add masq for ladders

ansible/scripts/global-postdown.sh.j2

@@ -29,6 +29,11 @@ ip rule del pref 301 fwmark {{gateway.mark}} lookup {{gateway.mark}}
 
 {% endfor %}
 
+# 海外节点梯子 MASQ
+{% if not isCN %}
+iptables -t nat -D POSTROUTING -m set --match-set mycard src -m set ! --match-set mycard dst -j MASQUERADE
+{% endif %}
+
 # 临时梯子
 iptables -t mangle -D PREROUTING -m set --match-set ladder_needed src -m set --match-set gfwiplist dst -j MARK --set-xmark 812/0xffffffff
 

ansible/scripts/global-postup.sh.j2

@@ -36,6 +36,11 @@ ip rule add pref 301 fwmark {{gateway.mark}} lookup {{gateway.mark}}
 
 {% endfor %}
 
+# 海外节点梯子 MASQ
+{% if not isCN %}
+iptables -t nat -A POSTROUTING -m set --match-set mycard src -m set ! --match-set mycard dst -j MASQUERADE 
+{% endif %}
+
 # 临时梯子
 iptables -t mangle -A PREROUTING -m set --match-set ladder_needed src -m set --match-set gfwiplist dst -j MARK --set-xmark 812/0xffffffff
 

src/inventory.ts

@@ -56,7 +56,7 @@ class InventoryBuilder {
       plan.gatewayAddress = hosts[plan.gateway].address;
     }
     // 所有内网网段
-    this.route_lists.mycard = ["10.198.0.0/16", "10.200.0.0/15"];
+    this.route_lists.mycard = ["10.198.0.0/16", "10.200.0.0/15", "172.16.0.0/12"];
     for (const h in this.hosts) {
       const host = this.hosts[h]
       for (const c of host.subnets.split(",")) {