向日葵服务器相关ip,通过ipset过滤(oray.com oray.net),可能不完整,需要dnsmasq ipset持续监听相关域名

121.40.116.146
47.97.100.86
101.37.158.36
112.124.32.90
47.97.63.217
118.31.47.189
47.96.19.201
47.99.35.223
47.97.126.85
121.196.57.164
116.62.101.24
47.99.43.128
47.111.183.245
47.99.212.135
47.111.111.107
114.215.172.213
47.98.205.71
101.37.156.187
121.196.50.151
118.31.34.42
47.96.21.73
121.196.53.5
47.98.207.35
47.98.97.22
47.110.241.240
47.96.76.91
47.97.109.4
47.114.98.5
114.215.199.192
118.31.36.137
114.215.189.130
47.99.61.182
47.114.172.135
47.98.140.171
121.196.53.108
47.110.124.46
47.110.217.173
101.37.148.156
47.96.127.167
47.98.97.159
121.40.59.15
121.40.127.215
112.124.6.10
47.110.148.62
47.110.54.142
118.31.13.204
47.99.218.87
47.114.97.87
101.37.116.112
47.111.255.165
47.97.111.19
47.96.36.44
47.97.156.111
121.40.137.32
121.41.74.206

首先需要将client dns的流量劫持,分三种情况:
client dns指定linux网关,相当于INPUT访问linux;
client dns指定223.5.5.5等public dns,此时是forward访问外部的dns服务(udp 53以及tcp 53服务);
client dns指定任意不提供dns服务的ip(比如24.5.23.3),此时也是forward外部的dns服务。
针对后面的2种情况,需要iptables来进行强行劫持到本机的INPUT上dns服务(由dnsmasq提供dns服务)iptables -t nat -I PREROUTING -s xx.xx.xx.xx -p tcp -m state --state NEW --dport 53 -j DNAT --to linux网关ip:53。iptables -t nat -I PREROUTING -s xx.xx.xx.xx -p udp --dport 53 -j DNAT --to linux网关ip:53。 实际测试中在client端使用了vpnclient拨号导致在linux上无法利用dnsmasq ipset特性捕获到向日葵的重要域名的相关ip地址,这里记录下。

posted @ 2020-12-16 11:43  helloweifa  阅读(3734)  评论(0编辑  收藏  举报