我有这个配置脚本:
我打开VPN隧道
openvpn --config serverx.ovpn > /dev/null 2>&1 &
openvpn --config servery.ovpn > /dev/null 2>&1 &
在我的脚本上进行测试,输出连接地址
route add 69.195.103.232/32 dev tun0
curl http://checkmyproxy.xx/checkproxy.php
route delete 69.195.103.232
我得到了正确的 SERVERX IP
我准备iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
我编辑 RT_TABLES
nano /etc/iproute2/rt_tables
我添加到 RT_TABLES
100 tunnel0
101 tunnel1
然后
ip route add default dev tun0 table tunnel0
ip route add default dev tun1 table tunnel1
ip rule add from all fwmark 0x100 table tunnel0
ip rule add from all fwmark 0x101 table tunnel1
ip route flush cache
ip rule show
一切都好,我得到以下结果
IF配置
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
ETC ETC
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
ETC ETC
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.120.1.6 netmask 255.255.255.255 destination 10.120.1.5
ETC ETC, IP CLASS CAN VARY
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.199.1.6 netmask 255.255.255.255 destination 10.199.1.5
ETC ETC, IP CLASS CAN VARY
航线
default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
10.151.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.199.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
link-local 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
知识产权规则展示
0: from all lookup local
32764: from all fwmark 0x100 lookup tunnel0
32765: from all fwmark 0x101 lookup tunnel1
32766: from all lookup main
32767: from all lookup default
我标记数据包以关联到正确的路由/接口
iptables -A PREROUTING -t mangle -p tcp --sport 10000 -j MARK --set-mark 100
iptables -A PREROUTING -t mangle -p tcp --sport 10001 -j MARK --set-mark 101
iptables-save
问题是
如何使用以下命令获取第一个和第二个请求的返回服务器 x IP 和服务器 y IP?
curl http://checkmyproxy.xx:10000/checkproxy.php
curl http://checkmyproxy.xx:10001/checkproxy.php
最终端口始终为 80,因此 10000 和 10001 应翻译为 80。其他翻译正确,但我得到了 eth0 真实地址(无隧道),因此它绕过了 mangle 标记
iptables -t nat -A OUTPUT -p tcp --dport 10000 -j DNAT --to :80
iptables-save
谢谢你!