clash使用redirect进行透明代理

2020-4-11 笑看风云 linux知识

首先创建systemd启动文件:

[Unit]
Description=clash proxy
Documentation=https://github.com/Dreamacro/clash
After=network.target

[Service]
Type=simple
Slice=clash_dev.slice
ExecStart=/usr/local/bin/clash-dev -d /opt/clash 
ExecStartPost=/usr/bin/iptables -t nat -I realip -m cgroup --path /clash_dev.slice/clash_dev.service -j RETURN
ExecStopPost=/usr/bin/iptables -t nat -D realip -m cgroup --path /clash_dev.slice/clash_dev.service -j RETURN
Restart=always
RestartSec=1s
StandardOutput=file:/tmp/clash-dev.log

[Install]
WantedBy=default.target

然后创建ipset规则:

 sudo ipset create realip hash:net
 sudo ipset add realip 192.168.0.0/16
 sudo ipset add realip 198.18.0.0/16
 sudo ipset add realip 169.254.0.0/16
 sudo ipset add realip 240.0.0.0/4
 sudo ipset add realip 127.0.0.0/8
 sudo ipset add realip 172.16.0.0/12
 sudo ipset add realip 10.0.0.0/8
 sudo ipset add realip 0.0.0.0/8
 sudo ipset add realip 224.0.0.0/4

接着创建iptables规则:

sudo iptables -t nat -N realip
sudo iptables -t nat -A realip -m set --match-set realip dst -j RETURN  
sudo iptables -t nat -A realip -p tcp -j REDIRECT --to-ports 7776    
sudo iptables -t nat -A OUTPUT -p tcp -j realip

现在重新启动clash应该就可以透明代理TCP协议了.

标签: 网络 Linux 网络代理 clash