VPN 流量路由检查

VPN 流量路由检查

我一直在尝试通过 VPN 路由一些流量,而直接通过 ISP 路由其余流量,我发现了这篇文章:

http://www.htpcguides.com/force-torrent-traffic-vpn-split-tunnel-debian-8-ubuntu-16-04/

然而,我决定尝试一下并制定自己的规则。我相信我已经完成了我需要做的事情,而没有使用文章列出的那么多规则。

我希望找到一个足够友善的人来审查我的规则,并让我知道是否有任何漏洞或错误。我通过查看 IP 地址确认通过 VPN 路由的是正确的流量。这是我的规则:

路由:

$ ip rule
0:  from all lookup local 
32765:  from all fwmark 0x1 lookup 128 
32766:  from all lookup main 
32767:  from all lookup default 


$ ip route show table main
default via 192.168.0.1 dev eth0 
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.129  metric 202 


$ ip route show table 128
default via 10.8.8.249 dev tun0 
10.8.8.249 dev tun0  scope link  src 10.8.8.250 
68.235.53.24 via 192.168.0.1 dev eth0 
192.168.0.0/24 dev eth0  scope link 

Mangle 和 NAT 表:

sudo iptables -t mangle -L -v
Chain PREROUTING (policy ACCEPT 2964K packets, 3153M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 2964K packets, 3153M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1651K packets, 424M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 917K  203M MARK       all  --  any    any     anywhere             anywhere             
owner UID match debian-transmission MARK set 0x1

Chain POSTROUTING (policy ACCEPT 1651K packets, 424M bytes)
 pkts bytes target     prot opt in     out     source               destination 


$ sudo iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 2814 packets, 1123K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 2799 packets, 1122K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 18894 packets, 1297K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 3327 packets, 299K bytes)
 pkts bytes target     prot opt in     out     source               destination         
15567  998K MASQUERADE  all  --  any    tun0    anywhere             anywhere       

IP 检查:

$ curl ipinfo.io/ip
xxx.xx.xxx.177
$ sudo -u debian-transmission curl ipinfo.io/ip
68.235.53.24

相关内容