尝试配置透明代理后无法联网 #2497
Unanswered
TinyChestnut2023
asked this question in
Q&A
尝试配置透明代理后无法联网
#2497
Replies: 1 comment
-
|
nft配置 #!/usr/sbin/nft -f
flush ruleset
define RESERVED_IP = {
10.0.0.0/8,
100.64.0.0/10,
127.0.0.0/8,
169.254.0.0/16,
172.16.0.0/12,
192.0.0.0/24,
224.0.0.0/4,
240.0.0.0/4,
255.255.255.255/32
}
table ip xray {
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
ip daddr $RESERVED_IP return
ip daddr 192.168.0.0/16 tcp dport != 53 return
ip daddr 192.168.0.0/16 udp dport != 53 return
ip protocol tcp tproxy to 127.0.0.1:1080 meta mark set 1
ip protocol udp tproxy to 127.0.0.1:1080 meta mark set 1
}
chain output {
type route hook output priority mangle; policy accept;
ip daddr $RESERVED_IP return
ip daddr 192.168.0.0/16 tcp dport != 53 return
ip daddr 192.168.0.0/16 udp dport != 53 return
meta mark 2 return
ip protocol tcp meta mark set 1
ip protocol udp meta mark set 1
}
}网络配置 tproxy:~# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 0a:a5:b5:db:08:40 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.6/30 scope global eth0
valid_lft forever preferred_lft forever |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
按照链接TProxy配置的
使用的alpine 防火墙用的nftables
内核版本
6.1.47-0-virt下面是配置
config.json:
{ "log": { "error": "/var/log/xray/error.log", "access": "/var/log/xray/access.log", "loglevel": "debug", "dnsLog": true }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "inboundTag": [ "all-in" ], "port": 53, "outboundTag": "dns-out" }, { "type": "field", "ip": [ "8.8.8.8", "1.1.1.1" ], "outboundTag": "a1" }, { "type": "field", "outboundTag": "direct", "domain": [ "geosite:cn", "geosite:private" ] }, { "type": "field", "outboundTag": "direct", "ip": [ "geoip:cn", "geoip:private" ] }, { "type": "field", "outboundTag": "a1", "network": "tcp,udp" } ] }, "inbounds": [ { "tag": "all-in", "port": 1080, "protocol": "dokodemo-door", "settings": { "network": "tcp,udp", "followRedirect": true }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls", "quic" ] }, "streamSettings": { "sockopt": { "tproxy": "tproxy" } } } ], "outbounds": [ { "tag": "a1", "protocol": "trojan", "settings": { "servers": [ { "address": "xxx", "port": 443, "password": "xxx" } ] }, "streamSettings": { "network": "grpc", "security": "tls", "grpcSettings": { "serviceName": "grpc" }, "sockopt": { "mark": 2 } } }, { "tag": "direct", "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4" }, "streamSettings": { "sockopt": { "mark": 2 } } }, { "tag": "block", "protocol": "blackhole", "settings": { "response": { "type": "http" } } }, { "tag": "dns-out", "protocol": "dns", "settings": { "address": "8.8.8.8" }, "proxySettings": { "tag": "a1" }, "streamSettings": { "sockopt": { "mark": 2 } } } ], "dns": { "hosts": { }, "servers": [ { "address": "119.29.29.29", "port": 53, "domains": [ "geosite:cn" ], "expectIPs": [ "geoip:cn" ] }, { "address": "223.5.5.5", "port": 53, "domains": [ "geosite:cn" ], "expectIPs": [ "geoip:cn" ] }, "8.8.8.8", "1.1.1.1" ] } }Beta Was this translation helpful? Give feedback.
All reactions