nat gateway - Githubissues

tiancheng91 commented 5 years ago

# nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# nat 
iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o eth0 -j SNAT --to-source 192.168.0.10
iptables -t filter -A FORWARD -i ztc3qv2iis -s 192.168.20.0/24 -d 0.0.0.0/0 -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -s 0.0.0.0/0 -d 192.168.20.0/24 -j ACCEPT

curl https://gitlab.com/yatocala/public/-/raw/master/pass_cidr.txt | while read ip; do
    if [[ $ip =~ [\d\.] ]]; then
        ip route add ${ip} via 192.168.200.1
    fi
done

tiancheng91 commented 5 years ago

iptables -t nat -N SS

# google
iptables -t nat -A SS -p tcp -d 35.190.247.0/24 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 35.191.0.0/16 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 64.233.160.0/19 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 66.102.0.0/20 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 66.249.80.0/20 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 72.14.192.0/18 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 74.125.0.0/16 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 108.177.8.0/21 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 108.177.96.0/19 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 130.211.0.0/22 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 172.217.0.0/19 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 172.217.32.0/20 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 172.217.128.0/19 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 172.217.160.0/20 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 172.217.192.0/19 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 173.194.0.0/16 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 209.85.128.0/17 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 216.239.32.0/19 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 216.58.192.0/19 -j REDIRECT --to-ports 12345

# telegram
iptables -t nat -A SS -p tcp -d 91.108.4.0/22 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 91.108.8.0/22 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 91.108.12.0/22 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 91.108.20.0/22 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 91.108.36.0/23 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 91.108.38.0/23 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 91.108.56.0/22 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 149.154.160.0/20 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 149.154.164.0/22 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 149.154.172.0/22 -j REDIRECT --to-ports 12345

# amazon
iptables -t nat -A SS -p tcp -d 52.15.247.160/27 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 52.23.63.224/27 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 54.70.204.128/27 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 52.210.255.224/27 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 35.177.218.0/27 -j REDIRECT --to-ports 12345
iptables -t nat -A SS -p tcp -d 35.158.127.192/27 -j REDIRECT --to-ports 12345

# facebook
iptables -t nat -A SS -p tcp -d  31.13.64.0/18 -j REDIRECT --to-ports 12345

#Anything else should be ignore
#iptables -t nat -A SS -p tcp -j RETURN

# Apply the rules
iptables -t nat -A PREROUTING -p tcp -j SS

# dns
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353

tiancheng91 commented 5 years ago

iptables -t nat -A OUTPUT -p tcp -d 74.125.0.0/16 -j DNAT --to-destination 127.0.0.1:12345 or iptables -t nat -A PREROUTING -p tcp -d 74.125.0.0/16 -j REDIRECT --to-ports 12345

tiancheng91 commented 5 years ago

iptables -A POSTROUTING -s 192.168.0.0/16 -t nat -j MASQUERADE

tiancheng91 commented 5 years ago

iptables -t nat -D OUTPUT 3 iptables -t nat -D PREROUTING 3

tiancheng91 commented 5 years ago

echo "35.190.247.0/24 64.233.160.0/19 66.102.0.0/20 66.249.80.0/20 72.14.192.0/18 74.125.0.0/16 108.177.8.0/21 173.194.0.0/16 209.85.128.0/17 216.58.192.0/19 216.239.32.0/19 172.217.0.0/19 172.217.32.0/20 172.217.128.0/19 172.217.160.0/20 172.217.192.0/19 108.177.96.0/19 35.191.0.0/16 130.211.0.0/22" | while read line; do ip route add $line via 192.168.30.3 done

tiancheng91 commented 3 years ago

/etc/systemd/resolved.conf

[Resolve]
DNS=45.90.28.0#53eb32.dns1.nextdns.io
DNS=2a07:a8c0::#53eb32.dns1.nextdns.io
DNS=45.90.30.0#53eb32.dns2.nextdns.io
DNS=2a07:a8c1::#53eb32.dns2.nextdns.io
DNSOverTLS=yes

tiancheng91 commented 3 years ago

smartdns

bind :853
cache-size 4096
prefetch-domain yes
serve-expired yes
speed-check-mode ping,tcp:80

server 114.114.114.114
server 223.5.5.5
server 116.228.111.118
server-tcp 208.67.222.222:443
server-tls 1.0.0.1

tiancheng91 commented 1 year ago

tailscale up --advertise-routes=10.0.0.0/24,74.125.0.0/16,172.217.0.0/16,35.191.0.0/16,91.108.0.0/16,149.154.0.0/16,129.134.0.0/16,157.240.0.0/16 --advertise-exit-node

tiancheng91 / collection

nat gateway #22