文章介绍:使用当前最新版本 vyos-1.4.0-epa2,配置域名路由,实现指定域名走指定出口访问,当我们vyos上有多个出口时才会使用,但是当前还存在一个致命问题,不支持域名通配符,期待官方尽快更新。个人设想如果可以支持设定域名文件位置最好,比如:set firewall group domain-group chatgpt address '/config/chatgpt.txt',然后域名文件内可以支持域名通配符,简直绝了。

一、域名列表配置

以ChatGPT为例,如果需要海外域名,可以参考我之前的文章 【海外域名集】。

  • 001
  • 002
  • 003
  • 004
  • 005
  • 006
  • 007
  • 008
  • 009
  • 010
  • 011
  • 012
  • 013
  • 014
  • 015
  • 016
  • 017
  • 018
  • 019
  • 020
  • 021
  • 022
  • 023
  • 024
  • 025
  • 026
  • 027
  • 028
  • 029
  • 030
  • 031
  • 032
  • 033
  • 034
  • 035
  • 036
  • 037
  • 038
  • 039
  • 040
  • 041
  • 042
  • 043
  • 044
  • 045
  • 046
  • 047
  • 048
  • 049
  • 050
  • 051
  • 052
  • 053
  • 054
  • 055
  • 056
  • 057
  • 058
  • 059
  • 060
  • 061
  • 062
  • 063
  • 064
  • 065
  • 066
  • 067
  • 068
  • 069
  • 070
  • 071
  • 072
  • 073
  • 074
  • 075
  • 076
  • 077
  • 078
  • 079
  • 080
  • 081
  • 082
  • 083
  • 084
  • 085
  • 086
  • 087
  • 088
  • 089
  • 090
  • 091
  • 092
  • 093
  • 094
  • 095
  • 096
  • 097
  • 098
  • 099
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
set firewall group domain-group chatgpt address 'forum.openai.com'
set firewall group domain-group chatgpt address 'cdn.openai.com'
set firewall group domain-group chatgpt address 'api.openai.com'
set firewall group domain-group chatgpt address 'staging.openai.com'
set firewall group domain-group chatgpt address 'apps.openai.com'
set firewall group domain-group chatgpt address 'beta.openai.com'
set firewall group domain-group chatgpt address 'images.openai.com'
set firewall group domain-group chatgpt address 'help.openai.com'
set firewall group domain-group chatgpt address 'chat.openai.com'
set firewall group domain-group chatgpt address 'community.openai.com'
set firewall group domain-group chatgpt address 'auth.openai.com'
set firewall group domain-group chatgpt address 'events.openai.com'
set firewall group domain-group chatgpt address 'share.openai.com'
set firewall group domain-group chatgpt address 'status.openai.com'
set firewall group domain-group chatgpt address 'pay.openai.com'
set firewall group domain-group chatgpt address 'labs.openai.com'
set firewall group domain-group chatgpt address 'accounts.openai.com'
set firewall group domain-group chatgpt address 'production.openai.com'
set firewall group domain-group chatgpt address 'platform.openai.com'
set firewall group domain-group chatgpt address 'playground.openai.com'
set firewall group domain-group chatgpt address 'trust.openai.com'
set firewall group domain-group chatgpt address 'privacy.openai.com'
set firewall group domain-group chatgpt address 'grants.openai.com'
set firewall group domain-group chatgpt address 'gym.openai.com'
set firewall group domain-group chatgpt address 'sora.openai.com'
set firewall group domain-group chatgpt address 'glow.openai.com'
set firewall group domain-group chatgpt address 'jukebox.openai.com'
set firewall group domain-group chatgpt address 'microscope.openai.com'
set firewall group domain-group chatgpt address 'feather.openai.com'
set firewall group domain-group chatgpt address 'cookbook.openai.com'
set firewall group domain-group chatgpt address 'beta.api.openai.com'
set firewall group domain-group chatgpt address 'help.api.openai.com'
set firewall group domain-group chatgpt address 'labs.api.openai.com'
set firewall group domain-group chatgpt address 'accounts.api.openai.com'
set firewall group domain-group chatgpt address 'platform.api.openai.com'
set firewall group domain-group chatgpt address 'playground.api.openai.com'
set firewall group domain-group chatgpt address 'sora.api.openai.com'
set firewall group domain-group chatgpt address 'cloudflare.api.openai.com'
set firewall group domain-group chatgpt address 'cdn.staging.openai.com'
set firewall group domain-group chatgpt address 'search.apps.openai.com'
set firewall group domain-group chatgpt address 'snc.apps.openai.com'
set firewall group domain-group chatgpt address 'staging.images.openai.com'
set firewall group domain-group chatgpt address 'api-iam.intercom.io'
set firewall group domain-group chatgpt address 'widget.intercom.io'
set firewall group domain-group chatgpt address 'auth0.openai.com'
set firewall group domain-group chatgpt address 'cdn.auth0.com'
set firewall group domain-group chatgpt address 'cdn.discordapp.com'
set firewall group domain-group chatgpt address 'cdn.oaistatic.com'
set firewall group domain-group chatgpt address 'js.intercomcdn.com'
set firewall group domain-group chatgpt address 'chatgpt.com'
set firewall group domain-group chatgpt address 'chat.openai.com.cdn.cloudflare.net'
set firewall group domain-group chatgpt address 'openai.com'
set firewall group domain-group chatgpt address 'browser-intake-datadoghq.com'
set firewall group domain-group chatgpt address 'static.cloudflareinsights.com'
set firewall group domain-group chatgpt address 'ai.com'
set firewall group domain-group chatgpt address 'algolia.net'
set firewall group domain-group chatgpt address 'api.statsig.com'
set firewall group domain-group chatgpt address 'auth0.com'
set firewall group domain-group chatgpt address 'chatgpt.livekit.cloud'
set firewall group domain-group chatgpt address 'client-api.arkoselabs.com'
set firewall group domain-group chatgpt address 'events.statsigapi.net'
set firewall group domain-group chatgpt address 'featuregates.org'
set firewall group domain-group chatgpt address 'host.livekit.cloud'
set firewall group domain-group chatgpt address 'identrust.com'
set firewall group domain-group chatgpt address 'intercom.io'
set firewall group domain-group chatgpt address 'intercomcdn.com'
set firewall group domain-group chatgpt address 'launchdarkly.com'
set firewall group domain-group chatgpt address 'oaistatic.com'
set firewall group domain-group chatgpt address 'oaiusercontent.com'
set firewall group domain-group chatgpt address 'observeit.net'
set firewall group domain-group chatgpt address 'segment.io'
set firewall group domain-group chatgpt address 'sentry.io'
set firewall group domain-group chatgpt address 'stripe.com'
set firewall group domain-group chatgpt address 'turn.livekit.cloud'
set firewall group domain-group chatgpt address 'www.chatgpt.com'
set firewall group domain-group chatgpt address 'search.chatgpt.com'
set firewall group domain-group chatgpt address 'ab.chatgpt.com'
set firewall group domain-group chatgpt address 'webrtc.chatgpt.com'
set firewall group domain-group chatgpt address 'snc.chatgpt.com'
set firewall group domain-group chatgpt address 'chatgpt-async-webps-prod-southcentralus-5.chatgpt.com'
set firewall group domain-group chatgpt address 'chatgpt-async-webps-prod-centralus-5.chatgpt.com'
set firewall group domain-group chatgpt address 'tcr9i.chat.openai.com'
set firewall group domain-group chatgpt address 'nexus-websocket-a.intercom.io'
set firewall group domain-group chatgpt address 'o33249.ingest.sentry.io'
set firewall group domain-group chatgpt address 'anthropic.com'
set firewall group domain-group chatgpt address 'vimeocdn.com'
set firewall group domain-group chatgpt address 'blob.core.windows.net'
set firewall group domain-group chatgpt address 'openaicom.imgix.net'
set firewall group domain-group chatgpt address 'azurefd.net'
set firewall group domain-group chatgpt address 'azureedge.net'
set firewall group domain-group chatgpt address 'cdn.cloudflare.net'
set firewall group domain-group chatgpt address 'challenges.cloudflare.com'
set firewall group domain-group chatgpt address 'cloudflareinsights.com'
set firewall group domain-group chatgpt address 'akamaized.net'
set firewall group domain-group chatgpt address 'gstatic.com'
set firewall group domain-group chatgpt address 'vimeo.com'
set firewall group domain-group chatgpt address 'f7tk.com'
set firewall group domain-group chatgpt address 'doubleclick.net'
set firewall group domain-group chatgpt address 'openaiapi-site.azureedge.net'
set firewall group domain-group chatgpt address 'statsigapi.net'
set firewall group domain-group chatgpt address 'pki.goog'
set firewall group domain-group chatgpt address 'edgecompute.app'
set firewall group domain-group chatgpt address 'compute-pipe.com'
set firewall group domain-group chatgpt address 'invoice.stripe.com'
set firewall group domain-group chatgpt address 'stripe.network'
set firewall group domain-group chatgpt address 'gpt3sandbox.com'
set firewall group domain-group chatgpt address 'hcaptcha.com'
set firewall group domain-group chatgpt address 'recaptcha.net'
set firewall group domain-group chatgpt address 'msftconnecttest.com'
set firewall group domain-group chatgpt address 'poe.com'
set firewall group domain-group chatgpt address 'nrt12s30-in-f4.1e100.net'
set firewall group domain-group chatgpt address 'static-ecst.licdn.com'
set firewall group domain-group chatgpt address 'cs1404.wpc.epsiloncdn.net'
set firewall group domain-group chatgpt address 'api-js.mixpanel.com'
set firewall group domain-group chatgpt address 'jidori.g1.internal.services.openai.org'
set firewall group domain-group chatgpt address 'js.stripe.com'
set firewall group domain-group chatgpt address 'ssl.gstatic.com'
set firewall group domain-group chatgpt address 'encrypted-tbn0.gstatic.com'
set firewall group domain-group chatgpt address 's.gravatar.com'
set firewall group domain-group chatgpt address '1e100.net'
set firewall group domain-group chatgpt address 'akamaitechnologies.com'
set firewall group domain-group chatgpt address 'a-msedge.net'
set firewall group domain-group chatgpt address 'cloudflare.com'
set firewall group domain-group chatgpt address 'cloudfront.net'
set firewall group domain-group chatgpt address 'epsiloncdn.net'
set firewall group domain-group chatgpt address 'javascript.info'
set firewall group domain-group chatgpt address 'licdn.com'
set firewall group domain-group chatgpt address 'livekit.cloud'
set firewall group domain-group chatgpt address 'statsig.com'
set firewall group domain-group chatgpt address 'revenuecat.com'
set firewall group domain-group chatgpt address 'mixpanel.com'
set firewall group domain-group chatgpt address 'openai.org'
set firewall group domain-group chatgpt address 'webpubsub.azure.com'
set firewall group domain-group chatgpt address 'gravatar.com'
set firewall group domain-group chatgpt address 'azure.com'
set firewall group domain-group chatgpt address 'openaicom-api-bdcpf8c6d2e9atf6.z01.azurefd.net'
set firewall group domain-group chatgpt address 'openaicomproductionae4b.blob.core.windows.net'
set firewall group domain-group chatgpt address 'production-openaicom-storage.azureedge.net'
set firewall group domain-group chatgpt address 'www.openai.com'
set firewall group domain-group chatgpt address 'android.chat.openai.com'
set firewall group domain-group chatgpt address 'ios.chat.openai.com'
set firewall group domain-group chatgpt address 'other.feather.openai.com'

二、策略路由配置

  • 01
  • 02
  • 03
  • 04
  • 05
set policy route lan-map interface 'eth0'
set policy route lan-map rule 100 destination group domain-group 'chatgpt'
set policy route lan-map rule 100 set table '100'
set policy route lan-map rule 100 source address '10.225.97.0/24'
set protocols static table 100 route 0.0.0.0/0 next-hop 10.9.7.1

三、电脑tracert测试

可以看到chatgpt.com走了指定路由,而abc.chatgpt.com走了其他路由,并不能支持通配符,很遗憾。

yydy_2024-05-17_17-59-44