Mac mini 原生实现旁路由

启用ip转发

编辑 /etc/sysctl.conf 文件，添加：

net.inet.ip.forwarding=1

查看是否生效

sysctl net.inet.ip.forwarding

PF防火墙配置

scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
# 此处开始
rdr on en0 inet proto tcp to any port {80, 443, 53} -> 127.0.0.1 port 1080
pass out on en0 from any to any keep state
pass in on en0 from any to any keep state
# 此处结束
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
# anchor "custom"
# load anchor "custom" from "/etc/pf.anchors/custom"

注意，需要在 rdr-anchor "com.apple/*" 下面，有严格顺序限制。

检查

pfctl -nf /etc/pf.conf  # 检查语法是否正确
pfctl -f /etc/pf.conf   # 重新加载配置
pfctl -e                # 启用 PF 防火墙

代理软件配置

{
  "log": {
    "access": "",
    "error": "",
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "port": 1080,
      "protocol": "dokodemo-door",
      "settings": {
        "network": "tcp,udp",
        "followRedirect": true
      },
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      }
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "vps2.helloqb.xyz",
            "port": 443,
            "users": [
              {
                "id": "5dc9affc-2348-46cf-8b38-a8bb00e0a4b9",
                "alterId": 0,
                "email": "[email protected]",
                "security": "auto",
                "encryption": "none",
                "flow": "xtls-rprx-vision"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "allowInsecure": false,
          "show": false
        }
      },
      "mux": {
        "enabled": false,
        "concurrency": -1
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {}
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "http"
        }
      }
    }
  ],
  "routing": {
    "domainStrategy": "AsIs",
    "rules": [
      {
        "type": "field",
        "inboundTag": ["api"],
        "outboundTag": "api",
        "enabled": true
      },
      {
        "id": "5561520071141046290",
        "type": "field",
        "outboundTag": "direct",
        "domain": ["domain:example-example.com", "domain:example-example2.com"],
        "enabled": true
      },
      {
        "id": "5373064446319453339",
        "type": "field",
        "outboundTag": "block",
        "domain": ["geosite:category-ads-all"],
        "enabled": true
      },
      {
        "id": "5022118684674560460",
        "type": "field",
        "outboundTag": "direct",
        "domain": ["geosite:cn"],
        "enabled": true
      },
      {
        "id": "5106181968649600625",
        "type": "field",
        "outboundTag": "direct",
        "ip": ["geoip:private", "geoip:cn"],
        "enabled": true
      },
      {
        "id": "5509076677952617214",
        "type": "field",
        "port": "0-65535",
        "outboundTag": "proxy",
        "enabled": true
      }
    ]
  }
}

Last modified on 2024-12-08