使用的方案是shadowsock+iptables轉發

VPS配置

wget https://bootstrap.pypa.io/get-pip.py

sudo python3 get-pip.py

sudo pip install shadowsocks

vi conf.json

{
"server_port":41111,
"local_port":1080,
"password":"sspasswd",
"timeout":600,
"method":"rc4-md5"
}

nohup ssserver -c conf.json &

sudo dnsmasq

###############################

shadowsocks-libev版本（C實現，效能更好）

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

yum install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto c-ares-devel libev-devel libsodium-devel mbedtls-devel -y

git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule update --init --recursive

./autogen.sh ; ./configure --prefix=/usr ; make install

混淆外掛（可選）simple-obfs
yum install zlib-devel openssl-devel -y
git clone https://github.com/shadowsocks/simple-obfs.git
cd simple-obfs
git submodule update --init --recursive
./autogen.sh;./configure ; make install

配置中增加：
"plugin":"obfs-server",
"plugin_opts":"obfs=http"

{

"server_port":40000,

"local_port":1080,

"password":"----",

"timeout":300,

"plugin":"obfs-server",

"method":"aes-256-cfb"

}

nohup ss-server -c conf.json &(可以同時監聽多個程序)

主機配置

配置dns

dnsmasq

vi /etc/dnsmasq.conf

no-resolv
server=127.0.0.1#5354

service dnsmasq restart

chinadns

sudo ./chinadns -c chnroute.txt -p 5354 -s {vps_ip},114.114.114.114,127.0.0.1:5300 1>chinadns.log 2>err.log &

配置 ss-redir和ss-tunnel

docker run --name for_google --net host -d shadowsocks/shadowsocks-libev sleep 86400000

docker exec -it for_google /bin/sh

nohup ss-redir -s "${vps_ip}" -p 48311 -b 0.0.0.0 -l 1080 -k "sspasswd" -m "rc4-md5" &

nohup ss-tunnel -s ${vps_ip} -p 48311 -b 0.0.0.0 -l 5300 -k sspasswd -m rc4-md5 -L 8.8.8.8:53 &

建議配置多線對端，這樣可以多人使用而不卡，否則會經常有卡住情況。

配置網路

ipset cn網段

curl -sL http://f.ip.cn/rt/chnroutes.txt | egrep -v '^$|^#' > cidr_cn
sudo ipset -N cidr_cn hash:net
for i in `cat cidr_cn`; do echo ipset -A cidr_cn $i >> ipset.sh; done
chmod +x ipset.sh && sudo ./ipset.sh
rm -f ipset.cidr_cn.rules
sudo ipset -S > ipset.cidr_cn.rules
sudo cp ./ipset.cidr_cn.rules /etc/ipset.cidr_cn.rules

iptables設定轉發

iptables -t nat -N SHADOWSOCKS

iptables -t nat -A SHADOWSOCKS -d 0/8 -j RETURN

iptables -t nat -A SHADOWSOCKS -d 127/8 -j RETURN

iptables -t nat -A SHADOWSOCKS -d 10/8 -j RETURN

iptables -t nat -A SHADOWSOCKS -d 169.254/16 -j RETURN

iptables -t nat -A SHADOWSOCKS -d 172.16/12 -j RETURN

iptables -t nat -A SHADOWSOCKS -d 192.168/16 -j RETURN

iptables -t nat -A SHADOWSOCKS -d 224/4 -j RETURN

iptables -t nat -A SHADOWSOCKS -d 240/4 -j RETURN

iptables -t nat -A SHADOWSOCKS -d 35.163.122.241 -j RETURN

iptables -t nat -A SHADOWSOCKS -m set --match-set cidr_cn dst -j RETURN

iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080

iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS

iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS

iptables刪除FORWARD和INPUT對應的DROP規則

iptables -D FORWARD 18

iptables -D INPUT 10