{
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
"followRedirect": true
}
}
# Create new chain
iptables -t nat -N PROXY
# Ignore proxy server address
iptables -t nat -A PROXY -d "ServerIP" -j RETURN
# Ignore local IPv4 address destinations to bypass the proxy
iptables -t nat -A PROXY -d 0.0.0.0/8 -j RETURN
iptables -t nat -A PROXY -d 10.0.0.0/8 -j RETURN
iptables -t nat -A PROXY -d 127.0.0.0/8 -j RETURN
iptables -t nat -A PROXY -d 169.254.0.0/16 -j RETURN
iptables -t nat -A PROXY -d 172.16.0.0/12 -j RETURN
iptables -t nat -A PROXY -d 192.168.0.0/16 -j RETURN
iptables -t nat -A PROXY -d 224.0.0.0/4 -j RETURN
iptables -t nat -A PROXY -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to Dokodemo-door's local port
iptables -t nat -A PROXY -p tcp -j REDIRECT --to-ports 12345
# Transparent proxy for this machine
iptables -t nat -A OUTPUT -p tcp -j PROXY
# Transparent proxy for other LAN devices
iptables -t nat -A PREROUTING -p tcp -j PROXY
Transparent Proxy | V2Ray Beginner's Guide
{
"port": 12345,
"listen": "127.0.0.1",
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
# Identify TCP packets with destination address matching a local socket, set the packet mark to 1
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
# Match on packet mark 1 using policy routing to have those packets delivered locally
ip rule add fwmark 1 table 100
ip route add local default dev lo table 100
# Create new chain
iptables -t mangle -N PROXY
# Routed devices won't be able to reach the server with this
# iptables -t mangle -A PROXY -d "ServerIP" -j RETURN
# Set local IPv4 address destinations to bypass the proxy
iptables -t mangle -A PROXY -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A PROXY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A PROXY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A PROXY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A PROXY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A PROXY -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A PROXY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A PROXY -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to the port dokodemo-door listens on
iptables -t mangle -A PROXY -p tcp -j TPROXY --on-ip 127.0.0.1 --on-port 12345 --tproxy-mark 1
# Transparent proxy for routed devices
iptables -t mangle -A PREROUTING -j PROXY
# ---
# Create new chain for proxying the router
iptables -t mangle -N PROXY_LOCAL
# Set proxy server address to bypass the proxy
iptables -t mangle -A PROXY_LOCAL -d "ServerIP" -j RETURN
# Set local IPv4 address destinations to bypass the proxy
iptables -t mangle -A PROXY_LOCAL -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A PROXY_LOCAL -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A PROXY_LOCAL -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A PROXY_LOCAL -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A PROXY_LOCAL -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A PROXY_LOCAL -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A PROXY_LOCAL -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A PROXY_LOCAL -d 240.0.0.0/4 -j RETURN
# Mark anything else as 1
iptables -t mangle -A PROXY_LOCAL -p tcp -j MARK --set-mark 1
# Transparent proxy for the router
iptables -t mangle -A OUTPUT -j PROXY_LOCAL