小米路由器shadowsocks+redsocks2

发表于 分类于 评论数: 阅读次数:

小米 $$ 方案部署

获取SSH权限

http://www.miui.com/thread-1852115-1-1.html

下载shadowsocks和redsocks2

http://www.miui.com/thread-1843323-1-1.html
http://www.miui.com/thread-1852115-1-1.html

准备工作

将下载好的shadowsocks和redsocks2解压到小米路由盘上任意位置
下载ssh工具putty

配置shadowsocks

  • 首先要有一个shadowsocks的账号
    https://www.shadowsocks.net/

  • 将shadowsock加入开机启动
    通过putty工具登入小米路由,

  • 输入 vi /etc/rc.local 加入以下代码

    1
    2
    3
    \# 启动 shadowsocks

    nohup /目录地址/ss-local -s 服务器地址 -p 远程端口 -l 本地端口 -k 密码 -m 加密方式 -u >/dev/null 2>&1 &

ESC :wq 保存 >>配置pdnsd

1
vi /etc/pdnsd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
global {
    # debug = on;          
    perm_cache=1024;
    cache_dir="/userdisk/pdnsd";
    run_as="nobody";
    server_port = 1053;   
    server_ip = 127.0.0.1;  
    status_ctl = on;
    query\_method=tcp\_only;
    min_ttl=15m;
    max_ttl=1w;
    timeout=6;
    neg\_rrs\_pol=on;
    par_queries=1;
}
server {
    label= "114 DNS";
    ip = 114.114.114.114,114.114.115.115;
    uptest=none;
    proxy_only=on;
    purge_cache=off;
    exclude=".google.com",".gstatic.com",".googleusercontent.com",".googlesource.com",".ggpht.com",".appspot.com",".googlecode.com",".googleapis.com",".gmail.com",".google-analytics.com",".keyhole.com",".chromium.org",".googlesyndication.com",".googlelabs.com",".g.co",".goo.gl",".panoramio.com",".android.com",".youtube.com",".ytimg.com",".blogspot.com",".blogger.com",".twitter.com",".twimg.com",".t.co",".facebook.com",".facebook.net",".fbcdn.net",".fb.me",".tfbnw.net",".flickr.com",".yimg.com",".bit.ly",".bitly.com",".t66y.com",".wp.com",".torproject.org",".igfw.net",".openvpn.net",".dropbox.com",".wikipedia.org",".sourceforge.net",".sf.net",".droplr.com",".pastebin.com",".vimeo.com";
}
server {
    label= "googledns";  
    ip = 8.8.8.8,8.8.4.4; 
\#    root_server = on;  
    uptest = none;
    proxy_only=on;
    purge_cache=off;  
}
source {
 ttl=86400;
 owner="localhost.";
\# serve_aliases=on;
 file="/etc/hosts";
}

ESC :wq 保存 启用 pdnsd,并设置为开机启动:

1
2
/etc/init.d/pdnsd enable
/etc/init.d/pdnsd start

设置 dnsmasq 对特定域名使用本地的 pdnsd 进行解析:

1
vi /etc/dnsmasq.d/dnsmasq.custom.conf

加入以下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#Google and Youtube
server=/.google.com/127.0.0.1#1053
server=/.google.com.hk/127.0.0.1#1053
server=/.gstatic.com/127.0.0.1#1053
server=/.ggpht.com/127.0.0.1#1053
server=/.googleusercontent.com/127.0.0.1#1053
server=/.appspot.com/127.0.0.1#1053
server=/.googlecode.com/127.0.0.1#1053
server=/.googleapis.com/127.0.0.1#1053
server=/.gmail.com/127.0.0.1#1053
server=/.google-analytics.com/127.0.0.1#1053
server=/.youtube.com/127.0.0.1#1053
server=/.googlevideo.com/127.0.0.1#1053
server=/.youtube-nocookie.com/127.0.0.1#1053
server=/.ytimg.com/127.0.0.1#1053
server=/.blogspot.com/127.0.0.1#1053
server=/.blogger.com/127.0.0.1#1053

#FaceBook
server=/.facebook.com/127.0.0.1#1053
server=/.thefacebook.com/127.0.0.1#1053
server=/.facebook.net/127.0.0.1#1053
server=/.fbcdn.net/127.0.0.1#1053
server=/.akamaihd.net/127.0.0.1#1053

#Twitter
server=/.twitter.com/127.0.0.1#1053
server=/.t.co/127.0.0.1#1053
server=/.bitly.com/127.0.0.1#1053
server=/.twimg.com/127.0.0.1#1053
server=/.tinypic.com/127.0.0.1#1053
server=/.yfrog.com/127.0.0.1#1053

ESC :wq 保存 (重启路由器让pdnsd生效)

配置Redsocks2

修改redsock.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
base {
log_debug = off;
log_info = off;
daemon = on;
redirector= iptables;
}

redsocks {
local\_ip = 192.168.1.1;   //local\_ip 一定不要设置为 0.0.0.0 或 127.0.0.1等 ,应设置成你的局域网IP。
local_port = 1081;         // 将HTTP 连接重定向到这个端口,请自行修改,也可以默认
ip = 192.168.1.1;         // 代理的局域网ip
port = 9050;               //代理端口
type = socks5;           //代理类型,不支持持autosocks5和autohttp-connect两种类型。请在socks4, socks5, http-connect,  
                                                                          http-relay和direct中选择。 
autoproxy = 1;         // 当此参数不指定或为0时,自动代理功能关闭,所有连接都通过前面设置的代理出去。 
                                 // 当此参数为1时,自动代理功能打开,所有连接先尝试直接连接,当直接连接失败时才尝试通过前面设置的代理出去。
                                // 不建议和direct 方式共同使用,没意义。
}

配置iptables进程REDIRECT

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
iptables -t nat -N REDSOCKS
iptables -t nat -A PREROUTING -i br-lan -p tcp -j REDSOCKS




\# Do not redirect traffic to the followign address ranges
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 10.8.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN




\# Redirect normal HTTP and HTTPS traffic
iptables -t nat -A REDSOCKS -p tcp --dport 80 -j REDIRECT --to-ports 1081
iptables -t nat -A REDSOCKS -p tcp --dport 443 -j REDIRECT --to-ports 1081

启动Redsocks2

1
/你的目录/reddsocks2 -c /你的目录/redsocks.conf &
0%