This article is synchronized and updated to xLog by Mix Space
For the best browsing experience, it is recommended to visit the original link
https://www.do1e.cn/posts/others/nju-ipv4
Motivation#
The motivation comes from the web pages built. Since there are setups both on campus and on the public network, on one hand, to reduce server traffic, and on the other hand, to provide faster speeds for on-campus users, I wanted to obtain the IP address range of Nanjing University to configure a 302 redirect in nginx.
I really dislike the behavior of WeChat and QQ sending files that download a copy on every device, especially on mobile where it's hard to find the save path.
Therefore, I used vastsa/FileCodeBox to set up a temporary file analysis site.
Among them, https://f.nju.do1e.cn is set up on my small host on campus, so it can only be accessed at Nanjing University. While https://f.do1e.cn is mapped to my VPS in the United States using fatedier/frp for easier public access.
However, if I only send others the public link, those on campus cannot enjoy the gigabit campus network speed, and I cannot ask each time before sending the link whether the other party is on campus or off-campus.
Thus, I thought of judging the source IP address in nginx; if it is on campus, it would just 302 redirect to the on-campus URL. This way, when giving others the link, I only need to provide one. Brilliant!
Although I inquired about all the IP address ranges of Nanjing University in ITSC, they did not provide them. /_ \
Old Data#
The old data comes from https://github.com/FW27623/qqwry, the latest data was updated on **September 25, 2024**, but due to [Pure IP](https://cz88.net/geo-public) moving towards commercialization, it requires an application. But how do you know if I was successful in my application? Thus, daily updated data was created.
Through my own search, I found that the IPv4 address locations provided by Pure IP are quite accurate, but obtaining the entire database is quite troublesome. I can't have every user first request an API to get their location and then return it.
In the end, I found a database from September 25, 2024, and parsed out all the IPv4 segments for "Nanjing University," which I share with everyone here.
Data updated on September 25, 2024, accuracy cannot be guaranteed, please use with caution.
58.192.32.0 - 58.192.55.255
58.193.224.0 - 58.193.255.255
58.240.127.3 - 58.240.127.3
114.212.0.0 - 114.212.255.255
180.209.0.0 - 180.209.15.255
202.38.2.0 - 202.38.3.255
202.119.32.0 - 202.119.63.255
210.28.128.0 - 210.28.143.255
210.29.240.0 - 210.29.255.255
218.94.9.35 - 218.94.9.38
218.94.36.211 - 218.94.36.211
218.94.142.6 - 218.94.142.6
219.219.112.0 - 219.219.127.255
221.226.2.0 - 221.226.3.25
The final configuration in nginx is as follows:
||There might be a more elegant way to write this, but isn't it nice to generate it directly with GPT?||
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name filebox.cloud.do1e.cn;
location / {
set $nju_ip 0;
if ($remote_addr ~ ^58\.192\.(3[2-9]|4[0-9]|5[0-5])\.) {
set $nju_ip 1;
}
if ($remote_addr ~ ^58\.193\.(22[4-9]|2[3-4][0-9]|25[0-5])\.) {
set $nju_ip 1;
}
if ($remote_addr = 58.240.127.3) {
set $nju_ip 1;
}
if ($remote_addr ~ ^114\.212\.) {
set $nju_ip 1;
}
if ($remote_addr ~ ^180\.209\.(0|1[0-5])\.) {
set $nju_ip 1;
}
if ($remote_addr ~ ^202\.38\.(2|3)\.) {
set $nju_ip 1;
}
if ($remote_addr ~ ^202\.119\.(3[2-9]|[4-5][0-9]|6[0-3])\.) {
set $nju_ip 1;
}
if ($remote_addr ~ ^210\.28\.(12[8-9]|1[3-4][0-9])\.) {
set $nju_ip 1;
}
if ($remote_addr ~ ^210\.29\.(24[0-9]|25[0-5])\.) {
set $nju_ip 1;
}
if ($remote_addr ~ ^218\.94\.9\.(3[5-8])$) {
set $nju_ip 1;
}
if ($remote_addr = 218.94.36.211) {
set $nju_ip 1;
}
if ($remote_addr = 218.94.142.6) {
set $nju_ip 1;
}
if ($remote_addr ~ ^219\.219\.(11[2-9]|12[0-7])\.) {
set $nju_ip 1;
}
if ($remote_addr ~ ^221\.226\.2\.(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25)$) {
set $nju_ip 1;
}
if ($nju_ip) {
return 302 https://filebox.nju.do1e.cn$request_uri;
}
proxy_pass http://127.0.0.1:3465;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Daily Updated Data#
Since I obtained authorization from Pure IP, I can update the IP range here daily (of course, Pure IP does not update daily, the update date will be noted below).
||There probably isn't a need to update daily, but since it's all automated, I love automation.||
Data updated on , accuracy cannot be guaranteed, please use with caution.
Your IP is , belonging to the region: , .
| start | end | mask | mask_len | region |
|---|
IP address location data is supported by Pure IP CZ88
Usage#
The following configuration file is for manual updates, the latest database date used is December 18, 2024
nginx Traffic Splitting#
Determine the source address; if it belongs to Nanjing University IP, redirect to the server within Nanjing University.
Define geo in /etc/nginx/nginx.conf:
http {
...
geo $njuip {
default 0;
58.192.32.0/20 1;
58.192.48.0/21 1;
58.193.224.0/19 1;
58.240.127.3 1;
114.212.0.0/16 1;
180.209.0.0/20 1;
202.38.2.0/23 1;
202.119.32.0/19 1;
210.28.128.0/20 1;
210.29.240.0/20 1;
218.94.9.35 1;
218.94.9.36/31 1;
218.94.9.38 1;
218.94.36.211 1;
218.94.142.6 1;
219.219.112.0/20 1;
221.226.2.0/25 1;
221.226.2.128/27 1;
221.226.2.160/28 1;
221.226.2.176/29 1;
221.226.2.184/31 1;
221.226.2.186 1;
221.226.2.187 1;
221.226.2.188/30 1;
221.226.2.192/26 1;
221.226.3.0/28 1;
221.226.3.16/29 1;
221.226.3.24/31 1;
221.226.3.27 1;
221.226.3.28/30 1;
221.226.3.32/27 1;
221.226.3.64/26 1;
221.226.3.128/25 1;
}
...
}
Use in the server that needs redirection:
# filecodebox
server {
...
server_name example.com;
location / {
if ($njuip) {
return 302 https://nju.example.com$request_uri;
}
...
}
}
openvpn Traffic Splitting#
Note: I have abandoned openvpn in favor of zerotier, this configuration may not work.
Determine whether the destination address being accessed is a Nanjing University address, only resources accessed from Nanjing University addresses will go through the VPN.
Add the following content under the dev tun of the existing .ovpn file, removing the # comment
route-nopull # Do not use the routes issued by the server
route 10.8.0.0 255.255.0.0 vpn_gateway # This should be modified to the openvpn client segment
route 172.26.0.0 255.255.128.0 vpn_gateway # Intranet segment
route 10.4.128.0 255.255.224.0 vpn_gateway # Intranet segment
route 58.192.32.0 255.255.240.0 vpn_gateway
route 58.192.48.0 255.255.248.0 vpn_gateway
route 58.193.224.0 255.255.224.0 vpn_gateway
route 58.240.127.3 255.255.255.255 vpn_gateway
route 114.212.0.0 255.255.0.0 vpn_gateway
route 180.209.0.0 255.255.240.0 vpn_gateway
route 202.38.2.0 255.255.254.0 vpn_gateway
route 202.119.32.0 255.255.224.0 vpn_gateway
route 210.28.128.0 255.255.240.0 vpn_gateway
route 210.29.240.0 255.255.240.0 vpn_gateway
route 218.94.9.35 255.255.255.255 vpn_gateway
route 218.94.9.36 255.255.255.254 vpn_gateway
route 218.94.9.38 255.255.255.255 vpn_gateway
route 218.94.36.211 255.255.255.255 vpn_gateway
route 218.94.142.6 255.255.255.255 vpn_gateway
route 219.219.112.0 255.255.240.0 vpn_gateway
route 221.226.2.0 255.255.255.128 vpn_gateway
route 221.226.2.128 255.255.255.224 vpn_gateway
route 221.226.2.160 255.255.255.240 vpn_gateway
route 221.226.2.176 255.255.255.248 vpn_gateway
route 221.226.2.184 255.255.255.254 vpn_gateway
route 221.226.2.186 255.255.255.255 vpn_gateway
route 221.226.2.187 255.255.255.255 vpn_gateway
route 221.226.2.188 255.255.255.252 vpn_gateway
route 221.226.2.192 255.255.255.192 vpn_gateway
route 221.226.3.0 255.255.255.240 vpn_gateway
route 221.226.3.16 255.255.255.248 vpn_gateway
route 221.226.3.24 255.255.255.254 vpn_gateway
route 221.226.3.27 255.255.255.255 vpn_gateway
route 221.226.3.28 255.255.255.252 vpn_gateway
route 221.226.3.32 255.255.255.224 vpn_gateway
route 221.226.3.64 255.255.255.192 vpn_gateway
route 221.226.3.128 255.255.255.128 vpn_gateway