N1盒子作为旁路由 + esim 4G模块实现主路由国内外IP分流走不同网口
本帖最后由 waving 于 2026-3-24 14:45 编辑硬件:N1盒子(f大的openwrt)、移远4G模块+USB开发板+天线+ESIM白卡
插入USB 4G模块后,先进行4G模块初始化,在openwrt接口处添加接口,QMI协议,调制器选正确。APN我因为是redteago,所以填的是mobile.three.com.hk
确保4G模块正常上网:
root@OpenWrt:~# curl -s --interface wwan0 https://myip.ipip.net
当前 IP:123.136.X.X来自于:中国 香港 移动
root@OpenWrt:~#
简化脚本:
192.168.101.1是我N1作为旁路由的上级路由IP地址
wwan0是4G模块的接口
cat > /etc/init.d/ip-split << 'EOF'
#!/bin/sh /etc/rc.common
START=99
STOP=10
LAN_DEV="eth0"
LAN_GW="192.168.101.1"
MODEM_DEV="wwan0"
CN_IP_URL="https://ispip.clang.cn/all_cn.txt"
CN_IP_FILE="/etc/ip-split/china.txt"
IPSET_NAME="cn_split"
start() {
echo "Starting IP split routing..."
mkdir -p /etc/ip-split
# 1. 下载IP列表
echo "Downloading China IP list..."
curl -fsL --connect-timeout 10 --max-time 30 "$CN_IP_URL" -o "$CN_IP_FILE.tmp" 2>/dev/null
if [ -f "$CN_IP_FILE.tmp" ]; then
line_count=$(wc -l < "$CN_IP_FILE.tmp")
[ "$line_count" -gt 1000 ] && mv "$CN_IP_FILE.tmp" "$CN_IP_FILE" || rm -f "$CN_IP_FILE.tmp"
fi
if [ ! -f "$CN_IP_FILE" ]; then
echo "Error: No IP list available"
exit 1
fi
# 2. 创建ipset
echo "Creating ipset..."
ipset destroy $IPSET_NAME 2>/dev/null || true
ipset create $IPSET_NAME hash:net maxelem 100000
while read ip; do
[ -z "$ip" ] && continue
echo "$ip" | grep -q "^#" && continue
ipset add $IPSET_NAME $ip 2>/dev/null
done < "$CN_IP_FILE"
# 添加局域网段
ipset add $IPSET_NAME 192.168.0.0/16 2>/dev/null || true
ipset add $IPSET_NAME 10.0.0.0/8 2>/dev/null || true
ipset add $IPSET_NAME 172.16.0.0/12 2>/dev/null || true
# 3. 配置路由表
echo "Configuring routes..."
ip route flush table 100 2>/dev/null || true
ip route add default dev $MODEM_DEV table 100
ip route flush table 200 2>/dev/null || true
ip route add default via $LAN_GW dev $LAN_DEV table 200
# 4. 配置路由规则
ip rule del fwmark 0x1 table 100 2>/dev/null || true
ip rule del fwmark 0x2 table 200 2>/dev/null || true
ip rule add fwmark 0x1 table 100 priority 100
ip rule add fwmark 0x2 table 200 priority 200
# 5. 配置流量分流
echo "Configuring traffic split..."
iptables -t mangle -D PREROUTING -i $LAN_DEV -m set --match-set $IPSET_NAME dst -j MARK --set-mark 0x2 2>/dev/null || true
iptables -t mangle -D PREROUTING -i $LAN_DEV -m set ! --match-set $IPSET_NAME dst -j MARK --set-mark 0x1 2>/dev/null || true
# 先国内后国外
iptables -t mangle -A PREROUTING -i $LAN_DEV -m set --match-set $IPSET_NAME dst -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -i $LAN_DEV -m set ! --match-set $IPSET_NAME dst -j MARK --set-mark 0x1
# 6. NAT
iptables -t nat -A POSTROUTING -o $LAN_DEV -j MASQUERADE 2>/dev/null || true
iptables -t nat -A POSTROUTING -o $MODEM_DEV -j MASQUERADE 2>/dev/null || true
# 7. IP转发
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Done!"
}
stop() {
echo "Stopping..."
iptables -t mangle -D PREROUTING -i $LAN_DEV -m set --match-set $IPSET_NAME dst -j MARK --set-mark 0x2 2>/dev/null || true
iptables -t mangle -D PREROUTING -i $LAN_DEV -m set ! --match-set $IPSET_NAME dst -j MARK --set-mark 0x1 2>/dev/null || true
ip rule del fwmark 0x1 table 100 2>/dev/null || true
ip rule del fwmark 0x2 table 200 2>/dev/null || true
ip route flush table 100 2>/dev/null || true
ip route flush table 200 2>/dev/null || true
ipset destroy $IPSET_NAME 2>/dev/null || true
echo "Stopped!"
}
restart() {
stop
sleep 1
start
}
EOF
chmod +x /etc/init.d/ip-split
DNS如果被污染劫持,可以使用smartDNS
# 安装smartdns
opkg update
opkg install smartdns
# 配置smartdns分流
cat > /etc/smartdns/smartdns.conf << 'EOF'
# 监听端口
bind :53
# 国内DNS(用于国内域名)
server 223.5.5.5 -group china
server 114.114.114.114 -group china
# 国外DNS(通过4G查询)
server 8.8.8.8 -group overseas -exclude-default-group
server 1.1.1.1 -group overseas -exclude-default-group
# 国内域名用国内DNS
nameserver /cn/china
nameserver /baidu.com/china
nameserver /alibaba.com/china
# 默认用国外DNS(防止污染)
server 8.8.8.8
server 1.1.1.1
# 缓存
cache-size 512
EOF
# 启动smartdns
/etc/init.d/smartdns enable
/etc/init.d/smartdns start
# 让dnsmasq转发到smartdns
uci set dhcp.@dnsmasq.port=5353
uci set dhcp.@dnsmasq.server='127.0.0.1#53'
uci commit dhcp
/etc/init.d/dnsmasq restart
# 创建custom.conf实现域名分流
cat > /etc/smartdns/custom.conf << 'EOF'
# ========== 国内域名使用国内DNS ==========
nameserver /cn/china
nameserver /baidu.com/china
nameserver /alicdn.com/china
nameserver /aliyun.com/china
nameserver /alipay.com/china
nameserver /alibaba.com/china
nameserver /qq.com/china
nameserver /tencent.com/china
nameserver /weixin.com/china
nameserver /wechat.com/china
nameserver /bilibili.com/china
nameserver /bdstatic.com/china
nameserver /bdimg.com/china
nameserver /sina.com/china
nameserver /weibo.com/china
nameserver /douban.com/china
nameserver /zhihu.com/china
nameserver /jianshu.com/china
nameserver /csdn.net/china
nameserver /oschina.net/china
nameserver /cnblogs.com/china
nameserver /aliyuncs.com/china
nameserver /tencentcloud.com/china
nameserver /qcloud.com/china
nameserver /myqcloud.com/china
nameserver /126.net/china
nameserver /163.com/china
nameserver /netease.com/china
nameserver /jd.com/china
nameserver /taobao.com/china
nameserver /tmall.com/china
nameserver /alipayobjects.com/china
nameserver /mmstat.com/china
nameserver /cnzz.com/china
nameserver /iqiyi.com/china
nameserver /youku.com/china
nameserver /mgtv.com/china
nameserver /pptv.com/china
nameserver /le.com/china
nameserver /sohu.com/china
nameserver /sogou.com/china
nameserver /360.cn/china
nameserver /360.com/china
# ========== 强制国外域名使用国外DNS(防止污染)==========
# Google相关
nameserver /google.com/overseas
nameserver /googleapis.com/overseas
nameserver /googleusercontent.com/overseas
nameserver /googlevideo.com/overseas
nameserver /gstatic.com/overseas
nameserver /youtube.com/overseas
nameserver /ytimg.com/overseas
nameserver /ggpht.com/overseas
nameserver /withgoogle.com/overseas
nameserver /google-analytics.com/overseas
# Twitter/X相关
nameserver /twitter.com/overseas
nameserver /x.com/overseas
nameserver /twimg.com/overseas
nameserver /t.co/overseas
# Facebook/Meta相关
nameserver /facebook.com/overseas
nameserver /fbcdn.net/overseas
nameserver /instagram.com/overseas
nameserver /cdninstagram.com/overseas
nameserver /whatsapp.com/overseas
nameserver /fb.com/overseas
nameserver /messenger.com/overseas
# 其他国外常用
nameserver /github.com/overseas
nameserver /gitlab.com/overseas
nameserver /stackoverflow.com/overseas
nameserver /reddit.com/overseas
nameserver /medium.com/overseas
nameserver /wordpress.com/overseas
nameserver /blogspot.com/overseas
nameserver /tumblr.com/overseas
nameserver /pinterest.com/overseas
nameserver /linkedin.com/overseas
nameserver /netflix.com/overseas
nameserver /nflxvideo.net/overseas
nameserver /amazon.com/overseas
nameserver /aws.amazon.com/overseas
nameserver /cloudfront.net/overseas
nameserver /akamai.net/overseas
nameserver /fastly.net/overseas
nameserver /cloudflare.com/overseas
nameserver /cdn.cloudflare.net/overseas
# 新闻/媒体
nameserver /bbc.com/overseas
nameserver /bbc.co.uk/overseas
nameserver /cnn.com/overseas
nameserver /nytimes.com/overseas
nameserver /washingtonpost.com/overseas
nameserver /theguardian.com/overseas
nameserver /reuters.com/overseas
nameserver /apnews.com/overseas
nameserver /bloomberg.com/overseas
nameserver /wsj.com/overseas
nameserver /ft.com/overseas
nameserver /economist.com/overseas
# 科技
nameserver /apple.com/overseas
nameserver /icloud.com/overseas
nameserver /mzstatic.com/overseas
nameserver /microsoft.com/overseas
nameserver /windows.net/overseas
nameserver /office365.com/overseas
nameserver /live.com/overseas
nameserver /outlook.com/overseas
nameserver /skype.com/overseas
nameserver /dropbox.com/overseas
nameserver /dropboxapi.com/overseas
nameserver /onedrive.com/overseas
# 工具/服务
nameserver /wikipedia.org/overseas
nameserver /wikimedia.org/overseas
nameserver /wikimediafoundation.org/overseas
nameserver /archive.org/overseas
nameserver /archive.today/overseas
nameserver /duckduckgo.com/overseas
nameserver /startpage.com/overseas
# ========== 默认使用国外DNS(防止污染)==========
# 所有未匹配的域名使用默认DNS(8.8.8.8, 1.1.1.1)
EOF
# 1. 在mangle表的OUTPUT链标记SmartDNS的DNS查询
iptables -t mangle -I OUTPUT 1 -p udp --dport 53 -m owner --cmd-owner smartdns -j MARK --set-mark 0x1
iptables -t mangle -I OUTPUT 2 -p tcp --dport 53 -m owner --cmd-owner smartdns -j MARK --set-mark 0x1
# 2. 所有发往8.8.8.8和1.1.1.1的流量都走4G
iptables -t mangle -I OUTPUT 1 -d 8.8.8.8 -j MARK --set-mark 0x1
iptables -t mangle -I OUTPUT 2 -d 8.8.4.4 -j MARK --set-mark 0x1
iptables -t mangle -I OUTPUT 3 -d 1.1.1.1 -j MARK --set-mark 0x1
iptables -t mangle -I OUTPUT 4 -d 1.0.0.1 -j MARK --set-mark 0x1
# 修改smartdns配置,使用DoH/DoT
uci delete smartdns.@server 2>/dev/null
uci delete smartdns.@server 2>/dev/null
# 添加Google DoH
uci add smartdns server
uci set smartdns.@server[-1].enabled='1'
uci set smartdns.@server[-1].type='https'
uci set smartdns.@server[-1].ip='https://dns.google/dns-query'
uci set smartdns.@server[-1].host_name='dns.google'
uci set smartdns.@server[-1].no_check_certificate='0'
# 添加Cloudflare DoH
uci add smartdns server
uci set smartdns.@server[-1].enabled='1'
uci set smartdns.@server[-1].type='https'
uci set smartdns.@server[-1].ip='https://cloudflare-dns.com/dns-query'
uci set smartdns.@server[-1].host_name='cloudflare-dns.com'
uci set smartdns.@server[-1].no_check_certificate='0'
uci commit smartdns
/etc/init.d/smartdns restart
# 清除旧的DNS相关规则
iptables -t mangle -D OUTPUT -d 8.8.8.8 -j MARK --set-mark 0x1 2>/dev/null
iptables -t mangle -D OUTPUT -d 8.8.4.4 -j MARK --set-mark 0x1 2>/dev/null
iptables -t mangle -D OUTPUT -d 1.1.1.1 -j MARK --set-mark 0x1 2>/dev/null
iptables -t mangle -D OUTPUT -d 1.0.0.1 -j MARK --set-mark 0x1 2>/dev/null
# 添加规则:所有发往公共DNS的流量强制走4G
iptables -t mangle -I OUTPUT 1 -d 8.8.8.8 -j MARK --set-mark 0x1
iptables -t mangle -I OUTPUT 2 -d 8.8.4.4 -j MARK --set-mark 0x1
iptables -t mangle -I OUTPUT 3 -d 1.1.1.1 -j MARK --set-mark 0x1
iptables -t mangle -I OUTPUT 4 -d 1.0.0.1 -j MARK --set-mark 0x1
# 同时标记PREROUTING链(处理转发设备的DNS)
iptables -t mangle -D PREROUTING -p udp --dport 53 -j MARK --set-mark 0x1 2>/dev/null
iptables -t mangle -I PREROUTING 1 -p udp --dport 53 -j MARK --set-mark 0x1
# 安装https支持(如果还没装)
opkg install libopenssl
# 配置DoH
uci delete smartdns.@server
uci delete smartdns.@server
# Google DoH
uci add smartdns server
uci set smartdns.@server[-1].enabled='1'
uci set smartdns.@server[-1].type='https'
uci set smartdns.@server[-1].ip='https://dns.google/dns-query'
uci set smartdns.@server[-1].host_name='dns.google'
# Cloudflare DoH
uci add smartdns server
uci set smartdns.@server[-1].enabled='1'
uci set smartdns.@server[-1].type='https'
uci set smartdns.@server[-1].ip='https://cloudflare-dns.com/dns-query'
uci set smartdns.@server[-1].host_name='cloudflare-dns.com'
uci commit smartdns
/etc/init.d/smartdns restart
保存iptables规则
# 安装iptables-save工具(如果没有)
opkg install iptables-mod-extra
# 保存当前规则
iptables-save > /etc/iptables.rules
# 创建启动脚本自动加载
cat > /etc/init.d/iptables-restore << 'EOF'
#!/bin/sh /etc/rc.common
START=20
start() {
[ -f /etc/iptables.rules ] && iptables-restore < /etc/iptables.rules
}
EOF
chmod +x /etc/init.d/iptables-restore
/etc/init.d/iptables-restore enable
# 创建启动脚本
cat > /etc/init.d/route-rules << 'EOF'
#!/bin/sh /etc/rc.common
START=25
start() {
# 等待网络就绪
sleep 5
# 添加路由规则
ip rule del fwmark 0x1 table 100 2>/dev/null
ip rule del fwmark 0x2 table 200 2>/dev/null
ip rule add fwmark 0x1 table 100 priority 100
ip rule add fwmark 0x2 table 200 priority 200
# 添加路由表
ip route flush table 100 2>/dev/null
ip route add default dev wwan0 table 100
ip route flush table 200 2>/dev/null
ip route add default via 192.168.101.1 dev eth0 table 200
# 重新添加iptables规则(确保)
iptables -t mangle -D PREROUTING -i eth0 -m set --match-set cn_split dst -j MARK --set-mark 0x2 2>/dev/null
iptables -t mangle -D PREROUTING -i eth0 -m set ! --match-set cn_split dst -j MARK --set-mark 0x1 2>/dev/null
iptables -t mangle -A PREROUTING -i eth0 -m set --match-set cn_split dst -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -i eth0 -m set ! --match-set cn_split dst -j MARK --set-mark 0x1
# DNS强制走4G
iptables -t mangle -D OUTPUT -d 8.8.8.8 -j MARK --set-mark 0x1 2>/dev/null
iptables -t mangle -D OUTPUT -d 8.8.4.4 -j MARK --set-mark 0x1 2>/dev/null
iptables -t mangle -D OUTPUT -d 1.1.1.1 -j MARK --set-mark 0x1 2>/dev/null
iptables -t mangle -I OUTPUT 1 -d 8.8.8.8 -j MARK --set-mark 0x1
iptables -t mangle -I OUTPUT 2 -d 8.8.4.4 -j MARK --set-mark 0x1
iptables -t mangle -I OUTPUT 3 -d 1.1.1.1 -j MARK --set-mark 0x1
# NAT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 2>/dev/null
iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE 2>/dev/null
# IP转发
echo 1 > /proc/sys/net/ipv4/ip_forward
}
EOF
chmod +x /etc/init.d/route-rules
/etc/init.d/route-rules enable
# 启动分流(会自动下载最新IP列表)
/etc/init.d/ip-split start
# 查看状态
/etc/init.d/ip-split status
# 手动更新IP列表(不中断服务)
/etc/init.d/ip-split update
# 停止分流
/etc/init.d/ip-split stop
# 重启分流
/etc/init.d/ip-split restart
# 开机自启
/etc/init.d/ip-split enable 好方法,我本来也想整一个国外银行走esim,其他国外流量走梯子,谢谢楼主 ESIM流量够用吗, enzur 发表于 2026-3-24 15:26
ESIM流量够用吗,
还好,我用的少,月均20G,redteago的100G套餐能用5个月。 看起来很厉害,新手不懂操作啊😯 Zoeng 发表于 2026-3-24 19:49
看起来很厉害,新手不懂操作啊😯
还有个更省流量的方法,通过smartDNS域名自动分流,指定的域名自动加入ipset,再通过iptables处理转发,后续有时间的话做个简单的流程
页:
[1]