Install Ubuntu

Download the ISO file from the Ubuntu official website to create and install the USB flash drive

Sudo is required for almost all of the following operations

Enabling IP Forwarding

vim /etc/sysctl.conf
Copy the code

Uncomment the net.ipv4.ip_forward=1 line and run the following command to enable the current configuration

sysctl -p
Copy the code

Configure iptables

iptables -t nat -N clash
iptables -t nat -N clash_dns

This is the DNS address of fake-ipIptables -t NAT -a PREROUTING -p TCP --dport 53 -d 198.19.0.0/24 -j clash_DNS iptables -t NAT -a PREROUTING -p UDP --dport 53 -d 198.19.0.0/24 -j clash_DNS iptables -t NAT -a PREROUTING -p TCP -j clashMake the current machine a gateway serverIptables -t filter -a FORWARD -j ACCEPT iptables -t NAT -a POSTROUTING -s 192.168.0.0/16 -j MASQUERADENote that 192.168.1.21 at the end of the following two lines is the IP address of the current bypass. Please change it according to your own situation
The destination DNS port is 5354 in the clash configurationIptables -t NAT -a clash_dns -p udp --dport 53 -d 198.19.0.0/24 -j DNAT --to-destination 192.168.2.101:5354 iptables -t NAT -a clash_dns -p TCP --dport 53 -d 198.19.0.0/24 -j DNAT --to-destination 192.168.2.101:5354# Bypass some Intranet addresses, (RETURN indicates to exit the current Chain and RETURN to the Chain of the next higher level to continue matching)Iptables -t NAT -a clash -d 0.0.0.0/8 -j RETURN iptables -t NAT -a clash -d 10.0.0.0/8 -j RETURN iptables -t NAT -a Clash -d 127.0.0.0/8 -j RETURN iptables -t NAT -a clash -d 169.254.0.0/16 -j RETURN iptables -t NAT -a clash -d 127.0.0.0/8 -j RETURN iptables -t NAT -a clash -d 172.16.0.0/12 -j RETURN iptables -t NAT -a clash -d 192.168.0.0/16 -j RETURN iptables -t NAT -a clash -d 224.0.0.0/4 -j RETURN iptables -t NAT -a clash -d 240.0.0.0/4 -j RETURNNote that 7892 corresponds to redir-port in the subsequent Clash configuration
iptables -t nat -A clash -p tcp -j REDIRECT --to-ports 7892
Copy the code

After the preceding commands are executed, the iptables configuration is complete. However, the iptables configuration becomes invalid after the machine is restarted. In this case, you need to install iptables-persistent to implement the persistent iptables configuration.

Manually Saving the Configurationiptables-save > /etc/iptables/rules.v4
Manually load the configuration from a fileiptables-restore /etc/iptables/rules.v4

Install the Clash

Wget HTTP: / / https://github.com/Dreamacro/clash/releases/download/v1.3.0/clash-linux-amd64-v1.3.0.gz#Unzip and put the binaries in /usr/bin with executable permissionsGzip -d clash-linux-amd64-v1.3.0.gz sudo mv clash-linux-amd64-v1.3.0 /usr/bin/clash sudo chmod +x /usr/bin/clashCopy the code

Creating the Clash Configuration

Mkdir -p ~/.config/clash CD ~/.config/clash vim config.yamlCopy the code

Enter the following basic configuration

Port: 7890 socks-port: 7891 Redir-port: 7892 allow-lan: true mode: Rule log-level: info DNS: 7890 socks-port: 7891 redir-port: 7892 allow-lan: true mode: Rule log-level: info DNS: 7890 socks-port: 7891 redir-port: 7892 allow-lan: true mode: Rule log-level: info Listen: 0.0.0.0:5354 enhanced-mode: fake-ip fake-ip-range: enable: true ipv6: false 198.18.0.1/16 nameserver: - '192.168.2.1' # Proxy: #...Copy the code

If you need to verify that the configuration file is compliant, you can run clash -t. If successful, the program will output “successful”.

Configuring the Clash Service

vim /etc/systemd/system/clash.service
Copy the code

Add content

[Unit]
Description=clash daemon

[Service]
Type=simple
User=YOUR USER NAME
ExecStart=/usr/bin/clash -d /home/{{YOUR_USER_NAME}}/.config/clash/
Restart=on-failure

[Install]
WantedBy=multi-user.target
Copy the code

systemctl start clash.service
systemctl enable clash.service
Copy the code

Set the default gateway of the client

Set the default gateway to the IP address of the bypass on the router
Modify the network configuration of the PC, set the static IP address, and set the default gateway IP address to the bypass IP address
- DNS set to 198.19.0.1(fake IP forwarding already configured above)
- 255.255.255.0

Q&A

1. Machines running Clash cannot access the Internet

For example, the IP address of the router is 192.168.2.1, and the IP address of the bypass router is 192.168.2.101. The original default gateway is 192.168.2.1. Later, the default gateway was changed to 192.168.2.101(bypass IP) in the management interface of the router. After setting the default gateway, it would not be synchronized to all devices immediately. After a while, the bypass IP was updated, and the gateway was obtained from the main router as 192.168.2.101. It’s been an endless loop.

SSH Remote past bypass by IP route View the current route configuration

Default via 192.168.2.101 dev eth0 SRC 192.168.2.101 Metric 202 172.17.0.0/16 dev docker0 proto kernel scope link SRC 172.17.0.1 linkdown 192.168.2.0/24 dev eth0 proto kernel scope link SRC 192.168.2.101 metric 202Copy the code

View the IP address of the current device

ip address
Copy the code

Get IP information:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host LO valid_lft forever preferred_lft forever Inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether B8:27 :eb:41:4b: 8C BRD FF :ff:ff:ff:ff: FF inet 192.168.2.101/24 BRD 192.168.2.255 Scope global eth0 VALID_lft forever preferred_lft forever inet6 fe80::50e0:43d3:b9f4:c7d6/64 scope link valid_lft forever preferred_lft forever 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether b8:27:eb:14:1e:d9 brd ff:ff:ff:ff:ff:ff 4: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000 Link/ipIP 0.0.0.0 BRD 0.0.0.0 5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:52:a5:42:48 brd Ff :ff:ff:ff:ff:ff :ff inet 172.17.0.1/16 BRD 172.17.255.255 scope Global Docker0 VALID_lft forever preferred_lft foreverCopy the code

Therefore, the bypass gateway is 192.168.2.101, which is its own gateway. In this case, just modify the bypass gateway, also using the IP route command

IP route add default via 192.168.2.1Copy the code

2. By`ip route`Set the gateway to expire after a while

Different Settings and different systems have their own persistent storage methods, here are a few

1) Raspberrypi OS

Echo 'IP route add default via 192.168.2.1' > /etc/dhcpcd.exit-hookCopy the code

2) Ubntu 20.04 Server

Modify yaml configuration in /etc/netplan/

Eth0: dhcp4: true dhcp4-overrides: use-routes: false gateway4: 192.168.2.1Copy the code

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Ubuntu configured as bypass by implementing Transparent Proxy (Clash)

Install Ubuntu

Enabling IP Forwarding

Configure iptables

Install the Clash

Configuring the Clash Service

Set the default gateway of the client

Q&A

1. Machines running Clash cannot access the Internet

2. By`ip route`Set the gateway to expire after a while

Ubuntu configured as bypass by implementing Transparent Proxy (Clash)

Install Ubuntu

Enabling IP Forwarding

Configure iptables

Install the Clash

Configuring the Clash Service

Set the default gateway of the client

Q&A

1. Machines running Clash cannot access the Internet

2. Byip routeSet the gateway to expire after a while

Related Posts

This time it really saved me, MySQL index optimization, explain very clearly

Week 250 (ii)

Nginx array structure

2. By`ip route`Set the gateway to expire after a while