Nanjing University IPv4 Address Range

This article is synchronized and updated to xLog by Mix Space
For the best browsing experience, it is recommended to visit the original link
https://www.do1e.cn/posts/others/nju-ipv4

Motivation#

The motivation comes from the web page I built. Since there are setups both on campus and on the public network, on one hand, to reduce server traffic, and on the other hand, to provide faster speeds for campus users, I wanted to obtain the IP address range of Nanjing University and configure a 302 redirect in nginx.

I really dislike the behavior of WeChat and QQ sending files that get downloaded on every device, especially on mobile where it's hard to find the save path.

Therefore, I used vastsa/FileCodeBox to set up a temporary file analysis site.
Among them, https://filebox.nju.do1e.cn is set up on my small host on campus, so it can only be accessed within Nanjing University. Meanwhile, https://filebox.cloud.do1e.cn is mapped to my VPS in Singapore using rapiz1/rathole for easier public access.

Additionally, I also set up a file sharing site using alist.
On campus: https://alist.nju.do1e.cn
Public network: https://alist.do1e.cn
This is not done through port mapping; the former stores files on my campus host's hard drive, while the latter is stored on OneDrive to reduce server bandwidth pressure. Files on OneDrive and the host's hard drive are synchronized daily.

However, if I only send others the public link, people on campus won't enjoy the gigabit campus network speed, and I can't ask each time before sending the link whether the other person is on campus or off-campus.
Thus, I thought of checking the source IP address in nginx, and if it is on campus, just redirect it to the campus URL with a 302 redirect. This way, I only need to provide one link when sharing with others. Brilliant!

Although I inquired about all the IP address ranges from ITSC at Nanjing University, they did not provide them. /_ \

Old Data#

The old data comes from https://github.com/FW27623/qqwry, the latest data was updated on **September 25, 2024**, but since [Pure IP](https://cz88.net/geo-public) has become commercialized, an application is required. But how do you know if I was successful in applying? Hence, daily updated data was created.

Through my own search, I found that the IPv4 address locations provided by Pure IP are quite accurate, but obtaining the entire database is quite troublesome. I can't have every user request an API to get their location and then return it.
In the end, I found a database from September 25, 2024, and parsed out all the IPv4 segments labeled "Nanjing University," which I am sharing here.

Data updated on September 25, 2024, cannot guarantee complete accuracy, please use with caution.

58.192.32.0 - 58.192.55.255
58.193.224.0 - 58.193.255.255
58.240.127.3 - 58.240.127.3
114.212.0.0 - 114.212.255.255
180.209.0.0 - 180.209.15.255
202.38.2.0 - 202.38.3.255
202.119.32.0 - 202.119.63.255
210.28.128.0 - 210.28.143.255
210.29.240.0 - 210.29.255.255
218.94.9.35 - 218.94.9.38
218.94.36.211 - 218.94.36.211
218.94.142.6 - 218.94.142.6
219.219.112.0 - 219.219.127.255
221.226.2.0 - 221.226.3.25

The final configuration in nginx is as follows:
||There might be a more elegant way to write this, but isn't it nice to generate it directly with GPT?||

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name filebox.cloud.do1e.cn;

    location / {
        set $nju_ip 0;

        if ($remote_addr ~ ^58\.192\.(3[2-9]|4[0-9]|5[0-5])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^58\.193\.(22[4-9]|2[3-4][0-9]|25[0-5])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr = 58.240.127.3) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^114\.212\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^180\.209\.(0|1[0-5])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^202\.38\.(2|3)\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^202\.119\.(3[2-9]|[4-5][0-9]|6[0-3])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^210\.28\.(12[8-9]|1[3-4][0-9])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^210\.29\.(24[0-9]|25[0-5])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^218\.94\.9\.(3[5-8])$) {
            set $nju_ip 1;
        }
        if ($remote_addr = 218.94.36.211) {
            set $nju_ip 1;
        }
        if ($remote_addr = 218.94.142.6) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^219\.219\.(11[2-9]|12[0-7])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^221\.226\.2\.(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25)$) {
            set $nju_ip 1;
        }

        if ($nju_ip) {
            return 302 https://filebox.nju.do1e.cn$request_uri;
        }

        proxy_pass http://127.0.0.1:3465;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Daily Updated Data#

Since I obtained authorization from Pure IP, I can update the IP range here daily (of course, Pure IP is not updated daily; the update date will be noted below).
||There probably isn't a need to update daily, but since it's all automated, I love automation.||

Data updated on , cannot guarantee complete accuracy, please use with caution.

Your IP is , belonging to the region: , .

start	end	mask	mask_len	region

IP address location data is supported by Pure IP CZ88

Usage#

The following configuration file is for manual updates, the latest database date used is December 18, 2024

nginx Traffic Splitting#

Check the source address, if it belongs to Nanjing University IP, redirect to the server within Nanjing University.

Define geo in /etc/nginx/nginx.conf:

http {
    ...
    geo $njuip {
        default 0;
        58.192.32.0/20 1;
        58.192.48.0/21 1;
        58.193.224.0/19 1;
        58.240.127.3 1;
        114.212.0.0/16 1;
        180.209.0.0/20 1;
        202.38.2.0/23 1;
        202.119.32.0/19 1;
        210.28.128.0/20 1;
        210.29.240.0/20 1;
        218.94.9.35 1;
        218.94.9.36/31 1;
        218.94.9.38 1;
        218.94.36.211 1;
        218.94.142.6 1;
        219.219.112.0/20 1;
        221.226.2.0/25 1;
        221.226.2.128/27 1;
        221.226.2.160/28 1;
        221.226.2.176/29 1;
        221.226.2.184/31 1;
        221.226.2.186 1;
        221.226.2.187 1;
        221.226.2.188/30 1;
        221.226.2.192/26 1;
        221.226.3.0/28 1;
        221.226.3.16/29 1;
        221.226.3.24/31 1;
        221.226.3.27 1;
        221.226.3.28/30 1;
        221.226.3.32/27 1;
        221.226.3.64/26 1;
        221.226.3.128/25 1;
    }
    ...
}

Use in the server that needs redirection:

# filecodebox
server {
    ...
    server_name example.com;

    location / {
        if ($njuip) {
            return 302 https://nju.example.com$request_uri;
        }
        ...
    }
}

openvpn Traffic Splitting#

Check whether the destination address being accessed is a Nanjing University address, and only use VPN when accessing resources from Nanjing University addresses.

Add the following content under dev tun in the existing .ovpn file, removing the # comment

route-nopull  # Do not apply the routes issued by the server
route 10.8.0.0 255.255.0.0 vpn_gateway  # This should be modified to the openvpn client subnet
route 172.16.1.0 255.255.255.0 vpn_gateway
route 58.192.32.0 255.255.240.0 vpn_gateway
route 58.192.48.0 255.255.248.0 vpn_gateway
route 58.193.224.0 255.255.224.0 vpn_gateway
route 58.240.127.3 255.255.255.255 vpn_gateway
route 114.212.0.0 255.255.0.0 vpn_gateway
route 180.209.0.0 255.255.240.0 vpn_gateway
route 202.38.2.0 255.255.254.0 vpn_gateway
route 202.119.32.0 255.255.224.0 vpn_gateway
route 210.28.128.0 255.255.240.0 vpn_gateway
route 210.29.240.0 255.255.240.0 vpn_gateway
route 218.94.9.35 255.255.255.255 vpn_gateway
route 218.94.9.36 255.255.255.254 vpn_gateway
route 218.94.9.38 255.255.255.255 vpn_gateway
route 218.94.36.211 255.255.255.255 vpn_gateway
route 218.94.142.6 255.255.255.255 vpn_gateway
route 219.219.112.0 255.255.240.0 vpn_gateway
route 221.226.2.0 255.255.255.128 vpn_gateway
route 221.226.2.128 255.255.255.224 vpn_gateway
route 221.226.2.160 255.255.255.240 vpn_gateway
route 221.226.2.176 255.255.255.248 vpn_gateway
route 221.226.2.184 255.255.255.254 vpn_gateway
route 221.226.2.186 255.255.255.255 vpn_gateway
route 221.226.2.187 255.255.255.255 vpn_gateway
route 221.226.2.188 255.255.255.252 vpn_gateway
route 221.226.2.192 255.255.255.192 vpn_gateway
route 221.226.3.0 255.255.255.240 vpn_gateway
route 221.226.3.16 255.255.255.248 vpn_gateway
route 221.226.3.24 255.255.255.254 vpn_gateway
route 221.226.3.27 255.255.255.255 vpn_gateway
route 221.226.3.28 255.255.255.252 vpn_gateway
route 221.226.3.32 255.255.255.224 vpn_gateway
route 221.226.3.64 255.255.255.192 vpn_gateway
route 221.226.3.128 255.255.255.128 vpn_gateway