(切换到root)
1.安装xtables-addons-common和xtables-addons-dkms包
确保geoip模块可用:
lsmod | grep xt_geoip
手动加载:modprobe xt_geoip
1.用iptables对流量打标记
#清除现有规则
iptables -F
iptables -t mangle -F
# 对国内目标IP 地址的流量设置标记1
iptables -t mangle -A OUTPUT -m geoip –dst-cc CN,HK -j MARK –set-mark 1
iptables -t mangle -A OUTPUT -m geoip –dst-cc CN,HK -j LOG –log-prefix “China Traffic Out: ” –log-level 4
#对境外目标IP地址的流量设置标记2
iptables -t mangle -A OUTPUT -m geoip ! –dst-cc CN,HK,ZZ -j MARK –set-mark 2
iptables -t mangle -A OUTPUT -m geoip ! –dst-cc CN,HK,ZZ -j LOG –log-prefix “Overseas Traffic Out: ” –log-level 4
#对本地流量标记3
iptables -t mangle -A OUTPUT -m geoip –dst-cc ZZ -j MARK –set-mark 3
iptables -t mangle -A OUTPUT -m geoip –dst-cc ZZ -j LOG –log-prefix “Local Traffic Out: ” –log-level 4
2、
echo “100 china” >> /etc/iproute2/rt_tables
ip route add default via 192.168.2.1 table china
(其中192.168.2.1是公网网关)
echo “200 overseas” >> /etc/iproute2/rt_tables
ip route add default via 10.8.0.1 dev tun-jp src 10.8.0.5 table overseas
#echo “300
tun-jp是VPN接口名
3、
ip rule add fwmark 1 table china
ip rule add fwmark 2 table overseas
0.0.0.0/1 via 10.8.0.1 dev tun-jp