我一直在尝试通过 VPN 路由一些流量,而直接通过 ISP 路由其余流量,我发现了这篇文章:
http://www.htpcguides.com/force-torrent-traffic-vpn-split-tunnel-debian-8-ubuntu-16-04/
然而,我决定尝试一下并制定自己的规则。我相信我已经完成了我需要做的事情,而没有使用文章列出的那么多规则。
我希望找到一个足够友善的人来审查我的规则,并让我知道是否有任何漏洞或错误。我通过查看 IP 地址确认通过 VPN 路由的是正确的流量。这是我的规则:
路由:
$ ip rule
0: from all lookup local
32765: from all fwmark 0x1 lookup 128
32766: from all lookup main
32767: from all lookup default
$ ip route show table main
default via 192.168.0.1 dev eth0
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.129 metric 202
$ ip route show table 128
default via 10.8.8.249 dev tun0
10.8.8.249 dev tun0 scope link src 10.8.8.250
68.235.53.24 via 192.168.0.1 dev eth0
192.168.0.0/24 dev eth0 scope link
Mangle 和 NAT 表:
sudo iptables -t mangle -L -v
Chain PREROUTING (policy ACCEPT 2964K packets, 3153M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 2964K packets, 3153M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1651K packets, 424M bytes)
pkts bytes target prot opt in out source destination
917K 203M MARK all -- any any anywhere anywhere
owner UID match debian-transmission MARK set 0x1
Chain POSTROUTING (policy ACCEPT 1651K packets, 424M bytes)
pkts bytes target prot opt in out source destination
$ sudo iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 2814 packets, 1123K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 2799 packets, 1122K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 18894 packets, 1297K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 3327 packets, 299K bytes)
pkts bytes target prot opt in out source destination
15567 998K MASQUERADE all -- any tun0 anywhere anywhere
IP 检查:
$ curl ipinfo.io/ip
xxx.xx.xxx.177
$ sudo -u debian-transmission curl ipinfo.io/ip
68.235.53.24