本文介绍使用FakeIP分流法,实现局域网内设备透明代理中,主路由部分的设置
sing-box及mosdns的使用方法不在本文讨论范围内
介绍3种将FakeIP流量导入sing-box的方案
- 默认sing-box的ipv4为10.0.0.2,ipv6为dc00::2222,Fake v4网段为28.0.0.0/8,Fake v6网段为f2b0::/18。
特别注意:ros开启fasttrack,mangle会失效,只能采取route的方式路由fakeip
1.使用mangle打标签的方式
IPv4部分
1
| /routing table add name=sing-box-v4 fib
|
- 地址列表中新增proxy_ipv4列表,填入fakeip网段、tg v4网段、奈菲v4网段
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
| /ip firewall address-list add list=proxy_ipv4 address=28.0.0.0/8
/ip firewall address-list add list=proxy_ipv4 address=1.1.1.1/32
/ip firewall address-list add list=proxy_ipv4 address=1.0.0.1/32
/ip firewall address-list add list=proxy_ipv4 address=8.8.8.8/32
/ip firewall address-list add list=proxy_ipv4 address=8.8.4.4/32
/ip firewall address-list add list=proxy_ipv4 address=8.41.4.0/24
/ip firewall address-list add list=proxy_ipv4 address=23.23.189.144/28
/ip firewall address-list add list=proxy_ipv4 address=23.246.0.0/18
/ip firewall address-list add list=proxy_ipv4 address=34.195.253.0/25
/ip firewall address-list add list=proxy_ipv4 address=37.77.184.0/21
/ip firewall address-list add list=proxy_ipv4 address=38.72.126.0/24
/ip firewall address-list add list=proxy_ipv4 address=45.57.0.0/17
/ip firewall address-list add list=proxy_ipv4 address=52.24.178.0/24
/ip firewall address-list add list=proxy_ipv4 address=52.35.140.0/24
/ip firewall address-list add list=proxy_ipv4 address=54.204.25.0/28
/ip firewall address-list add list=proxy_ipv4 address=54.213.167.0/24
/ip firewall address-list add list=proxy_ipv4 address=64.120.128.0/17
/ip firewall address-list add list=proxy_ipv4 address=66.197.128.0/17
/ip firewall address-list add list=proxy_ipv4 address=69.53.224.0/19
/ip firewall address-list add list=proxy_ipv4 address=103.87.204.0/22
/ip firewall address-list add list=proxy_ipv4 address=108.175.32.0/20
/ip firewall address-list add list=proxy_ipv4 address=185.2.220.0/22
/ip firewall address-list add list=proxy_ipv4 address=185.9.188.0/22
/ip firewall address-list add list=proxy_ipv4 address=192.173.64.0/18
/ip firewall address-list add list=proxy_ipv4 address=198.38.96.0/19
/ip firewall address-list add list=proxy_ipv4 address=198.45.48.0/20
/ip firewall address-list add list=proxy_ipv4 address=203.75.84.0/24
/ip firewall address-list add list=proxy_ipv4 address=203.198.13.0/24
/ip firewall address-list add list=proxy_ipv4 address=203.198.80.0/24
/ip firewall address-list add list=proxy_ipv4 address=207.45.72.0/22
/ip firewall address-list add list=proxy_ipv4 address=208.75.76.0/22
/ip firewall address-list add list=proxy_ipv4 address=210.0.153.0/24
/ip firewall address-list add list=proxy_ipv4 address=91.108.56.0/22
/ip firewall address-list add list=proxy_ipv4 address=91.108.4.0/22
/ip firewall address-list add list=proxy_ipv4 address=91.108.8.0/22
/ip firewall address-list add list=proxy_ipv4 address=91.108.16.0/22
/ip firewall address-list add list=proxy_ipv4 address=91.108.12.0/22
/ip firewall address-list add list=proxy_ipv4 address=149.154.160.0/20
/ip firewall address-list add list=proxy_ipv4 address=91.105.192.0/23
/ip firewall address-list add list=proxy_ipv4 address=91.108.20.0/22
/ip firewall address-list add list=proxy_ipv4 address=185.76.151.0/24
/ip firewall address-list add list=proxy_ipv4 address=95.161.64.0/20
|
- 为目的ip为proxy_ipv4地址列表的连接打上“sing-box-v4”标记
1
| /ip firewall mangle add action=mark-routing chain=prerouting dst-address-list=proxy_ipv4 new-routing-mark=sing-box-v4 passthrough=yes
|
- 设置路由表sing-box-v4的下一跳网关为sing-box
1
| /ip route add dst-address=0.0.0.0/0 gateway=10.0.0.2 routing-table=sing-box-v4
|
IPv6部分
1
| /routing table add name=sing-box-v6 fib
|
1
2
3
4
5
6
| /ipv6 firewall address-list add address=f2b0::/18 list=proxy_ipv6
/ipv6 firewall address-list add address=2001:b28:f23d::/48 list=proxy_ipv6
/ipv6 firewall address-list add address=2001:b28:f23f::/48 list=proxy_ipv6
/ipv6 firewall address-list add address=2001:67c:4e8::/48 list=proxy_ipv6
/ipv6 firewall address-list add address=2001:b28:f23c::/48 list=proxy_ipv6
/ipv6 firewall address-list add address=2a0a:f280::/32 list=proxy_ipv6
|
1
| /ipv6 firewall mangle add action=mark-routing chain=prerouting dst-address-list=proxy_ipv6 new-routing-mark=sing-box-v6
|
- 设置路由表sing-box-v6的下一跳网关为sing-box。注意gateway为sing-box的IPv6
1
| /ipv6 route add dst-address=::/0 gateway=dc00::2222 routing-table=sing-box-v6
|
1
| /routing rule add action=lookup-only-in-table comment= "for ipv6 mangle effective in route" disabled=no routing-mark=sing-box-v6 table=sing-box-v6
|
2.通过直接在/ip route 中添加路由的方式将fakeip及TG IP、奈菲IP等路由至sing-box
- 下面命令未包含TG IP、奈菲IP,需要用可自行添加。此方法与第1种mangle标记法不冲突,例如可以FakeIP使用route,TG IP等依然使用mangle。
IPv4部分
1
2
3
4
5
| /ip route add disabled=no dst-address=28.0.0.0/8 gateway=10.0.0.2 routing-table=main suppress-hw-offload=no
/ip route add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=10.0.0.2 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add disabled=no distance=1 dst-address=1.1.1.1/32 gateway=10.0.0.2 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add disabled=no distance=1 dst-address=8.8.4.4/32 gateway=10.0.0.2 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add disabled=no distance=1 dst-address=1.0.0.1/32 gateway=10.0.0.2 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
|
IPv6部分
1
| /ipv6 route add disabled=no distance=1 dst-address=f2b0::/18 gateway=dc00::2222 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
|
3.通过在/routing rules 中添加路由规则的方式将fakeip及TG IP、奈菲IP等路由至sing-box。(博主目前在用此法)
- 添加sing-box-v4、sing-box-v6路由表
1
2
| /routing table add name=sing-box-v4 fib
/routing table add name=sing-box-v6 fib
|
- 设置路由表sing-box-v4、sing-box-v6的下一跳网关为sing-box
1
2
| /ip route add dst-address=0.0.0.0/0 gateway=10.0.0.2 routing-table=sing-box-v4
/ipv6 route add dst-address=::/0 gateway=dc00::2222 routing-table=sing-box-v6
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
| /routing rule
add action=lookup disabled=no dst-address=f2b0::/18 table=sing-box-v6
add action=lookup disabled=no dst-address=2001:b28:f23d::/48 table=sing-box-v6
add action=lookup disabled=no dst-address=2001:b28:f23f::/48 table=sing-box-v6
add action=lookup disabled=no dst-address=2001:67c:4e8::/48 table=sing-box-v6
add action=lookup disabled=no dst-address=2001:b28:f23c::/48 table=sing-box-v6
add action=lookup disabled=no dst-address=2a0a:f280::/32 table=sing-box-v6
add action=lookup disabled=no dst-address=1.1.1.1/32 table=sing-box-v4
add action=lookup disabled=no dst-address=1.0.0.1/32 table=sing-box-v4
add action=lookup disabled=no dst-address=192.168.31.0/24 table=sing-box-v4
add action=lookup disabled=no dst-address=8.8.8.8/32 table=sing-box-v4
add action=lookup disabled=no dst-address=8.8.4.4/32 table=sing-box-v4
add action=lookup disabled=no dst-address=8.41.4.0/24 table=sing-box-v4
add action=lookup disabled=no dst-address=45.12.89.152/32 table=sing-box-v4
add action=lookup disabled=no dst-address=104.19.192.175/32 table=sing-box-v4
add action=lookup disabled=no dst-address=23.23.189.144/28 table=sing-box-v4
add action=lookup disabled=no dst-address=23.246.0.0/18 table=sing-box-v4
add action=lookup disabled=no dst-address=34.195.253.0/25 table=sing-box-v4
add action=lookup disabled=no dst-address=37.77.184.0/21 table=sing-box-v4
add action=lookup disabled=no dst-address=38.72.126.0/24 table=sing-box-v4
add action=lookup disabled=no dst-address=45.57.0.0/17 table=sing-box-v4
add action=lookup disabled=no dst-address=52.24.178.0/24 table=sing-box-v4
add action=lookup disabled=no dst-address=52.35.140.0/24 table=sing-box-v4
add action=lookup disabled=no dst-address=54.204.25.0/28 table=sing-box-v4
add action=lookup disabled=no dst-address=54.213.167.0/24 table=sing-box-v4
add action=lookup disabled=no dst-address=64.120.128.0/17 table=sing-box-v4
add action=lookup disabled=no dst-address=66.197.128.0/17 table=sing-box-v4
add action=lookup disabled=no dst-address=69.53.224.0/19 table=sing-box-v4
add action=lookup disabled=no dst-address=103.87.204.0/22 table=sing-box-v4
add action=lookup disabled=no dst-address=108.175.32.0/20 table=sing-box-v4
add action=lookup disabled=no dst-address=185.2.220.0/22 table=sing-box-v4
add action=lookup disabled=no dst-address=185.9.188.0/22 table=sing-box-v4
add action=lookup disabled=no dst-address=192.173.64.0/18 table=sing-box-v4
add action=lookup disabled=no dst-address=198.38.96.0/19 table=sing-box-v4
add action=lookup disabled=no dst-address=198.45.48.0/20 table=sing-box-v4
add action=lookup disabled=no dst-address=203.75.84.0/24 table=sing-box-v4
add action=lookup disabled=no dst-address=203.198.13.0/24 table=sing-box-v4
add action=lookup disabled=no dst-address=203.198.80.0/24 table=sing-box-v4
add action=lookup disabled=no dst-address=207.45.72.0/22 table=sing-box-v4
add action=lookup disabled=no dst-address=208.75.76.0/22 table=sing-box-v4
add action=lookup disabled=no dst-address=210.0.153.0/24 table=sing-box-v4
add action=lookup disabled=no dst-address=91.108.56.0/22 table=sing-box-v4
add action=lookup disabled=no dst-address=91.108.4.0/22 table=sing-box-v4
add action=lookup disabled=no dst-address=91.108.8.0/22 table=sing-box-v4
add action=lookup disabled=no dst-address=91.108.16.0/22 table=sing-box-v4
add action=lookup disabled=no dst-address=91.108.12.0/22 table=sing-box-v4
add action=lookup disabled=no dst-address=149.154.160.0/20 table=sing-box-v4
add action=lookup disabled=no dst-address=28.0.0.0/8 table=sing-box-v4
add action=lookup disabled=no dst-address=91.108.20.0/22 table=sing-box-v4
add action=lookup disabled=no dst-address=91.105.192.0/23 table=sing-box-v4
add action=lookup disabled=no dst-address=95.161.64.0/20 table=sing-box-v4
add action=lookup disabled=no dst-address=185.76.151.0/24 table=sing-box-v4
|
