Replies: 3 comments
-
|
应该是路由和规则没设置 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
今天又来逛了下,发现你的出站设置"mark": 255,但防火墙怎么没有相应的return?不会死循环? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
最近换成了tproxy遇到了和你一样的问题 甚至配置环境都一样 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
尝试在开启透明代理之后就无法上网,观察日志和抓包发现所有的TCP请求都卡在了SYN这一步:
但是奇怪的是UDP数据包却正常得到了转发:
我的V2ray配置如下:
{ "log":{ "loglevel":"debug" }, "inbounds": [ { "tag": "transparent", "port": 12345, "protocol": "dokodemo-door", "settings": { "network": "tcp,udp", "followRedirect": true }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "streamSettings": { "sockopt": { "tproxy": "tproxy" } } }, { "port": 1080, "protocol": "socks", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "settings": { "auth": "noauth" } } ], "outbounds": [ { "tag": "proxy", "protocol": "vmess", "settings": { "vnext": [ { "address": "<my server ip>", "port": 443, "users": [ { "id": "*", "alterId": 64, "email": "[email protected]", "security": "auto" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "allowInsecure": false, "serverName": "<my server ip>" }, "wsSettings": { "path": "/upload", "headers": { "Host": "<my server ip>" } } }, "mux": { "enabled": true, "concurrency": 8 } }, { "tag": "direct", "protocol": "freedom", "settings": { "domainStrategy": "UseIP" }, "streamSettings": { "sockopt": { "mark": 255 } } }, { "tag": "block", "protocol": "blackhole", "settings": { "response": { "type": "http" } } }, { "tag": "dns-out", "protocol": "dns", "streamSettings": { "sockopt": { "mark": 255 } } } ], "dns": { "servers": [ "8.8.8.8", "1.1.1.1", "114.114.114.114", { "address": "223.5.5.5", "port": 53, "domains": [ "geosite:cn", "ntp.org", "<my server domain>" ] } ] }, "routing": { "domainStrategy": "IPOnDemand", "rules": [ { "type": "field", "inboundTag": [ "transparent" ], "port": 53, "network": "udp", "outboundTag": "dns-out" }, { "type": "field", "inboundTag": [ "transparent" ], "port": 123, "network": "udp", "outboundTag": "direct" }, { "type": "field", "ip": [ "223.5.5.5", "114.114.114.114" ], "outboundTag": "direct" }, { "type": "field", "ip": [ "8.8.8.8", "1.1.1.1" ], "outboundTag": "proxy" }, { "type" :"field", "domain":[ "<my server domain>", "ntp.aliyun.com" ], "outboundTag":"direct" }, { "type": "field", "domain": [ "geosite:category-ads-all" ], "outboundTag": "block" }, { "type": "field", "protocol": [ "bittorrent" ], "outboundTag": "direct" }, { "type": "field", "ip": [ "geoip:private", "geoip:cn" ], "outboundTag": "direct" }, { "type": "field", "domain": [ "geosite:cn" ], "outboundTag": "direct" } ] } }使用的Iptables命令:
iptables -t mangle -N V2RAY iptables -t mangle -A V2RAY -d 127.0.0.1/32 -j RETURN iptables -t mangle -A V2RAY -d 224.0.0.0/4 -j RETURN iptables -t mangle -A V2RAY -d 255.255.255.255/32 -j RETURN iptables -t mangle -A V2RAY -d 192.168.0.0/16 -p tcp -j RETURN iptables -t mangle -A V2RAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN iptables -t mangle -A V2RAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 1 iptables -t mangle -A V2RAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1 iptables -t mangle -A PREROUTING -j V2RAY直接使用1080的socks是可以上网的,但是tproxy的tcp流量就不行
各位大佬有什么思路吗?不胜感谢,谢谢!
Beta Was this translation helpful? Give feedback.
All reactions