Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

为什么转发至tproxy时必须要打标记。 #287

Open
yueduz opened this issue Jul 21, 2023 · 1 comment
Open

为什么转发至tproxy时必须要打标记。 #287

yueduz opened this issue Jul 21, 2023 · 1 comment
Labels
bug Something isn't working unconfirmed Waiting investigation

Comments

@yueduz
Copy link

yueduz commented Jul 21, 2023 

#代理局域网设备
nft add table v2ray
nft add chain v2ray prerouting { type filter hook prerouting priority 0 \; }
nft add rule v2ray prerouting ip daddr {127.0.0.1/32, 224.0.0.0/4, 255.255.255.255/32} return
nft add rule v2ray prerouting meta l4proto tcp ip daddr 192.168.0.0/16 return
nft add rule v2ray prerouting ip daddr 192.168.0.0/16 udp dport != 53 return
nft add rule v2ray prerouting mark 0xff return # 直连 0xff 流量
nft add rule v2ray prerouting meta l4proto {tcp, udp} mark set 1 tproxy to 127.0.0.1:12345 accept # 转发至 V2Ray 12345 端口

最后一行删除 “mark set 1"将无法代理局域网设备;
最后一行删除” tproxy to 127.0.0.1:12345“"也将无法代理局域网设备;
这是为什么。
@yueduz yueduz added bug Something isn't working unconfirmed Waiting investigation labels Jul 21, 2023
@rp-hello
Copy link

仅针对标题回答:

TProxy 的数据包,目标地址不是本机。如果不设置 mark,那么这份报文就会被转发(被 FORWARD 链处理)而不是被 INPUT 链处理

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working unconfirmed Waiting investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yueduz @rp-hello