules for group '${PX_GROUP}'" +else + echo "Group '${PX_GROUP}' not exist, please create one." + exit 1 +fi + ip rule add fwmark 1 table 100 ip route add local 0.0.0.0/0 dev lo table 100 ip -6 rule add fwmark 1 table 106 @@ -39,13 +50,13 @@ ip6tables -t mangle -A XRAY6_SELF -d FE00::0/8 -j RETURN ip6tables -t mangle -A XRAY6_SELF -d 0000::0/8 -j RETURN # config route -iptables -t mangle -A XRAY -p tcp -j TPROXY --on-ip 127.0.0.1 --on-port 2803 --tproxy-mark 1 -iptables -t mangle -A XRAY -p udp -j TPROXY --on-ip 127.0.0.1 --on-port 2803 --tproxy-mark 1 -ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-ip ::1 --on-port 2803 --tproxy-mark 1 -ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-ip ::1 --on-port 2803 --tproxy-mark 1 +iptables -t mangle -A XRAY -p tcp -j TPROXY --on-ip 127.0.0.1 --on-port ${PX_PORT} --tproxy-mark 1 +iptables -t mangle -A XRAY -p udp -j TPROXY --on-ip 127.0.0.1 --on-port ${PX_PORT} --tproxy-mark 1 +ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-ip ::1 --on-port ${PX_PORT} --tproxy-mark 1 +ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-ip ::1 --on-port ${PX_PORT} --tproxy-mark 1 iptables -t mangle -A PREROUTING -j XRAY ip6tables -t mangle -A PREROUTING -j XRAY6 iptables -t mangle -A XRAY_SELF -j MARK --set-mark 1 ip6tables -t mangle -A XRAY6_SELF -j MARK --set-mark 1 -iptables -t mangle -A OUTPUT -m owner --gid-owner 10333 -j XRAY_SELF -ip6tables -t mangle -A OUTPUT -m owner --gid-owner 10333 -j XRAY6_SELF +iptables -t mangle -A OUTPUT -m owner --gid-owner ${GID} -j XRAY_SELF +ip6tables -t mangle -A OUTPUT -m owner --gid-owner ${GID} -j XRAY6_SELF