Nanjing University IPv4 Address Range

This article is synchronized and updated to xLog by Mix Space
For the best browsing experience, it is recommended to visit the original link
https://www.do1e.cn/posts/others/nju-ipv4

Motivation#

The motivation comes from the web pages I built. Since there are setups both on campus and on the public network, on one hand, to reduce server traffic, and on the other hand, to provide faster speeds for campus users, I wanted to obtain the IP address range of Nanjing University and configure a 302 redirect in nginx.

I really dislike the behavior of WeChat and QQ sending files that download a copy on every device, especially on mobile where it's hard to find the save path.

Therefore, I used vastsa/FileCodeBox to set up a temporary file analysis station.
Among them, https://filebox.nju.do1e.cn is set up on my small host on campus, so it can only be accessed within Nanjing University. On the other hand, https://filebox.cloud.do1e.cn is mapped to my VPS in Singapore using rapiz1/rathole for convenient public access.

Additionally, I also set up a file sharing station using alist.
On campus: https://alist.nju.do1e.cn
Public network: https://alist.do1e.cn
This is not using port mapping; the former stores files on my campus host's hard drive, while the latter is stored on OneDrive to reduce server bandwidth pressure. The files on OneDrive and the host hard drive are synchronized daily.

However, if I only send the public link to others, those on campus cannot enjoy the gigabit campus network speed, and I cannot ask each time before sending the link whether the other party is on campus or off campus.
Therefore, I thought of judging the source IP address in nginx, and if it is on campus, it would just 302 redirect to the campus URL. This way, when giving others the link, I only need to provide one. Brilliant!

Although I asked ITSC for all the IP address ranges of Nanjing University, they did not provide them. /_ \

Old Data#

The old data comes from https://github.com/FW27623/qqwry, with the latest data updated on **September 25, 2024**, but since [Pure IP](https://cz88.net/geo-public) has become commercialized, it requires an application. But how do you know if I was successful in my application? Hence the daily updated data.

Through my own search, I found that the IPv4 address locations provided by Pure IP are quite accurate, but obtaining the entire database is quite troublesome. It can't be that every time a user requests an API to get their location and then returns it.
In the end, I found a database from September 25, 2024, and parsed out all the IPv4 segments for "Nanjing University," which I share here.

Data updated on September 25, 2024, cannot guarantee complete accuracy, please use with caution.

58.192.32.0 - 58.192.55.255
58.193.224.0 - 58.193.255.255
58.240.127.3 - 58.240.127.3
114.212.0.0 - 114.212.255.255
180.209.0.0 - 180.209.15.255
202.38.2.0 - 202.38.3.255
202.119.32.0 - 202.119.63.255
210.28.128.0 - 210.28.143.255
210.29.240.0 - 210.29.255.255
218.94.9.35 - 218.94.9.38
218.94.36.211 - 218.94.36.211
218.94.142.6 - 218.94.142.6
219.219.112.0 - 219.219.127.255
221.226.2.0 - 221.226.3.25

The final configuration in nginx is as follows:
||There may be more elegant ways to write this, but isn't it nice to generate it directly with GPT?||

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name filebox.cloud.do1e.cn;

    location / {
        set $nju_ip 0;

        if ($remote_addr ~ ^58\.192\.(3[2-9]|4[0-9]|5[0-5])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^58\.193\.(22[4-9]|2[3-4][0-9]|25[0-5])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr = 58.240.127.3) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^114\.212\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^180\.209\.(0|1[0-5])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^202\.38\.(2|3)\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^202\.119\.(3[2-9]|[4-5][0-9]|6[0-3])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^210\.28\.(12[8-9]|1[3-4][0-9])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^210\.29\.(24[0-9]|25[0-5])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^218\.94\.9\.(3[5-8])$) {
            set $nju_ip 1;
        }
        if ($remote_addr = 218.94.36.211) {
            set $nju_ip 1;
        }
        if ($remote_addr = 218.94.142.6) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^219\.219\.(11[2-9]|12[0-7])\.) {
            set $nju_ip 1;
        }
        if ($remote_addr ~ ^221\.226\.2\.(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25)$) {
            set $nju_ip 1;
        }

        if ($nju_ip) {
            return 302 https://filebox.nju.do1e.cn$request_uri;
        }

        proxy_pass http://127.0.0.1:3465;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Daily Updated Data#

Since I have obtained authorization from Pure IP, I can update the IP range here daily (of course, Pure IP does not update daily; the update date will be noted below).
||There is probably no need to do it every day, but since it's automated, I love automation the most.||

Data updated on , cannot guarantee complete accuracy, please use with caution.

Your IP is , belonging to the region: , .

start	end	mask	mask_len	region

IP address location data is supported by Pure IP CZ88

Usage#

The following configuration file is for manual updates, with the latest database date being December 18, 2024

nginx Traffic Splitting#

Determine the source address; if it belongs to Nanjing University IP, redirect to the server within Nanjing University.

Define geo in /etc/nginx/nginx.conf:

http {
    ...
    geo $njuip {
        default 0;
        58.192.32.0/20 1;
        58.192.48.0/21 1;
        58.193.224.0/19 1;
        58.240.127.3 1;
        114.212.0.0/16 1;
        180.209.0.0/20 1;
        202.38.2.0/23 1;
        202.119.32.0/19 1;
        210.28.128.0/20 1;
        210.29.240.0/20 1;
        218.94.9.35 1;
        218.94.9.36/31 1;
        218.94.9.38 1;
        218.94.36.211 1;
        218.94.142.6 1;
        219.219.112.0/20 1;
        221.226.2.0/25 1;
        221.226.2.128/27 1;
        221.226.2.160/28 1;
        221.226.2.176/29 1;
        221.226.2.184/31 1;
        221.226.2.186 1;
        221.226.2.187 1;
        221.226.2.188/30 1;
        221.226.2.192/26 1;
        221.226.3.0/28 1;
        221.226.3.16/29 1;
        221.226.3.24/31 1;
        221.226.3.27 1;
        221.226.3.28/30 1;
        221.226.3.32/27 1;
        221.226.3.64/26 1;
        221.226.3.128/25 1;
    }
    ...
}

Use in the server that needs redirection:

# filecodebox
server {
    ...
    server_name example.com;

    location / {
        if ($njuip) {
            return 302 https://nju.example.com$request_uri;
        }
        ...
    }
}

openvpn Traffic Splitting#

Determine whether the destination address being accessed is a Nanjing University address; only access resources from Nanjing University addresses through the VPN.

Add the following content under dev tun in the existing .ovpn file, removing the # comment

route-nopull  # Do not apply the routes issued by the server
route 10.8.0.0 255.255.0.0 vpn_gateway      # This should be modified to the openvpn client subnet
route 172.26.0.0 255.255.128.0 vpn_gateway  # Intranet subnet
route 172.16.1.0 255.255.255.0 vpn_gateway
route 58.192.32.0 255.255.240.0 vpn_gateway
route 58.192.48.0 255.255.248.0 vpn_gateway
route 58.193.224.0 255.255.224.0 vpn_gateway
route 58.240.127.3 255.255.255.255 vpn_gateway
route 114.212.0.0 255.255.0.0 vpn_gateway
route 180.209.0.0 255.255.240.0 vpn_gateway
route 202.38.2.0 255.255.254.0 vpn_gateway
route 202.119.32.0 255.255.224.0 vpn_gateway
route 210.28.128.0 255.255.240.0 vpn_gateway
route 210.29.240.0 255.255.240.0 vpn_gateway
route 218.94.9.35 255.255.255.255 vpn_gateway
route 218.94.9.36 255.255.255.254 vpn_gateway
route 218.94.9.38 255.255.255.255 vpn_gateway
route 218.94.36.211 255.255.255.255 vpn_gateway
route 218.94.142.6 255.255.255.255 vpn_gateway
route 219.219.112.0 255.255.240.0 vpn_gateway
route 221.226.2.0 255.255.255.128 vpn_gateway
route 221.226.2.128 255.255.255.224 vpn_gateway
route 221.226.2.160 255.255.255.240 vpn_gateway
route 221.226.2.176 255.255.255.248 vpn_gateway
route 221.226.2.184 255.255.255.254 vpn_gateway
route 221.226.2.186 255.255.255.255 vpn_gateway
route 221.226.2.187 255.255.255.255 vpn_gateway
route 221.226.2.188 255.255.255.252 vpn_gateway
route 221.226.2.192 255.255.255.192 vpn_gateway
route 221.226.3.0 255.255.255.240 vpn_gateway
route 221.226.3.16 255.255.255.248 vpn_gateway
route 221.226.3.24 255.255.255.254 vpn_gateway
route 221.226.3.27 255.255.255.255 vpn_gateway
route 221.226.3.28 255.255.255.252 vpn_gateway
route 221.226.3.32 255.255.255.224 vpn_gateway
route 221.226.3.64 255.255.255.192 vpn_gateway
route 221.226.3.128 255.255.255.128 vpn_gateway