From fee70436018dc451047a47f8595a04ff17aae9d9 Mon Sep 17 00:00:00 2001 From: salmonstill Date: Wed, 20 May 2026 16:10:27 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E4=BA=86spark=E7=9A=84?= =?UTF-8?q?=E5=BF=AB=E6=8D=B7=E8=AE=BF=E9=97=AE=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 27 ++++++++++++++------------- qbittorrent流量转发.md | 2 +- xray-北京vps-config.json | 30 ++++++++++++++++++++++++++++++ xray-旁路由-config.json | 30 ++++++++++++++++++++++++++++++ 旁路由的mihomo config.yaml | 8 -------- 5 files changed, 75 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 54265c5..75966ef 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ |---|---|---| | **北京 VPS** | `salmonstill.cn` / `49.232.242.90` | 公网入口,Nginx + Xray + socat + WireGuard | | **东京 VPS** | `tokyo.salmonstill.cn` / `43.165.178.10` | 代理出口,Xray Reality 出站 | -| **旁路由** | `192.168.1.199` / WG `10.0.0.2` | 内网核心,Xray bridge + Mihomo TUN | +| **旁路由** | `192.168.1.199` / WG `10.0.0.2` | 内网核心,Xray bridge + Mihomo 代理 | | **NAS** | `192.168.1.188` | 绿联云 UGOS,思源笔记等服务 | | **qBittorrent** | `192.168.1.200` (macvlan) | PT 下载,独立 IP | | **Windows** | `192.168.1.177` | 内网办公,SSH | @@ -57,6 +57,8 @@ | `external_wsl` | 38655 | → portal → Windows :22 | | `external_nas_ssh` | 38656 | → portal → NAS :22 | | `external_router_ssh` | 38657 | → portal → 旁路由 :22 | +| `external_spark_ssh` | 38659 | → portal → Spark (166) :22 | +| `external_spark_rdp` | 38660 | → portal → Spark (166) :3389 | | `external_router_web` | 39766 | → portal → 旁路由 :80 | | `external_tmp` | 8501 | → portal → Windows :8501 | | `external_3000` | 3000 | → portal → NAS :3000 | @@ -93,6 +95,8 @@ | `to_3000` | `192.168.1.188:3000` | Web 服务 | | `to_222` | `192.168.1.188:222` | 备用服务 | | `to_qbit` | `192.168.1.200:51413` | qBittorrent 入站 | +| `to_spark_ssh` | `192.168.1.166:22` | Spark SSH 远程 | +| `to_spark_rdp` | `192.168.1.166:3389` | Spark xRDP 桌面远程 | | `interconn` | VLESS+Reality → `salmonstill.cn:443` (SNI=www.apple.com) | 隧道链接 | | `to_beijing_direct` | VLESS+Reality → `salmonstill.cn:443` (SNI=news.apple.com) | 北京直连 | | `direct` | freedom | 直连 | @@ -110,6 +114,8 @@ - 39132 → `to_minecraft` - 51413 → `to_qbit` - 38658 → `direct`(SOCKS5 动态回家,直接连接目标地址) +- 38659 → `to_spark_ssh`(Spark SSH 远程) +- 38660 → `to_spark_rdp`(Spark xRDP 桌面远程) - 默认(catch-all)→ **`direct`**(不匹配端口规则的动态请求直连目标) - `socks-lan` 入站 → `to_beijing_direct` @@ -125,17 +131,13 @@ ### 旁路由 (`旁路由的mihomo config.yaml`) -**TUN 透明代理** — `tun` 模式,内核级劫持。创建 `Meta` 虚拟接口(`198.18.0.1/16`),所有经过旁路由网关的设备流量自动被 TUN 接管: +**纯代理模式** — 无内核级劫持,提供多端口代理服务供客户端手动指定: -```yaml -tun: - enable: true - stack: system - dns-hijack: - - any:53 - auto-route: true - auto-detect-interface: true -``` +| 端口 | 类型 | 路由 | 用途 | +|---|---|---|---| +| `7890` | mixed | 按规则分流 | 本地服务默认代理 | +| `7891` | mixed | 全部走 US-Direct | 全局国外代理 | +| `7892` | mixed | 全部直连 | 全局国内直连 | 配合 **fake-ip DNS**(`enhanced-mode: fake-ip`),DNS 请求返回 `198.18.x.x` 假 IP,强制流量进入代理路由。 @@ -299,10 +301,9 @@ ss -tlnp | grep 9443 systemctl status nginx xray # 旁路由 -ip link show Meta # TUN 接口存在且 UP ss -tlnp | grep -E '789[0-2]|1080' # Mihomo 端口 + Xray socks-lan mihomo -d /opt/mihomo -t # 配置文件校验 -tail /opt/mihomo/logs/mihomo.log | grep TUN # 确认 TUN 无报错 +tail /opt/mihomo/logs/mihomo.log | grep INFO # 确认代理无报错 wg show # qBittorrent 连通性 diff --git a/qbittorrent流量转发.md b/qbittorrent流量转发.md index e02d6f5..2157bcc 100644 --- a/qbittorrent流量转发.md +++ b/qbittorrent流量转发.md @@ -134,7 +134,7 @@ stream { ### 2.1 配置 `xray-旁路由-config.json` -qBittorrent 出站不走 Mihomo TPROXY,而是通过旁路由上 Xray 的 `socks-lan` 入站(`:1080`),直接转发到北京 VPS 直连出口。 +qBittorrent 出站不走 Mihomo 透明代理,而是通过旁路由上 Xray 的 `socks-lan` 入站(`:1080`),直接转发到北京 VPS 直连出口。 #### SOCKS5 入站 diff --git a/xray-北京vps-config.json b/xray-北京vps-config.json index 9b19c53..a96f90f 100644 --- a/xray-北京vps-config.json +++ b/xray-北京vps-config.json @@ -246,6 +246,28 @@ ], "udp": true } + }, + { + "tag": "external_spark_ssh", + "listen": "0.0.0.0", + "port": 38659, + "protocol": "dokodemo-door", + "settings": { + "address": "127.0.0.1", + "port": 38659, + "network": "tcp" + } + }, + { + "tag": "external_spark_rdp", + "listen": "0.0.0.0", + "port": 38660, + "protocol": "dokodemo-door", + "settings": { + "address": "127.0.0.1", + "port": 38660, + "network": "tcp" + } } ], "outbounds": [ @@ -371,6 +393,14 @@ ], "outboundTag": "portal" }, + { + "type": "field", + "inboundTag": [ + "external_spark_ssh", + "external_spark_rdp" + ], + "outboundTag": "portal" + }, { "type": "field", "inboundTag": [ diff --git a/xray-旁路由-config.json b/xray-旁路由-config.json index 6bac3ad..d3c4701 100644 --- a/xray-旁路由-config.json +++ b/xray-旁路由-config.json @@ -100,6 +100,20 @@ "redirect": "192.168.1.200:51413" } }, + { + "tag": "to_spark_ssh", + "protocol": "freedom", + "settings": { + "redirect": "192.168.1.166:22" + } + }, + { + "tag": "to_spark_rdp", + "protocol": "freedom", + "settings": { + "redirect": "192.168.1.166:3389" + } + }, { "tag": "interconn", "protocol": "vless", @@ -274,6 +288,22 @@ "port": "38658", "outboundTag": "direct" }, + { + "type": "field", + "inboundTag": [ + "bridge" + ], + "port": "38659", + "outboundTag": "to_spark_ssh" + }, + { + "type": "field", + "inboundTag": [ + "bridge" + ], + "port": "38660", + "outboundTag": "to_spark_rdp" + }, { "type": "field", "inboundTag": [ diff --git a/旁路由的mihomo config.yaml b/旁路由的mihomo config.yaml index 1bccd30..3796671 100644 --- a/旁路由的mihomo config.yaml +++ b/旁路由的mihomo config.yaml @@ -11,14 +11,6 @@ external-controller: '127.0.0.1:9090' find-process-mode: off -tun: - enable: true - stack: system - dns-hijack: - - any:53 - auto-route: true - auto-detect-interface: true - dns: enable: true ipv6: false