213 lines
6.4 KiB
Bash
213 lines
6.4 KiB
Bash
#!/bin/bash
|
|
|
|
# TPROXY 透明代理一键配置脚本
|
|
# 适用于 s-ui / 3x-ui 透明代理
|
|
|
|
set -e
|
|
|
|
# 默认配置参数
|
|
DEFAULT_TPROXY_PORT=12345 # 默认 TPROXY 监听端口
|
|
PROXY_FWMARK=1 # 防火墙标记
|
|
ROUTE_TABLE=100 # 策略路由表编号
|
|
CHAIN_NAME="XRAY_TPROXY" # 自定义链名称
|
|
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
check_root() {
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo -e "${RED}错误: 需要 root 权限${NC}"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
get_tproxy_port() {
|
|
echo -e "${GREEN}请输入 TPROXY 监听端口 [默认: $DEFAULT_TPROXY_PORT]:${NC}"
|
|
read -p "> " input_port
|
|
|
|
if [[ -z "$input_port" ]]; then
|
|
TPROXY_PORT=$DEFAULT_TPROXY_PORT
|
|
else
|
|
if [[ "$input_port" =~ ^[0-9]+$ ]] && [ "$input_port" -ge 1 ] && [ "$input_port" -le 65535 ]; then
|
|
TPROXY_PORT=$input_port
|
|
else
|
|
echo -e "${RED}错误: 无效端口号${NC}"
|
|
return 1
|
|
fi
|
|
fi
|
|
echo -e "${GREEN}使用端口: $TPROXY_PORT${NC}"
|
|
echo ""
|
|
}
|
|
|
|
# 配置透明代理规则
|
|
setup_proxy() {
|
|
echo -e "${GREEN}========================================${NC}"
|
|
echo -e "${GREEN}配置透明代理${NC}"
|
|
echo -e "${GREEN}========================================${NC}"
|
|
echo ""
|
|
|
|
# 交互式获取端口
|
|
get_tproxy_port || return
|
|
|
|
# 创建自定义链
|
|
iptables -t mangle -N $CHAIN_NAME 2>/dev/null || iptables -t mangle -F $CHAIN_NAME
|
|
|
|
# 排除规则
|
|
iptables -t mangle -A $CHAIN_NAME -d 127.0.0.0/8 -j RETURN
|
|
iptables -t mangle -A $CHAIN_NAME -d 10.0.0.0/8 -j RETURN
|
|
iptables -t mangle -A $CHAIN_NAME -d 172.16.0.0/12 -j RETURN
|
|
iptables -t mangle -A $CHAIN_NAME -d 192.168.0.0/16 -j RETURN
|
|
iptables -t mangle -A $CHAIN_NAME -d 169.254.0.0/16 -j RETURN
|
|
iptables -t mangle -A $CHAIN_NAME -d 224.0.0.0/4 -j RETURN
|
|
iptables -t mangle -A $CHAIN_NAME -d 255.255.255.255/32 -j RETURN
|
|
|
|
# TPROXY 规则
|
|
iptables -t mangle -A $CHAIN_NAME -p tcp -j TPROXY --on-port $TPROXY_PORT --tproxy-mark $PROXY_FWMARK
|
|
iptables -t mangle -A $CHAIN_NAME -p udp -j TPROXY --on-port $TPROXY_PORT --tproxy-mark $PROXY_FWMARK
|
|
|
|
# 应用规则
|
|
iptables -t mangle -A OUTPUT -j $CHAIN_NAME
|
|
iptables -t mangle -A PREROUTING -j $CHAIN_NAME
|
|
|
|
# 策略路由
|
|
ip rule add fwmark $PROXY_FWMARK lookup $ROUTE_TABLE 2>/dev/null || true
|
|
ip route add local 0.0.0.0/0 dev lo table $ROUTE_TABLE 2>/dev/null || true
|
|
|
|
echo -e "${GREEN}配置完成!${NC}"
|
|
echo -e "代理端口: ${YELLOW}$TPROXY_PORT${NC}"
|
|
echo ""
|
|
read -p "按回车键继续..."
|
|
}
|
|
|
|
# 移除透明代理规则
|
|
remove_proxy() {
|
|
echo -e "${GREEN}========================================${NC}"
|
|
echo -e "${GREEN}移除透明代理规则${NC}"
|
|
echo -e "${GREEN}========================================${NC}"
|
|
echo ""
|
|
|
|
iptables -t mangle -D OUTPUT -j $CHAIN_NAME 2>/dev/null || true
|
|
iptables -t mangle -D PREROUTING -j $CHAIN_NAME 2>/dev/null || true
|
|
iptables -t mangle -F $CHAIN_NAME 2>/dev/null || true
|
|
iptables -t mangle -X $CHAIN_NAME 2>/dev/null || true
|
|
|
|
ip rule del fwmark $PROXY_FWMARK lookup $ROUTE_TABLE 2>/dev/null || true
|
|
ip route flush table $ROUTE_TABLE 2>/dev/null || true
|
|
|
|
echo -e "${GREEN}规则已移除${NC}"
|
|
echo ""
|
|
read -p "按回车键继续..."
|
|
}
|
|
|
|
# 查看当前规则
|
|
show_rules() {
|
|
echo -e "${GREEN}========================================${NC}"
|
|
echo -e "${GREEN}当前规则状态${NC}"
|
|
echo -e "${GREEN}========================================${NC}"
|
|
echo ""
|
|
|
|
echo -e "${BLUE}=== Mangle 表 ===${NC}"
|
|
iptables -t mangle -L $CHAIN_NAME -v -n 2>/dev/null || echo "无规则"
|
|
echo ""
|
|
|
|
echo -e "${BLUE}=== 策略路由 ===${NC}"
|
|
ip rule show | grep "fwmark $PROXY_FWMARK" || echo "无规则"
|
|
echo ""
|
|
|
|
echo -e "${BLUE}=== 路由表 ===${NC}"
|
|
ip route show table $ROUTE_TABLE 2>/dev/null || echo "无规则"
|
|
echo ""
|
|
|
|
read -p "按回车键继续..."
|
|
}
|
|
|
|
# 保存规则
|
|
save_rules() {
|
|
echo -e "${GREEN}========================================${NC}"
|
|
echo -e "${GREEN}保存规则${NC}"
|
|
echo -e "${GREEN}========================================${NC}"
|
|
echo ""
|
|
|
|
# 保存 iptables
|
|
mkdir -p /etc/iptables
|
|
iptables-save > /etc/iptables/rules.v4
|
|
echo -e "${GREEN}✓ iptables 规则已保存${NC}"
|
|
|
|
# 创建 systemd 服务
|
|
cat > /etc/systemd/system/tproxy-route.service << EOF
|
|
[Unit]
|
|
Description=TPROXY Policy Routing
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/bin/bash -c 'ip rule add fwmark $PROXY_FWMARK lookup $ROUTE_TABLE 2>/dev/null || true; ip route add local 0.0.0.0/0 dev lo table $ROUTE_TABLE 2>/dev/null || true'
|
|
ExecStop=/bin/bash -c 'ip rule del fwmark $PROXY_FWMARK lookup $ROUTE_TABLE 2>/dev/null || true; ip route flush table $ROUTE_TABLE 2>/dev/null || true'
|
|
RemainAfterExit=yes
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable tproxy-route.service >/dev/null 2>&1
|
|
echo -e "${GREEN}✓ systemd 服务已创建${NC}"
|
|
echo -e "${GREEN}✓ 开机自动恢复已启用${NC}"
|
|
echo ""
|
|
read -p "按回车键继续..."
|
|
}
|
|
|
|
show_menu() {
|
|
clear
|
|
echo -e "${BLUE}========================================${NC}"
|
|
echo -e "${BLUE} TPROXY 透明代理配置工具${NC}"
|
|
echo -e "${BLUE}========================================${NC}"
|
|
echo ""
|
|
echo -e "${GREEN}1.${NC} 配置透明代理"
|
|
echo -e "${GREEN}2.${NC} 移除透明代理"
|
|
echo -e "${GREEN}3.${NC} 查看当前状态"
|
|
echo -e "${GREEN}4.${NC} 保存规则(持久化)"
|
|
echo -e "${RED}0.${NC} 退出"
|
|
echo ""
|
|
echo -e "${BLUE}========================================${NC}"
|
|
echo ""
|
|
}
|
|
|
|
main() {
|
|
check_root
|
|
|
|
while true; do
|
|
show_menu
|
|
read -p "请选择操作 [0-4]: " choice
|
|
echo ""
|
|
|
|
case $choice in
|
|
1)
|
|
setup_proxy
|
|
;;
|
|
2)
|
|
remove_proxy
|
|
;;
|
|
3)
|
|
show_rules
|
|
;;
|
|
4)
|
|
save_rules
|
|
;;
|
|
0)
|
|
echo -e "${GREEN}退出程序${NC}"
|
|
exit 0
|
|
;;
|
|
*)
|
|
echo -e "${RED}无效选项,请重新选择${NC}"
|
|
sleep 2
|
|
;;
|
|
esac
|
|
done
|
|
}
|
|
|
|
main
|