routeros-mihomo-socksify国内外分流

环境介绍

路由器是RB5009UG+S+ 7.22.1版本

mihomo

准备工作

在另一台机子上拉取arm64版本的mihomo

docker pull --platform linux/arm64 ghcr.io/metacubex/mihomo:latest

保存为tar格式

docker save -o mihomo.tar ghcr.io/metacubex/mihomo:latest

然后把mihomo.tar上传到路由器内

还有一个配置文件config.yaml
下面是个人自用的配置文件
具体请按照官方配置说明来修改
下面的配置文件中国内DNS走10.1.1.1,socks端口为1080,mihomo容器的IP为10.1.1.2

mixed-port: 1080 # HTTP(S) 和 SOCKS 代理混合端口

allow-lan: true # 允许局域网连接
bind-address: "*" # 绑定 IP 地址，仅作用于 allow-lan 为 true，'*'表示所有地址
authentication: # http,socks 入口的验证用户名，密码
  - "yuban10703:yuban10703"
skip-auth-prefixes: # 设置跳过验证的 IP 段
  - 127.0.0.1/8
  - ::1/128
  - 10.1.1.0/24
  - 172.16.0.0/24
lan-allowed-ips: # 允许连接的 IP 地址段，仅作用于 allow-lan 为 true, 默认值为 0.0.0.0/0 和::/0
  - 0.0.0.0/0
  - ::/0
lan-disallowed-ips: # 禁止连接的 IP 地址段，黑名单优先级高于白名单，默认值为空

find-process-mode: off

mode: rule

geodata-loader: memconservative
geodata-mode: false
#自定义 geodata url
geox-url:
  geoip: "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"
  geosite: "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"
  mmdb: "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/country.mmdb"
  asn: "https://github.com/xishang0128/geoip/releases/download/latest/GeoLite2-ASN.mmdb"

geo-auto-update: true # 是否自动更新 geodata
geo-update-interval: 24 # 更新间隔，单位：小时


log-level: debug # 日志等级 silent/error/warning/info/debug

ipv6: true # 开启 IPv6 总开关，关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录

tls:

external-controller: 0.0.0.0:9090 # RESTful API 监听地址
external-controller-tls: 0.0.0.0:9443 # RESTful API HTTPS 监听地址，需要配置 tls 部分配置文件
secret: "yuban10703" # `Authorization:Bearer ${secret}`

# RESTful API CORS标头配置
external-controller-cors:
  allow-origins:
    - "*"
  allow-private-network: true


unified-delay: true
tcp-concurrent: true # TCP 并发连接所有 IP, 将使用最快握手的 TCP

# 配置 WEB UI 目录，使用 http://{{external-controller}}/ui 访问
external-ui: /root/.config/mihomo/ui
external-ui-name: mihomo
external-ui-url: "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip"

# 在RESTful API端口上开启DOH服务器
# ！！！该URL不会验证secret， 如果开启请自行保证安全问题 ！！！
external-doh-server:

interface-name:  # 设置出口网卡

# 全局 TLS 指纹，优先低于 proxy 内的 client-fingerprint
# 可选： "chrome","firefox","safari","ios","random","none" options.
# Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
global-client-fingerprint:

disable-keep-alive: false
keep-alive-interval: 20
keep-alive-idle: 20

# routing-mark:6666 # 配置 fwmark 仅用于 Linux
experimental:
# Disable quic-go GSO support. This may result in reduced performance on Linux.
# This is not recommended for most users.
# Only users encountering issues with quic-go's internal implementation should enable this,
# and they should disable it as soon as the issue is resolved.
# This field will be removed when quic-go fixes all their issues in GSO.
# This equivalent to the environment variable QUIC_GO_DISABLE_GSO=1.
#quic-go-disable-gso: true

# 类似于 /etc/hosts, 仅支持配置单个 IP
hosts:
# '*.mihomo.dev': 127.0.0.1
# '.dev': 127.0.0.1
# 'alpha.mihomo.dev': '::1'
# test.com: [1.1.1.1, 2.2.2.2]
# home.lan: lan # lan 为特别字段，将加入本地所有网卡的地址
# baidu.com: google.com # 只允许配置一个别名

profile: # 存储 select 选择记录
  store-selected: true

  # 持久化 fake-ip
  store-fake-ip: true

# Tun 配置
tun:
  enable: false
  stack: system # gvisor/mixed
  dns-hijack:
    - "any:53"
    - "tcp://any:53"
  # auto-detect-interface: true # 自动识别出口网卡
  auto-route: true # 配置路由表
  mtu: 9000 # 最大传输单元
  # gso: false # 启用通用分段卸载，仅支持 Linux
  # gso-max-size: 65536 # 通用分段卸载包的最大大小
  auto-redirect: false # 自动配置 iptables 以重定向 TCP 连接。仅支持 Linux。带有 auto-redirect 的 auto-route 现在可以在路由器上按预期工作，无需干预。

# 嗅探域名 可选配置
sniffer:
  enable: true
  override-destination: true

  sniff:
    HTTP:
      ports: [ 80, 8080-8880 ]
      override-destination: true
    TLS:
      ports: [ 443, 8443 ]
    QUIC:
      ports: [ 443, 8443 ]
  skip-domain:
    - "Mijia Cloud"
    - "+.push.apple.com"


# DNS 配置
dns:
  enable: true # 关闭将使用系统 DNS
  cache-algorithm: arc
  prefer-h3: false # 是否开启 DoH 支持 HTTP/3，将并发尝试
  listen: 0.0.0.0:53 # 开启 DNS 服务器监听
  ipv6: true # false 将返回 AAAA 的空结果
  enhanced-mode: redir-host # or redir-host
  use-hosts: true # 查询 hosts
  use-system-hosts: false
  respect-rules: false
  nameserver:
    - "10.1.1.1"
  proxy-server-nameserver:
    - "10.1.1.1"
  nameserver-policy:
#    "+.mcdn.bilivideo.com": rcode://success
#    "+.mcdn.bilivideo.cn": rcode://success
#    "+.szbdyd.com": rcode://success
    "rule-set:cn_domain": "10.1.1.1"
    "rule-set:geolocation-!cn": "https://dns.google/dns-query#RULES&disable-ipv6=true"
  fallback:
    - tls://8.8.4.4#RULES&disable-ipv6=true
    - tls://1.1.1.1#RULES&disable-ipv6=true

proxy-providers:
  abcabc:
    type: http
    url: "你的订阅地址"
    path: ./proxy_providers/abcabc.yaml
    interval: 7200
    proxy: DIRECT
    header:
      User-Agent:
      - "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36 Edg/141.0.0.0"
    health-check:
      enable: true
      url: https://www.gstatic.com/generate_204
      interval: 300
      timeout: 5000
      lazy: true
      expected-status: 204
    override:
      tfo: true
      mptcp: false
      udp: true
      udp-over-tcp: true
      down: "500 Mbps"
      up: "100 Mbps"
      ip-version: ipv4-prefer
    exclude-filter: "流量|到期"


proxy-groups:

  - name: 默认
    type: select
    include-all: true
    proxies: [ 手动选择,自动选择,香港自动,台湾自动,日本自动,新加坡自动,美国自动 ]
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Rocket.png"


  - name: Telegram
    type: select
    proxies: [ 默认,香港自动,台湾自动,日本自动,新加坡自动,美国自动,手动选择,自动选择,DIRECT ]
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Telegram.png"

  - name: NETFLIX
    type: select
    proxies: [ 默认,香港自动,台湾自动,日本自动,新加坡自动,美国自动,手动选择,自动选择,DIRECT ]
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Netflix.png"

  - name: Ehentai
    type: select
    include-all: true
    proxies: [ 默认,香港自动,台湾自动,日本自动,新加坡自动,美国自动,手动选择,自动选择,DIRECT ]
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Pornhub.png"

  - name: AI
    type: select
    include-all: true
    proxies: [ 默认,香港自动,台湾自动,日本自动,新加坡自动,美国自动,手动选择,自动选择,DIRECT ]
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/AI.png"

  - name: 国内
    type: select
    proxies: [ DIRECT,默认,香港自动,台湾自动,日本自动,新加坡自动,美国自动,手动选择,自动选择 ]
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/China.png"

  #分隔,下面是地区分组
  - name: 香港自动
    type: url-test
    include-all: true
    filter: "(?i)港|hk|hongkong|hong kong"
    tolerance: 80
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Hong_Kong.png"

  - name: 台湾自动
    type: url-test
    include-all: true
    filter: "(?i)台|tw|taiwan"
    tolerance: 80
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Taiwan.png"

  - name: 日本自动
    type: url-test
    include-all: true
    filter: "(?i)日|jp|japan"
    tolerance: 80
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Japan.png"


  - name: 美国自动
    type: url-test
    include-all: true
    filter: "(?i)美|us|unitedstates|united states"
    tolerance: 150
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/US.png"


  - name: 新加坡自动
    type: url-test
    include-all: true
    filter: "(?i)(新|sg|singapore)"
    tolerance: 80
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/SG.png"


  - name: 手动选择
    type: select
    include-all-proxies: true
    include-all-providers: true
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Static.png"


  - name: 自动选择
    type: url-test
    include-all-proxies: true
    include-all-providers: true
    tolerance: 200
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Auto.png"


  - name: GLOBAL
    type: select
    proxies: [ DIRECT,REJECT,手动选择,默认,香港自动,台湾自动,日本自动,新加坡自动,美国自动,自动选择 ]
    include-all: true
    icon: "https://raw.githubusercontent.com/Koolson/Qure/master/IconSet/Color/Area.png"



rules:
  - IN-PORT,53,DIRECT
  - RULE-SET,private_ip,DIRECT,no-resolve
  - DOMAIN-SUFFIX,dns.google,自动选择
  - IP-CIDR,8.8.8.8/32,自动选择,no-resolve
  - IP-CIDR,8.8.4.4/32,自动选择,no-resolve
  - IP-CIDR,1.1.1.1/32,自动选择,no-resolve
  - DOMAIN-SUFFIX,micu.hk,DIRECT
  - DOMAIN-KEYWORD,topik,DIRECT
  - RULE-SET,telegram_domain,Telegram
  - RULE-SET,netflix_domain,NETFLIX
  - RULE-SET,ehentai_domain,Ehentai
  - RULE-SET,ai_domain,AI
  - RULE-SET,cn_domain,DIRECT
  - RULE-SET,geolocation-!cn,默认
  - RULE-SET,netflix_ip,NETFLIX
  - RULE-SET,telegram_ip,Telegram
  - RULE-SET,cn_ip,DIRECT
  - MATCH,默认

rule-anchor:
  ip: &ip { type: http, interval: 86400, behavior: ipcidr, format: mrs,proxy: 自动选择 }
  domain: &domain { type: http, interval: 86400, behavior: domain, format: mrs,proxy: 自动选择 }
  classical: &classical { type: http, interval: 86400, behavior: classical, format: yaml,proxy: 自动选择 }

rule-providers:
  ai_domain:
    type: http
    behavior: classical
    format: text
    url: https://ruleset.skk.moe/Clash/non_ip/ai.txt
    interval: 86400
    proxy: 自动选择 
  private_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/private.mrs"
  cn_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/cn.mrs"
  ehentai_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/ehentai.mrs"
  telegram_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/telegram.mrs"
  netflix_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/netflix.mrs"
  geolocation-!cn:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/geolocation-!cn.mrs"

  private_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/private.mrs"
  cn_ip:
    <<: *ip
    url: "https://github.com/DustinWin/ruleset_geodata/releases/download/mihomo-ruleset/cnip.mrs"
  netflix_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/netflix.mrs"
  telegram_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/telegram.mrs"

启动mihomo

先创建一个给mihomo用的veth,再把这个接口直接加到默认的bridge里

再给容器加一个配置文件用的挂载路径
Dst请保证是/root/.config/mihomo,Src按你实际位置来选择(建议还是存在外置储存里,我用的是/usb1/docker/configs/mihomo)
并把配置文件config.yaml放到Src路径下

接下来就准备启动容器了

跳过mihomo配置过程,默认你已经配置好mihomo了
…..

添加一个socksify

/ip/socksify/add name=mihomo1 connection-timeout=10 socks
5-server=10.1.1.2 socks5-port=1080 port=952 disabled=no

添加防火墙规则

/ip firewall filter
add action=accept chain=input dst-port=952 protocol=tcp src-address=10.1.1.2
/ip firewall nat
add action=socksify chain=dstnat protocol=tcp socksify-service=mihomo1 src-address=你需要分流的IP

再把你需要分流的设备的DNS改为mihomo的ip
就OK了(