From bde188decb4a3bd5f03f3398fc0944ad82577157 Mon Sep 17 00:00:00 2001 From: starry <115192496+sky22333@users.noreply.github.com> Date: Sat, 27 Dec 2025 05:00:26 +0800 Subject: [PATCH] Create tproxy.sh --- proxy/tproxy.sh | 212 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 212 insertions(+) create mode 100644 proxy/tproxy.sh diff --git a/proxy/tproxy.sh b/proxy/tproxy.sh new file mode 100644 index 0000000..692fba1 --- /dev/null +++ b/proxy/tproxy.sh @@ -0,0 +1,212 @@ +#!/bin/bash + +# TPROXY 透明代理一键配置脚本 +# 适用于 s-ui / 3x-ui 透明代理 + +set -e + +# 默认配置参数 +DEFAULT_TPROXY_PORT=12345 # 默认 TPROXY 监听端口 +PROXY_FWMARK=1 # 防火墙标记 +ROUTE_TABLE=100 # 策略路由表编号 +CHAIN_NAME="XRAY_TPROXY" # 自定义链名称 + +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +check_root() { + if [[ $EUID -ne 0 ]]; then + echo -e "${RED}错误: 需要 root 权限${NC}" + exit 1 + fi +} + +get_tproxy_port() { + echo -e "${GREEN}请输入 TPROXY 监听端口 [默认: $DEFAULT_TPROXY_PORT]:${NC}" + read -p "> " input_port + + if [[ -z "$input_port" ]]; then + TPROXY_PORT=$DEFAULT_TPROXY_PORT + else + if [[ "$input_port" =~ ^[0-9]+$ ]] && [ "$input_port" -ge 1 ] && [ "$input_port" -le 65535 ]; then + TPROXY_PORT=$input_port + else + echo -e "${RED}错误: 无效端口号${NC}" + return 1 + fi + fi + echo -e "${GREEN}使用端口: $TPROXY_PORT${NC}" + echo "" +} + +# 配置透明代理规则 +setup_proxy() { + echo -e "${GREEN}========================================${NC}" + echo -e "${GREEN}配置透明代理${NC}" + echo -e "${GREEN}========================================${NC}" + echo "" + + # 交互式获取端口 + get_tproxy_port || return + + # 创建自定义链 + iptables -t mangle -N $CHAIN_NAME 2>/dev/null || iptables -t mangle -F $CHAIN_NAME + + # 排除规则 + iptables -t mangle -A $CHAIN_NAME -d 127.0.0.0/8 -j RETURN + iptables -t mangle -A $CHAIN_NAME -d 10.0.0.0/8 -j RETURN + iptables -t mangle -A $CHAIN_NAME -d 172.16.0.0/12 -j RETURN + iptables -t mangle -A $CHAIN_NAME -d 192.168.0.0/16 -j RETURN + iptables -t mangle -A $CHAIN_NAME -d 169.254.0.0/16 -j RETURN + iptables -t mangle -A $CHAIN_NAME -d 224.0.0.0/4 -j RETURN + iptables -t mangle -A $CHAIN_NAME -d 255.255.255.255/32 -j RETURN + + # TPROXY 规则 + iptables -t mangle -A $CHAIN_NAME -p tcp -j TPROXY --on-port $TPROXY_PORT --tproxy-mark $PROXY_FWMARK + iptables -t mangle -A $CHAIN_NAME -p udp -j TPROXY --on-port $TPROXY_PORT --tproxy-mark $PROXY_FWMARK + + # 应用规则 + iptables -t mangle -A OUTPUT -j $CHAIN_NAME + iptables -t mangle -A PREROUTING -j $CHAIN_NAME + + # 策略路由 + ip rule add fwmark $PROXY_FWMARK lookup $ROUTE_TABLE 2>/dev/null || true + ip route add local 0.0.0.0/0 dev lo table $ROUTE_TABLE 2>/dev/null || true + + echo -e "${GREEN}配置完成!${NC}" + echo -e "代理端口: ${YELLOW}$TPROXY_PORT${NC}" + echo "" + read -p "按回车键继续..." +} + +# 移除透明代理规则 +remove_proxy() { + echo -e "${GREEN}========================================${NC}" + echo -e "${GREEN}移除透明代理规则${NC}" + echo -e "${GREEN}========================================${NC}" + echo "" + + iptables -t mangle -D OUTPUT -j $CHAIN_NAME 2>/dev/null || true + iptables -t mangle -D PREROUTING -j $CHAIN_NAME 2>/dev/null || true + iptables -t mangle -F $CHAIN_NAME 2>/dev/null || true + iptables -t mangle -X $CHAIN_NAME 2>/dev/null || true + + ip rule del fwmark $PROXY_FWMARK lookup $ROUTE_TABLE 2>/dev/null || true + ip route flush table $ROUTE_TABLE 2>/dev/null || true + + echo -e "${GREEN}规则已移除${NC}" + echo "" + read -p "按回车键继续..." +} + +# 查看当前规则 +show_rules() { + echo -e "${GREEN}========================================${NC}" + echo -e "${GREEN}当前规则状态${NC}" + echo -e "${GREEN}========================================${NC}" + echo "" + + echo -e "${BLUE}=== Mangle 表 ===${NC}" + iptables -t mangle -L $CHAIN_NAME -v -n 2>/dev/null || echo "无规则" + echo "" + + echo -e "${BLUE}=== 策略路由 ===${NC}" + ip rule show | grep "fwmark $PROXY_FWMARK" || echo "无规则" + echo "" + + echo -e "${BLUE}=== 路由表 ===${NC}" + ip route show table $ROUTE_TABLE 2>/dev/null || echo "无规则" + echo "" + + read -p "按回车键继续..." +} + +# 保存规则 +save_rules() { + echo -e "${GREEN}========================================${NC}" + echo -e "${GREEN}保存规则${NC}" + echo -e "${GREEN}========================================${NC}" + echo "" + + # 保存 iptables + mkdir -p /etc/iptables + iptables-save > /etc/iptables/rules.v4 + echo -e "${GREEN}✓ iptables 规则已保存${NC}" + + # 创建 systemd 服务 + cat > /etc/systemd/system/tproxy-route.service << EOF +[Unit] +Description=TPROXY Policy Routing +After=network.target + +[Service] +Type=oneshot +ExecStart=/bin/bash -c 'ip rule add fwmark $PROXY_FWMARK lookup $ROUTE_TABLE 2>/dev/null || true; ip route add local 0.0.0.0/0 dev lo table $ROUTE_TABLE 2>/dev/null || true' +ExecStop=/bin/bash -c 'ip rule del fwmark $PROXY_FWMARK lookup $ROUTE_TABLE 2>/dev/null || true; ip route flush table $ROUTE_TABLE 2>/dev/null || true' +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +EOF + + systemctl daemon-reload + systemctl enable tproxy-route.service >/dev/null 2>&1 + echo -e "${GREEN}✓ systemd 服务已创建${NC}" + echo -e "${GREEN}✓ 开机自动恢复已启用${NC}" + echo "" + read -p "按回车键继续..." +} + +show_menu() { + clear + echo -e "${BLUE}========================================${NC}" + echo -e "${BLUE} TPROXY 透明代理配置工具${NC}" + echo -e "${BLUE}========================================${NC}" + echo "" + echo -e "${GREEN}1.${NC} 配置透明代理" + echo -e "${GREEN}2.${NC} 移除透明代理" + echo -e "${GREEN}3.${NC} 查看当前状态" + echo -e "${GREEN}4.${NC} 保存规则(持久化)" + echo -e "${RED}0.${NC} 退出" + echo "" + echo -e "${BLUE}========================================${NC}" + echo "" +} + +main() { + check_root + + while true; do + show_menu + read -p "请选择操作 [0-4]: " choice + echo "" + + case $choice in + 1) + setup_proxy + ;; + 2) + remove_proxy + ;; + 3) + show_rules + ;; + 4) + save_rules + ;; + 0) + echo -e "${GREEN}退出程序${NC}" + exit 0 + ;; + *) + echo -e "${RED}无效选项,请重新选择${NC}" + sleep 2 + ;; + esac + done +} + +main