Add: [document/level-2] redirect traffic

https: //github.com/XTLS/XTLS.github.io/pull/79
Co-Authored-By: Zzz <28607089+Zzz3m@users.noreply.github.com>
This commit is contained in:
JimhHan 2021-03-26 11:19:19 +08:00
parent 6e8e229f02
commit aaa7fe05a9
No known key found for this signature in database
GPG Key ID: 48D5D7CF95157AC5
3 changed files with 506 additions and 154 deletions

View File

@ -1,156 +1,153 @@
module.exports = { module.exports = {
plugins: [ plugins: ["@vuepress/back-to-top", "vuepress-plugin-mermaidjs"],
'@vuepress/back-to-top', base: "/Xray-docs-next/",
'vuepress-plugin-mermaidjs' locales: {
], "/": {
base: '/Xray-docs-next/', lang: "zh-CN",
locales: { title: "Project X",
'/': { description: "Xray 官方文档"
lang: 'zh-CN',
title: 'Project X',
description: 'Xray 官方文档'
}
},
themeConfig: {
smoothScroll: true,
repo: 'xtls/xray-core',
repoLabel: '查看源码',
docsRepo: 'xtls/Xray-docs-next',
docsDir: 'docs',
docsBranch: 'main',
editLinks: true,
editLinkText: '帮助我们改善此页面!',
nav: [
{ text: '首页', link: '/' },
{ text: '大史记', link: '/about/news' },
{ text: '配置指南', link: '/config/' },
{ text: '开发指南', link: '/development/' },
{ text: '使用指南', link: '/document/' },
{
text: '多语言',
ariaLabel: 'Language Menu',
items: [
{ text: '简体中文', link: '/' },
{ text: 'English', link: '/en' }
]
},
],
sidebar: {
'/config/': [
{
title: '特性详解',
children: [
'features/vless',
'features/xtls',
'features/fallback',
'features/env',
'features/multiple'
]
},
{
title: '基础配置',
collapsable: false,
path: '/config/',
children: [
'api',
'dns',
'fakedns',
'inbound',
'outbound',
'policy',
'reverse',
'routing',
'stats',
'transport'
]
},
{
title: '入站代理',
collapsable: false,
path: '/config/inbounds/',
children: [
'inbounds/dokodemo',
'inbounds/http',
'inbounds/shadowsocks',
'inbounds/socks',
'inbounds/trojan',
'inbounds/vless',
'inbounds/vmess'
]
},
{
title: '出站代理',
collapsable: false,
path: '/config/outbounds/',
children: [
'outbounds/blackhole',
'outbounds/dns',
'outbounds/freedom',
'outbounds/http',
'outbounds/shadowsocks',
'outbounds/socks',
'outbounds/trojan',
'outbounds/vless',
'outbounds/vmess'
]
},
{
title: '底层传输',
collapsable: false,
path: '/config/transports/',
children: [
'transports/grpc',
'transports/h2',
'transports/mkcp',
'transports/quic',
'transports/tcp',
'transports/websocket'
]
},
],
'/document/level-0/': [
'ch01-preface',
'ch02-preparation',
'ch03-ssh',
'ch04-security',
'ch05-webpage',
'ch06-certificates',
'ch07-xray-server',
'ch08-xray-clients',
'ch09-appendix',
],
'/document/level-1/': [
'fallbacks-lv1',
'routing-lv1-part1',
'routing-lv1-part2',
'work',
'fallbacks-with-sni',
],
'/document/level-2/': [
'transparent_proxy/transparent_proxy',
'tproxy',
'iptables_gid',
],
'/': 'auto',
}
},
markdown: {
toc: {
includeLevel: [2]
},
extendMarkdown: md => {
md.use(require('markdown-it-footnote'))
}
},
chainWebpack: (config) => {
config.module
.rule('webp')
.test(/\.(webp)(\?.*)?$/)
.use('file-loader')
.loader('file-loader')
.options({
name: `assets/img/[name].[hash:8].[ext]`
})
} }
} },
themeConfig: {
smoothScroll: true,
repo: "xtls/xray-core",
repoLabel: "查看源码",
docsRepo: "xtls/Xray-docs-next",
docsDir: "docs",
docsBranch: "main",
editLinks: true,
editLinkText: "帮助我们改善此页面!",
nav: [
{ text: "首页", link: "/" },
{ text: "大史记", link: "/about/news" },
{ text: "配置指南", link: "/config/" },
{ text: "开发指南", link: "/development/" },
{ text: "使用指南", link: "/document/" },
{
text: "多语言",
ariaLabel: "Language Menu",
items: [
{ text: "简体中文", link: "/" },
{ text: "English", link: "/en" }
]
}
],
sidebar: {
"/config/": [
{
title: "特性详解",
children: [
"features/vless",
"features/xtls",
"features/fallback",
"features/env",
"features/multiple"
]
},
{
title: "基础配置",
collapsable: false,
path: "/config/",
children: [
"api",
"dns",
"fakedns",
"inbound",
"outbound",
"policy",
"reverse",
"routing",
"stats",
"transport"
]
},
{
title: "入站代理",
collapsable: false,
path: "/config/inbounds/",
children: [
"inbounds/dokodemo",
"inbounds/http",
"inbounds/shadowsocks",
"inbounds/socks",
"inbounds/trojan",
"inbounds/vless",
"inbounds/vmess"
]
},
{
title: "出站代理",
collapsable: false,
path: "/config/outbounds/",
children: [
"outbounds/blackhole",
"outbounds/dns",
"outbounds/freedom",
"outbounds/http",
"outbounds/shadowsocks",
"outbounds/socks",
"outbounds/trojan",
"outbounds/vless",
"outbounds/vmess"
]
},
{
title: "底层传输",
collapsable: false,
path: "/config/transports/",
children: [
"transports/grpc",
"transports/h2",
"transports/mkcp",
"transports/quic",
"transports/tcp",
"transports/websocket"
]
}
],
"/document/level-0/": [
"ch01-preface",
"ch02-preparation",
"ch03-ssh",
"ch04-security",
"ch05-webpage",
"ch06-certificates",
"ch07-xray-server",
"ch08-xray-clients",
"ch09-appendix"
],
"/document/level-1/": [
"fallbacks-lv1",
"routing-lv1-part1",
"routing-lv1-part2",
"work",
"fallbacks-with-sni"
],
"/document/level-2/": [
"transparent_proxy/transparent_proxy",
"tproxy",
"iptables_gid",
"redirect"
],
"/": "auto"
}
},
markdown: {
toc: {
includeLevel: [2]
},
extendMarkdown: md => {
md.use(require("markdown-it-footnote"));
}
},
chainWebpack: config => {
config.module
.rule("webp")
.test(/\.(webp)(\?.*)?$/)
.use("file-loader")
.loader("file-loader")
.options({
name: `assets/img/[name].[hash:8].[ext]`
});
}
};

View File

@ -16,3 +16,8 @@
[[透明代理]通过gid规避Xray流量](./iptables_gid.md) by <img src="https://avatars2.githubusercontent.com/u/57820613?s=32" width="32px" height="32px" alt="a"/> [@kirin](https://github.com/kirin10000)</font> [[透明代理]通过gid规避Xray流量](./iptables_gid.md) by <img src="https://avatars2.githubusercontent.com/u/57820613?s=32" width="32px" height="32px" alt="a"/> [@kirin](https://github.com/kirin10000)</font>
在iptables/nftables实现的透明代理中一种新的规避Xray流量的方式。 在iptables/nftables实现的透明代理中一种新的规避Xray流量的方式。
[通过Xray将特定的流量指向特定出口实现全局路由“分流”](./redirect.md) by <img src="https://avatars.githubusercontent.com/u/28607089?s=460" width="32px" height="32px" alt="a"/> [@Zzz3m](https://github.com/Zzz3m)</font>
将Xray玩出花:基于 fwmark 或 sendThrough 方式实现“分流”。

View File

@ -0,0 +1,350 @@
# 将特定流量指向特定出口
通过 Xray 将特定的流量指向特定出口,实现全局路由“分流”
## 前言
之前在网络上看到许多代理或者 VPN 会接管全局路由,如果与 Xray 同时安装,会导致 Xray 失效。参考了网络上许多教程,及时分流,也是通过维护一张或者多张 CIDR
路由表来实现的。这种情况下并不优雅,如果我想可以任意替换,实现按需分流,那有没有更好的办法呢?有!
通过 fwmark 或 Xray 的 sendThrough再简单配合路由表功能即可实现
1. Xray 可设置指定的 Tag、域名等走指定接口。如果您的接口是双栈的可以指定 IPV4 或者 IPV6
2. 其余用户则走原 IPV4 或者 IPV6
具体设置如下(以 Debian10 为例):
## 1、安装代理或者 VPN 软件(例如 Wireguard、IPsec 等)
根据不同系统和不同软件,请参考官方安装方法
## 2、编辑 VPN 配置文件(以 WireGuard 为例)
原始文件:
<Tabs title="if-config">
<Tab title="fwmark">
```ini
[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxxx
Address = "your wg0 v4 address"
Address = "your wg0 v6 address"
DNS = 8.8.8.8
MTU = 1280
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxx
AllowedIPs = ::/0
AllowedIPs = 0.0.0.0/0
Endpoint = "ip:port"
```
`[Interface]` 下添加如下命令:
```ini
Table = off
PostUP = ip -4 rule add fwmark <mark> lookup <table>
PostUP = ip -4 route add default dev <接口名称> table <table>
PostUP = ip -4 rule add table main suppress_prefixlength 0
PostUP = ip -6 rule add fwmark <mark> lookup <table>
PostUP = ip -6 rule add not fwmark <table> table <table>
PostUP = ip -6 route add ::/0 dev <接口名称> table <table>
PostUP = ip -6 rule add table main suppress_prefixlength 0
PostDown = ip -4 rule delete fwmark <mark> lookup <table>
PostDown = ip -4 rule delete table main suppress_prefixlength 0
PostDown = ip -6 rule delete fwmark <mark> lookup <table>
PostDown = ip -6 rule delete not fwmark <table> table <table>
PostDown = ip -6 rule delete table main suppress_prefixlength 0
```
::: tip
- 此命令表示 IPv4 中 fwmark 为 `<mark>`IPv6 中 fwmark 为`<mark>`::/0 全局 v6 走 WireGuard
- 可根据自己需求增删命令mark 值要与 Xray-core 中设置为相同table 值自定
- 如果不支持配置文件,可以在系统中修改路由表
:::
</Tab>
<Tab title="sendThrough">
```ini
[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxxx
Address = "your wg0 v4 address"
Address = "your wg0 v6 address"
DNS = 8.8.8.8
MTU = 1280
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxx
AllowedIPs = ::/0
AllowedIPs = 0.0.0.0/0
Endpoint = "ip:port"
```
`[Interface]` 下添加如下命令:
```ini
Table = off
PostUP = ip -4 rule add from "your wg0 v4 address" lookup <table>
PostUP = ip -4 route add default dev wg0 table <table>
PostUP = ip -4 rule add table main suppress_prefixlength 0
PostUP = ip -6 rule add not fwmark <table> table <table>
PostUP = ip -6 route add ::/0 dev wg0 table <table>
PostUP = ip -6 rule add table main suppress_prefixlength 0
PostDown = ip -4 rule delete from "your wg0 v4 address" lookup <table>
PostDown = ip -4 rule delete table main suppress_prefixlength 0
PostDown = ip -6 rule delete not fwmark <table> table <table>
PostDown = ip -6 rule delete table main suppress_prefixlength 0
```
::: tip
- 此命令表示 IPV4 中来自 `your wg0 v4 address` 地址的走 WireGuardIPv6 中::/0 全局 v6 走 WireGuard
- 可根据自己需求增删命令,实现 v6 分流,也可以与 fwmark 融合
- 如果不支持配置文件,可以在系统中修改路由表
:::
</Tab>
</Tabs>
保存
可顺手安装
```bash
apt install openresolv
```
## 3、启用 WireGuard 网络接口
加载内核模块
```bash
modprobe wireguard
```
检查 WG 模块加载是否正常
```bash
lsmod | grep wireguard
```
## 4、Xray-core 配置文件修改
<Tabs title="xray-config">
<Tab title="fwmark">
```json
{
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": <port>,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv6"
//设置默认用户走指定方式”UseIPv6”或者”UseIPv4”
}
},
{
"protocol": "freedom",
"tag": "wg0",
"streamSettings": {
"sockopt": {
"mark": <mark>
}
},
"settings": {
"domainStrategy": "UseIPv6"
}
//设置fwmark为<mark>的用户走指定方式”UseIPv6””UseIPv4”
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"policy": {
"system": {
"statsInboundDownlink": true,
"statsInboundUplink": true
}
},
"routing": {
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"type": "field",
"outboundTag": "wg0",
"inboundTag": [
"<inboundTag>"
//需要之前在inbound中指定好Tag我这里是api生成的,还可以添加域名等等
]
},
{
"outboundTag": "blocked",
"protocol": [
"bittorrent"
],
"type": "field"
}
]
},
"stats": {}
}
```
</Tab>
<Tab title="sendThrough">
```json
{
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": <port>,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
}
//修改此处可v4或者v6
},
{
"tag": "wg0",
"protocol": "freedom",
"sendThrough": "your wg0 v4 address",
//修改此处可v4或者v6
"settings": {
"domainStrategy": "UseIPv4"
}
//修改此处可v4或者v6
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"policy": {
"system": {
"statsInboundDownlink": true,
"statsInboundUplink": true
}
},
"routing": {
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"type": "field",
"outboundTag": "wg0",
"inboundTag": [
"<inboundTag>"
//需要之前在 inbound 中指定好 Tag我这里是 api 生成的,还可以添加域名等等
]
},
{
"outboundTag": "blocked",
"protocol": [
"bittorrent"
],
"type": "field"
}
]
},
"stats": {}
}
```
</Tab>
</Tabs>
::: tip
可以通过修改 "domainStrategy": "UseIPv6"来控制对应用户的访问方式 实测优先级要高于系统本身的 gai.config
:::
## 5、系统设置配置
::: tip
需要打开系统的 ip_forward
:::
## 6、完成 WireGuard 相关设置
开启隧道
```bash
wg-quick up wg0
```
开机自启
```bash
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
```
验证 IPv4/IPv6
> 自行验证 Google 搜索 myip
## 后记
本文本意是可以避免的多余的流量浪费,将路由和分流的功能交给 Xray 处理。避免了维护路由表的繁琐工作。顺便技术提升 UP。
## 感谢
@Xray-core @V2ray-core @WireGuard @p3terx @w @Hiram @Luminous @Ln @JackChou