From 6c24c688315d6665b940d1641e1d509f32d6f16c Mon Sep 17 00:00:00 2001 From: fancy Date: Fri, 8 May 2020 11:15:23 +0800 Subject: [PATCH] only masquerade ipv6 private address --- CMakeLists.txt | 2 +- cgroup-tproxy.sh | 4 ++-- readme.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3923acc..f239dae 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,6 +1,6 @@ cmake_minimum_required(VERSION 3.10) -project(cgproxy VERSION 3.6) +project(cgproxy VERSION 3.7) add_executable(cgattach cgattach.cpp) install(TARGETS cgattach DESTINATION /usr/bin diff --git a/cgroup-tproxy.sh b/cgroup-tproxy.sh index ba937e0..e126813 100644 --- a/cgroup-tproxy.sh +++ b/cgroup-tproxy.sh @@ -84,7 +84,7 @@ case $i in ip -6 route flush table $table ## may not exist, just ignore, and tracking their existence is not reliable iptables -t nat -D POSTROUTING -m owner ! --socket-exists -j MASQUERADE &> /dev/null - ip6tables -t nat -D POSTROUTING -m owner ! --socket-exists -j MASQUERADE &> /dev/null + ip6tables -t nat -D POSTROUTING -m owner ! --socket-exists -s fc00::/7 -j MASQUERADE &> /dev/null exit 0 ;; --config=*) @@ -197,7 +197,7 @@ DOC if $enable_gateway; then iptables -t nat -A POSTROUTING -m owner ! --socket-exists -j MASQUERADE - ip6tables -t nat -A POSTROUTING -m owner ! --socket-exists -j MASQUERADE + ip6tables -t nat -A POSTROUTING -m owner ! --socket-exists -s fc00::/7 -j MASQUERADE # only masquerade ipv6 private address sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv6.conf.all.forwarding=1 echo "gateway enabled" diff --git a/readme.md b/readme.md index 1ce53b2..1fe4305 100644 --- a/readme.md +++ b/readme.md @@ -46,7 +46,7 @@ It aslo supports global transparent proxy and gateway proxy. See [Global transpa mkdir build && cd build && cmake .. && make && sudo make install ``` -- It is alreay in [archlinux AUR](https://aur.archlinux.org/packages/cgproxy/). +- It is alreay in [archlinux AUR](https://aur.archlinux.org/packages/cgproxy-git/). - DEB and RPM are packaged in [release page](https://github.com/springzfx/cgproxy/releases).