connectME
is a tool that help you connect the internet freely.
# 如果是升级, 最好先把老版本删除
# rm -rf /usr/bin/connectME
CGO_ENABLED=0 \
GOBIN=/usr/bin \
go get -u -v github.com/aiziyuer/connectME
为了避免goproxy的缓存问题, 可以
export GOPROXY=direct
强制从源站下载
# start it
➜ ~ connectME dns --port 53
ednsSubnet: 122.235.189.0/24
proxy: http://127.0.0.1:3128
tcp_server: 0.0.0.0:53
udp_server: 0.0.0.0:53
# test
dig @127.0.0.1 -p53 www.google.com +short
网关服务安装
# start it
➜ ~ export proxy=http://127.0.0.1:3128
➜ ~ connectME gw --port 1081
gw_server: 0.0.0.0:1081
由于透明网关需要防火墙上面将流量引入, 所以有如下推荐的防火墙配置:
# install ipset
yum install ipset
# apt-get install ipset
# clean
# ipset flush NO_PROXY && ipset destory NO_PROXY || true
# create, ref: https://zh.wikipedia.org/wiki/%E4%BF%9D%E7%95%99IP%E5%9C%B0%E5%9D%80
ipset create NO_PROXY hash:net comment
ipset -exist add NO_PROXY 0.0.0.0/8 comment "IANA"
ipset -exist add NO_PROXY 10.0.0.0/8 comment "Class C IP address"
ipset -exist add NO_PROXY 172.16.0.0/12 comment "Class C IP address"
ipset -exist add NO_PROXY 192.168.0.0/16 comment "Class C IP address"
ipset -exist add NO_PROXY 127.0.0.0/8 comment "Loopback Address"
ipset -exist add NO_PROXY 169.254.0.0/16 comment "Link local address"
ipset -exist add NO_PROXY 224.0.0.0/16 comment "Multicast Address"
# ipset -exist add NO_PROXY xxxx/32 comment "Your Proxy Server"
# apply chain
iptables -t nat -N PROXY &>/dev/null; iptables -t nat -F PROXY
iptables -t nat -A PROXY -m set --match-set NO_PROXY dst -j RETURN
iptables -t nat -A PROXY -p tcp -j REDIRECT --to-port 1081
iptables -t nat -F OUTPUT && iptables -t nat -A OUTPUT -j PROXY
iptables -t nat -F PREROUTING && iptables -t nat -A PREROUTING -p tcp -j PROXY
# review chain
iptables -t nat -S
# ipset auto restore at reboot
cat <<'EOF' >/etc/systemd/system/ipset.service
[Unit]
Description=ipset persistent rule service
Before=iptables.service
ConditionFileNotEmpty=/etc/sysconfig/ipset
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/sbin/ipset -exist -file /etc/sysconfig/ipset restore
ExecStop=/usr/sbin/ipset -file /etc/sysconfig/ipset save
[Install]
WantedBy=multi-user.target
EOF
# apply ipset
systemctl daemon-reload; systemctl enable ipset.service; systemctl start ipset.service
# add systemd service
cat <<'EOF'>/etc/systemd/system/connectME@.service
[Unit]
Description=connectME dns
Documentation=https://github.com/aiziyuer/connectME
After=network.target
[Service]
Type=notify
Environment="HTTP_PROXY=127.0.0.1:3128"
Environment="HTTPS_PROXY=127.0.0.1:3128"
ExecStart=/usr/bin/connectME %i
WatchdogSec=1s
StartLimitBurst=0
StartLimitIntervalSec=0
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
# apply dns
systemctl daemon-reload; systemctl enable connectME@dns.service; systemctl restart connectME@dns.service
# apply gw
systemctl daemon-reload; systemctl enable connectME@gw.service; systemctl restart connectME@gw.service