part

79fe3d2b · nanahira · 6aba8a3a · 79fe3d2b · 79fe3d2b · 79fe3d2b
Commit 79fe3d2b authored Aug 13, 2021 by nanahira
5 changed files
--- a/ansible/scripts/global-postup.sh.j2
+++ b/ansible/scripts/global-postup.sh.j2
@@ -34,6 +34,9 @@ $IPTABLES_EXEC -t mangle -A PREROUTING -m mark --mark 0x0 ! -p ospf -m set ! --m
 $IPTABLES_EXEC -t mangle -I OUTPUT -m mark ! --mark 0 -j RETURN
+$IPTABLES_EXEC -t nat -N NEXTGEN_SWITCH
+$IPTABLES_EXEC -t nat -A PREROUTING -j NEXTGEN_SWITCH
 # switch rules
 {{ansible_user_dir}}/nextgen-network/scripts/switch-rules-up.sh

--- a/ansible/scripts/switch-rules-down.sh.j2
+++ b/ansible/scripts/switch-rules-down.sh.j2
 #!/bin/bash
 source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh
-ip rule del pref 300 fwmark 999 table 999
-ip route del local default dev lo table 999
 iptables -t mangle -F NEXTGEN_SWITCH
+iptables -t nat -F NEXTGEN_SWITCH
 ## restore mark
 {% for plan in routePlans %}

--- a/ansible/scripts/switch-rules-up.sh.j2
+++ b/ansible/scripts/switch-rules-up.sh.j2
@@ -2,9 +2,6 @@
 ## reloaded at 6.24
 source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh
-ip rule add pref 300 fwmark 999 table 999
-ip route replace local default dev lo table 999
 ## route plans
 {% for plan in routePlans %}
 ip rule add pref 400 fwmark {{plan.destMark}} lookup {{plan.destMark}}
@@ -20,10 +17,8 @@ restore_mark_switch -A {{plan.destMark}}
 interface_switch_china -A u_{{gw.isp}}_china {{gw.selectionMark}}
 interface_switch_oversea -A u_{{gw.isp}}_oversea {{gw.selectionMark}}
 restore_mark_switch -A {{gw.selectionMark}}
-interface_switch_tproxy -A {{gw.selectionMark}} {{gw.haproxyPort}}
-{% else %}
-interface_switch_tproxy_default -A {{gw.haproxyPort}}
 {% endif %}
+interface_switch_redirect -A {{gw.selectionMark}} {{gw.redirectPort}}
 {% endif %}
 {% endfor %}

--- a/ansible/scripts/utility.sh.j2
+++ b/ansible/scripts/utility.sh.j2
@@ -68,14 +68,9 @@ interface_switch_oversea() {
  $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set "$IPSET" src -m set ! --match-set mycard dst -m set --match-set chnrouter dst -j CONNMARK --set-xmark "$MARK"
 }
-interface_switch_tproxy() {
+interface_switch_redirect() {
  OPTION=$1
  MARK=$2
-  HAPROXY_PORT=$3
+  REDIR_PORT=$3
-  $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark "$MARK" -m set ! --match-set mycard dst -p tcp -m multiport --dports 80,443 -j TPROXY --on-port "$HAPROXY_PORT" --tproxy-mark 999
+  $IPTABLES_EXEC -t nat "$OPTION" NEXTGEN_SWITCH -m mark --mark $MARK -i 'mc*' -m set --match-set mycard src -m set ! --match-set mycard dst -p tcp -m multiport --dports 80,443,21,22,23,8080,8443 -j DNAT --to-destination {{address}}:$REDIR_PORT
-}
-interface_switch_tproxy_default() {
-  OPTION=$1
-  HAPROXY_PORT=$2
-  $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set mycard src -m set ! --match-set mycard dst -p tcp -m multiport --dports 80,443 -j TPROXY --on-port "$HAPROXY_PORT" --tproxy-mark 999
 }
--- a/src/inventory.ts
+++ b/src/inventory.ts
@@ -93,10 +93,10 @@ class InventoryBuilder {
      gateway.hidden = !!gateway.hidden;
      if (gateway.mark) {
        gateway.selectionMark = gateway.mark + 50;
-        gateway.haproxyPort = gateway.mark + 60000;
+        gateway.redirectPort = gateway.mark + 60000;
      } else {
        gateway.selectionMark = 0;
-        gateway.haproxyPort = 60100;
+        gateway.redirectPort = 60100;
      }
    }
    return gateways;