小米mini路由器刷PandoraBox,开启SS服务

原创
2017/12/10 14:30
阅读数 1.2W

    小米路由器mini要先刷开发版,然后刷官方SSH工具,就可以远程SSH了,SSH上路由器以后就可以刷PandoraBox了,我刷了r512版本,内置了SS,ChinaDNS-C,默认是运行不起来SS服务的,即使你填好了SS配置。先修改/etc/config/shadowsocks 配置,修改为:

config shadowsocks 'config'
	option blacklist_enabled '0'
	option remote_server 'xxxxxxxx'
	option remote_port 'xxxxx'
	option local_address '0.0.0.0'
	option local_port  '1080'
	option password 'xxxxxx'
	option cipher 'xxxxxx'
	option redir_enabled '1'
	option whitelist_enabled '1'
	option enabled '0'
	option redir_port '1080'
    option tunnel_enable '1'
    option tunnel_port  '5353'
    option DNS '8.8.8.8:53'

修改/etc/init.d/shadowsocks 启动脚本:

start() {
	# HACK fd
	ulimit -n 4096

	config_load "shadowsocks"
	local enabled remote rport lport pass redir_enabled redir_port \
			whitelist_enabled blacklist_enabled
	config_get enabled config enabled
	config_get remote config remote_server
	config_get rport config remote_port
	config_get lport config local_port
	config_get laddress config local_address
	config_get cipher config cipher
	config_get pass config password
	config_get redir_enabled config redir_enabled
	config_get tunnel_enable config tunnel_enable
        config_get tunnel_port  config tunnel_port
	config_get DNS config DNS
	config_get redir_port config redir_port
	config_get whitelist_enabled config whitelist_enabled
	config_get blacklist_enabled config blacklist_enabled

	[ -z "$remote" ] || [ -z "$rport" ] || [ -z "$pass" ] && {
		echo "missing parameters. check config"
		return 1
	}

	[ "$enabled" = '1' ] && {
		service_start /usr/bin/ss-local \
			-s "$remote" \
			-p "$rport" \
			-l "$lport" \
			${cipher:+-m $cipher} \
			-k "$pass" \
			-u \
			-f "$ss_local_PID_FILE"
	}

	[ "$redir_enabled" = '1' ] && {
		service_start /usr/bin/ss-redir \
			-s "$remote" \
			-p "$rport" \
			-l "$redir_port" \
                        -b "$laddress" \
			${cipher:+-m $cipher} \
			-k "$pass" \
			-f "$ss_redir_PID_FILE"

		remoteip="`resolveip -t5 $remote`"

		iptables -t nat -N SHADOWSOCKS
		iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
		iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
		iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
		iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
		iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
		iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
		iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
		iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
		iptables -t nat -A SHADOWSOCKS -d $remoteip -j RETURN

		[ "$blacklist_enabled" = '1' ] && {
			sed -e "s/^/-A blacklist &/g" -e "1 i\-N blacklist nethash --hashsize 64" $ipset_blacklist | ipset -R -!
			iptables -t nat -A SHADOWSOCKS -p tcp -m set --match-set blacklist src -j RETURN
		}

		if [ "$whitelist_enabled" = '1' ];then
			sed -e "s/^/-A whitelist &/g" -e "1 i\-N whitelist nethash --hashsize 4096" $ipset_whitelist | ipset -R -!
			iptables -t nat -A SHADOWSOCKS -p tcp -m set ! --match-set whitelist dst -j REDIRECT --to-ports $redir_port
		else
			iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports $redir_port
		fi
		iptables -t nat -I zone_lan_prerouting -j SHADOWSOCKS
	}
	 [ "$tunnel_enable" = '1' ] && {
                service_start /usr/bin/ss-tunnel \
                        -s "$remote" \
                        -p "$rport" \
                        -l "$lport" \
                        ${cipher:+-m $cipher} \
                        -k "$pass" \
                        -u \
                        -l "$tunnel_port" \
                        -L "$DNS" \
                        -f "$ss_tunnel_PID_FILE"
        }
}

ss_local_stop() {
	service_stop /usr/bin/ss-local && {
		rm "$ss_local_PID_FILE"
	}
}

ss_tunnel_stop() {
        service_stop /usr/bin/ss-tunnel && {
                rm "$ss_tunnel_PID_FILE"
        }
}

ss_redir_stop() {
	service_stop /usr/bin/ss-redir && {
		iptables -t nat -D zone_lan_prerouting -j SHADOWSOCKS &> /dev/null
		iptables -t nat -F SHADOWSOCKS &> /dev/null
		sleep 1
		iptables -t nat -X SHADOWSOCKS &> /dev/null
		ipset destroy whitelist &> /dev/null
		ipset destroy blacklist &> /dev/null
		rm "$ss_redir_PID_FILE"
	}
}

stop() {
	ss_local_stop
	ss_redir_stop
        ss_tunnel_stop
}

打开ChinaDNS-C,然后将上游DNS中的8.8.8.8改成127.0.0.1:5353后启用,然后在命令行中运行/etc/init.d/shadowsocks reload

展开阅读全文
加载中

作者的其它热门文章

打赏
0
1 收藏
分享
打赏
0 评论
1 收藏
0
分享
返回顶部
顶部