shadow-tls 转发udp流量

发表于 分类于 阅读次数:

nftables 解决方案

1
2
3
4
5
6
7
8
9
nft add table inet my_nat_table

nft add chain inet my_nat_table prerouting { type nat hook prerouting priority filter \; policy accept \; }

nft add chain inet my_nat_table postrouting { type nat hook postrouting priority srcnat \; policy accept \; }

nft add rule inet my_nat_table prerouting iifname "eth0" udp dport xxxxx(替换成shadowTLS 的端口) dnat to :xxxxxx(替换成 $$-rust的端口)

nft add rule inet my_nat_table postrouting oifname "eth0" udp dport xxxxxx(替换成 $$-rust的端口) masquerade

nftables 部分指令

  1. 输出到文件持久化

    1
    nft list ruleset > /etc/nftables.conf

  2. 加载规则

    1
    nft -f /etc/nftables.conf

ss-rust 解决方案

1
2
3
4
5
6
7
8
9
10
{
    "server": "::",
    "server_port": xxxxx(shadow TLS端口,让$$来接管这个端口的 udp 流量),
    "password": "xxxxxxxx",
    "method": "2022-blake3xxxxxxxx",
    "fast_open": true,
    "mode": "udp_only",
    "user": "nobody",
    "timeout": 300
}