为hysteria添加tproxy
"tproxy_tcp": {
"listen": ":60080",
"timeout": 300
},
"tproxy_udp": {
"listen": ":60080",
"timeout": 300
}
一键脚本:
#!/bin/sh
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf && sysctl -p
# 填写域名 www.123.com
echo "SERVER_NAME=YOUR_SERVER_NAME" >> /etc/profile
source /etc/profile
# 获取SERVER_IP,设置变量
SERVER_IP=$(nslookup -type=a $SERVER_NAME | grep -o -E '([0-9][^:][0-9]?[0-9]?\\.?){4}' | tail -1)
echo "SERVER_IP=${SERVER_IP}" >> /etc/profile
# 下载hysteria
mkdir /root/hysteria
scp [email protected]:/root/hysteria/config.json ~/hysteria/
chmod 755 /root/hysteria/config.json
scp [email protected]:/root/hysteria/hysteria-linux-amd64-avx ~/hysteria/
chmod 755 /root/hysteria/hysteria-linux-amd64-avx
ln -s /root/hysteria/hysteria-linux-amd64-avx /usr/bin/hysteria
hysteria &
export all_proxy="<http://127.0.0.1:1081>"
export http_proxy="<http://127.0.0.1:1081>"
export https_proxy="<http://127.0.0.1:1081>"
apt-get update
apt-get install iptables
# 自动获取域名最新IP,设置变量
echo '#!/bin/bash
source /etc/profile
while true
do
SERVER_IP=$(nslookup -type=AAAA $SERVER_NAME 192.168.104.111 | grep -o -E '([0-9a-fA-F]{1,4}:){1,7}[0-9a-fA-F]{1,4}' | ta>
if [ "$SERVER_IP" == "192.168.104.111" ] || [ -z "$SERVER_IP" ]; then
SERVER_IP=$(nslookup -type=A $SERVER_NAME 192.168.104.111 | grep -o -E '([0-9]{1,3}\\.){3}[0-9]{1,3}' | tail -1)
fi
if [ "$SERVER_IP" == "192.168.104.111" ] || [ -z "$SERVER_IP" ]; then
echo "`date` host $SERVER_NAME failed, result is $SERVER_IP" >> /root/hysteria/host.log
sleep 1
else
echo "`date` host success $SERVER_IP" >> /root/hysteria/host.log
break
fi
done
sed -i -e "/SERVER_IP/d" /etc/profile
echo "SERVER_IP=$SERVER_IP" >> /etc/profile
source /etc/profile
rm /root/hysteria/config.json
cp /root/hysteria/origin.json /root/hysteria/config.json
if echo "$SERVER_IP" | grep -q ':'; then
SERVER_IP="[$SERVER_IP]"
fi
sed -i "s/$SERVER_NAME/$SERVER_IP/" /root/hysteria/config.json
# 设置策略路由
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100
ip route flush cache
# 代理局域网设备
iptables -t mangle -N Hysteria
iptables -t mangle -A Hysteria -d $SERVER_IP -j RETURN
iptables -t mangle -A Hysteria -d 127.0.0.1/32 -j RETURN
iptables -t mangle -A Hysteria -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A Hysteria -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A Hysteria -d 192.168.0.0/16 -p tcp -j RETURN
iptables -t mangle -A Hysteria -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A Hysteria -j RETURN -m mark --mark 0xff
iptables -t mangle -A Hysteria -p udp -j TPROXY --on-ip 127.0.0.1 --on-port 60080 --tproxy-mark 1
iptables -t mangle -A Hysteria -p tcp -j TPROXY --on-ip 127.0.0.1 --on-port 60080 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j Hysteria
# 代理网关设置
iptables -t mangle -N Hysteria_MASK
iptables -t mangle -A Hysteria_MASK -d $SERVER_IP -j RETURN
iptables -t mangle -A Hysteria_MASK -d 127.0.0.1/32 -j RETURN
iptables -t mangle -A Hysteria_MASK -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A Hysteria_MASK -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A Hysteria_MASK -d 192.168.0.0/16 -p tcp -j RETURN
iptables -t mangle -A Hysteria_MASK -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A Hysteria_MASK -j RETURN -m mark --mark 0xff
iptables -t mangle -A Hysteria_MASK -p udp -j MARK --set-mark 1
iptables -t mangle -A Hysteria_MASK -p tcp -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -j Hysteria_MASK
' > /root/hysteria/cfg.sh
chmod 755 /root/hysteria/cfg.sh
# 配置Hysteria config服务
echo '[Unit]
Description=Hysteria Config
After=network.target nss-lookup.target
[Service]
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/root/hysteria/cfg.sh
Restart=on-failure
RestartSec=10s
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target' > /etc/systemd/system/hysteria_cfg.service
systemctl enable hysteria_cfg.service
systemctl start hysteria_cfg.service
# 配置Hysteria服务
echo '[Unit]
Description=Hysteria
After=network.target nss-lookup.target
[Service]
ExecStartPre=/bin/sleep 10
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/bin/hysteria client --config /root/hysteria/config.json
Restart=on-failure
RestartSec=10s
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target' > /etc/systemd/system/hysteria.service
systemctl enable hysteria.service
systemctl start hysteria.service