This post will cover how to configure a Linux computer to a router, which I have already tested with a standard server(Ubuntu 16.04 in ESXi) and Raspberry Pi 3.
The router will be able to provide a transparent network to its clients, and its user experience is much better than other common solutions, such as PAC shadowsocks, VPN etc.
why it is better
- For PAC shadowsocks, it is very hard to keep PAC list covering all the forbidden websites.
- For VPN, it is just route all the traffic to abroad, which means local CDNs are not effective and for services such as Youku or Netease Music can not be used at all.
- some hardware running with two or more network interfaces
- a shadowsocks account, which can be easily deployed in VPS(Linode, Digital Ocean, etc)
- configure linux kernel to provide ipv4 packet forwarding
iptablesto provide NAT and other things
dnsmasqto provide DHCP and dns cache
redsocksto provide local shadowsocks proxy
overtureto provide clean dns resolution
Please ensure that you have more than two network interfaces working. You may use
ifconfig to check.
You may pick two network interfaces, and decide which is the one connected to Internet(WAN), so the left one is connected to clients of this router.
ens32 is WAN port,
ens33 is LAN port.
Then, we should configure the LAN port to static IP, which is required by using it as gateway and dns server.
For debian like system, the configuration file is
overture is a dns server written by Go, Github Link.
Download a release of your ISA, and extract the binary to
/usr/local/bin, and copy other config files to
For me, the config file is
You may test it by
dig @127.0.0.1 -p 5454 www.facebook.com.
First install it, for debian like system,
sudo apt install dnsmasq.
/etc/dnsmasq.conf like that:
Add a line in the bottom of
net.ipv4.ip_forward=1, then execute
Then edit a
local shadowsocks proxy
ss-redir, so you first need to install
Then try to get it run, forward to local port
get china ip list
curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' \
Save Iptables and Autostart
apt-get install iptables-persistent
There are many ways to autostart
overture, so just pick one you like.
- practice in vmware / virtual box is strongly recommended
- running in vmware esxi is easy to deploy as there is built-in vSwitch
- if works, welcome to internet
- x86 linux is stable enough, my thinkpad x200 runs without a hang for over 30 days
- raspberry pi is not the best device as latency is too high (may up to several hundred ms) due to limited cpu performance