|
| 1 | +# Tunnel(Dokodemo-Door) |
| 2 | + |
| 3 | +Tunnel, formerly known as dokodemo-door, listens on multiple local ports and forwards all incoming data through an outbound to a specified server port, achieving the effect of port mapping. |
| 4 | + |
| 5 | +## InboundConfigurationObject |
| 6 | + |
| 7 | +```json |
| 8 | +{ |
| 9 | + "address": "8.8.8.8", |
| 10 | + "port": 53, |
| 11 | + "portMap": { |
| 12 | + "5555": "1.1.1.1:7777", |
| 13 | + "5556": ":8888", // overrides port only |
| 14 | + "5557": "example.com:" // overrides address only |
| 15 | + }, |
| 16 | + "network": "tcp", |
| 17 | + "followRedirect": false, |
| 18 | + "userLevel": 0 |
| 19 | +} |
| 20 | +``` |
| 21 | + |
| 22 | +> `address`: address |
| 23 | +
|
| 24 | +The address to forward the traffic to. It can be an IP address like `"1.2.3.4"` or a domain name like `"xray.com"`. It is a string type, default `"localhost"`. |
| 25 | + |
| 26 | +When `followRedirect` (see below) is set to `true`, `address` can be empty. |
| 27 | + |
| 28 | +> `port`: number |
| 29 | +
|
| 30 | +The specified port on the destination address to forward the traffic to, range \[0, 65535\], numeric type. If not filled or set to 0, it defaults to the listening port. |
| 31 | + |
| 32 | +> `portMap`: map[string]string |
| 33 | +
|
| 34 | +A map maps local ports and required remote addresses/ports (if the inbound listens on several ports). If a local port is not included, handles according to `address`/`port` setting. |
| 35 | + |
| 36 | +> `network`: "tcp" | "udp" | "tcp,udp" |
| 37 | +
|
| 38 | +The supported network protocol type. For example, when specified as `"tcp"`, it will only receive TCP traffic. The default value is `"tcp"`. |
| 39 | + |
| 40 | +> `followRedirect`: true | false |
| 41 | +
|
| 42 | +When set to `true`, dokodemo-door will recognize data forwarded by iptables and forward it to the corresponding destination address. |
| 43 | + |
| 44 | +Refer to the `tproxy` setting in the [Transport Configuration](../transport.md#sockoptobject) for more information. |
| 45 | + |
| 46 | +> `userLevel`: number |
| 47 | +
|
| 48 | +The user level that the connection will use to determine the corresponding [Local Policy](../policy.md#levelpolicyobject). |
| 49 | + |
| 50 | +The value of `userLevel` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0. |
| 51 | + |
| 52 | +## Usage |
| 53 | + |
| 54 | +Dokodemo-door can be used as Transparent proxy (in the next section) and can be used to map a port. |
| 55 | + |
| 56 | +Some services do not support proxy likes Socks5, but using Tun or Tproxy could be too complicated. If these services only communicate with a single IP address and port (example: iperf, Minecraft server, Wireguard endpoint), dokodemo-door can be used. |
| 57 | + |
| 58 | +Below is an example config (if the default outbound is an effective proxy): |
| 59 | + |
| 60 | +```json |
| 61 | +{ |
| 62 | + "listen": "127.0.0.1", |
| 63 | + "port": 25565, |
| 64 | + "protocol": "tunnel", |
| 65 | + "settings": { |
| 66 | + "address": "mc.hypixel.net", |
| 67 | + "port": 25565, |
| 68 | + "network": "tcp", |
| 69 | + "followRedirect": false, |
| 70 | + "userLevel": 0 |
| 71 | + }, |
| 72 | + "tag": "mc" |
| 73 | +} |
| 74 | +``` |
| 75 | + |
| 76 | +The core will listen at `127.0.0.1:25565`, and the traffic coming in through this inbound will be send to `mc.hypixel.net:25565` (a Minecraft server) through the default outbound. Then you can connect the Minecraft client to the Hypixel server through the proxy by set the game server to `127.0.0.1:25565` in the Minecraft client. |
| 77 | + |
| 78 | +## Transparent Proxy Configuration Example |
| 79 | + |
| 80 | +Please refer to the [Transparent Proxy (TProxy) Configuration Tutorial](../../document/level-2/tproxy) for this section. |
0 commit comments