GithubHelp home page GithubHelp logo

Comments (25)

hutozh avatar hutozh commented on June 26, 2024

有没有什么办法知道,开启规则后,有没有成功?

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

@hutozh 看了一下你的log ,基本症状是连不上 V2Ray 服务器。你的服务器IP有没有填在“访问控制”的“额外被忽略IP”里面?

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

开启以后,可以在“工作状态”-“代理规则”后面看到“存在”,这个时候查看系统防火墙,也会有“TP_SPEC_”的几个链。

from luci-app-transparent-proxy.

hutozh avatar hutozh commented on June 26, 2024

@techotaku 访问控制里暂时留空,什么也没填。
同时我路由器里按照这里:https://cokebar.info/archives/664,安装了ss,chinadns,dns转发。不知道会不会有影响?

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

@hutozh DNS转发应该不要紧,但是 “额外被忽略IP” 是必填的……V2服务器IP需要填在这里。简单一点的解释是这里设定的规则会首先接管所有包的传输,然后按照访问控制来走,默认是都走代理,所以需要把服务器IP填在忽略里。你可以参考一下 Get Started

from luci-app-transparent-proxy.

hutozh avatar hutozh commented on June 26, 2024

@techotaku 可以了,就是因为“额外被忽略IP”没填,是我没仔细看,你明明写着呢。
非常感谢你的帮助。有这个太方便了。

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

没事,我回头把文档再整一下……

from luci-app-transparent-proxy.

hutozh avatar hutozh commented on June 26, 2024

不知道为什么,看youtube视频,要转很久很久才开始播放,打开网页速度还行。只用那三条iptabels命令也没问题。v2ray也没什么错误日志。

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

可能是 udp 转发的问题,可以考虑关掉 udp 转发(关掉以后应该Chrome就能直接探测到 QUIC不可用 )或者在 Chrome 禁用 QUIC。我也遇到过这个问题……在V2群里问过,大佬的答复是关掉 QUIC。Chrome对谷歌系的网站默认启用QUIC,会先发简单的udp包探测,这种简单的udp包是能被V2代理的(V2透明代理udp DNS或者 udp echo back也没问题我都试过了),但是后面承载数据的 udp 包貌似 V2处理起来有些问题。

from luci-app-transparent-proxy.

hutozh avatar hutozh commented on June 26, 2024

我再试试。配置界面的udp转发,和v2配置文件里的udp转发是一样的吗?是两个都要关掉吗?
另外听说chromecast或google home需要开udp转发,如果是这样的话,关udp也不行。。。

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

@hutozh 配置里的 udp转发 去掉勾就行。chromecast或google home 没用过,不过你用 这个帖子 里如下 iptables 命令没问题的话,这边应该也没问题,因为他那边也没处理udp包……

iptables -t nat -N V2RAY
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -p tcp -j V2RAY

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

经过我实测是在如下的路径上 v2的udp转发(udp over tcp)会可能出问题:
UDP客户端 >> iptables redirect to dokodemo >> [Router] V2Ray Client -> V2Ray TCP Outbound (tcp / ws) >> [Server] V2Ray Server TCP Inbound -> direct to Real UDP Server

from luci-app-transparent-proxy.

hutozh avatar hutozh commented on June 26, 2024

刚又测试了一下,关了luci的udp转发,配置文件里开启udp转发,目前正常使用。luci里udp转发开户,youtube就废了。

from luci-app-transparent-proxy.

hutozh avatar hutozh commented on June 26, 2024

另外想请教一下,如果这里和ss同时开启,那么上网会走哪呢?

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

你是说ss的luci还是说只把ss-local跑起来?
如果是ss的luci的话挺难说,看具体的iptables的执行顺序……
如果只是把ss-local跑起来,你可以在我这个luci里面指定重定向的端口,重定向到v2的端口就走v2,重定向到ss的端口就走ss。我当时做这个就是有段时间有频繁切换v2/ss的需求……

from luci-app-transparent-proxy.

hutozh avatar hutozh commented on June 26, 2024

ss我是用的luci,就是不知道你这个和ss那个规则谁靠前了,现在我把ss关了。
还想请教一个问题,路由器里流量顺序是怎样的?手机/电脑发起连接,最先经过iptables还是dnsmasq,然后根据规则到达v2的dokodemo吗?

from luci-app-transparent-proxy.

flipphos avatar flipphos commented on June 26, 2024

from luci-app-transparent-proxy.

hutozh avatar hutozh commented on June 26, 2024

@flipphos 按这里添加的:https://toutyrater.github.io/app/transparent_proxy.html
"inbound": {
"domainOverride":["tls","http"],
"port":12345,
"protocol":"dokodemo-door",
"settings":{
"network": "tcp,udp",
"followRedirect": true,
"udp":true
}
},

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

@hutozh 先过 iptables,符合规则的就会转发。一般 DNS 查询包会直接放行给 dnsmasq 的监听端口,因为大部分情况下查询你的网关(路由器本身的内网 IP),这个是不会转发给代理的。 dnsmasq 只做解析(如果开了 ipset 还会做 ipset 的标记),不会转发流量,起到一个域名免污染、国内加速或者GFW黑名单的作用(配合 chinadns 等),以及 ipset 分流标记的作用。

from luci-app-transparent-proxy.

hutozh avatar hutozh commented on June 26, 2024

@techotaku 是否可以这样理解,客户端访问,经过iptables,然后iptables如果没有相应转发规则,dns查询默认转给dnsmasq。这样的话,v2里面的dns模块就可以不用了。

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

@hutozh 是的,路由器配好 chinadns 那一套的话,不需要v2来处理解析。v2的解析、路由分流这些,用在普通中转上很方便,在路由器上一般都已经有解决方案了。

from luci-app-transparent-proxy.

hutozh avatar hutozh commented on June 26, 2024

@techotaku 现在网络流程,我这么理解对吗?
1、在你这个luci设置了china列表,也就是dns解析完了,和这里匹配成功,直接走国内,不经v2。
2、如果匹配不成功,转发给v2,然后v2再用内置路由功能匹配一次,成功走freedom,否则走vmess。
2、网络流程:客户端↔DNSMASQ↔ chinadns→匹配直接走国内。
↓不匹配转到v2

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

@hutozh 差不多就这样。

from luci-app-transparent-proxy.

hutozh avatar hutozh commented on June 26, 2024

@techotaku 真的感谢你的帮助,现在已经基本达到我想要的状态。dnsmasq+chinadns+v2ray。
v2ray程序删减模块后只有5.34M,v2配置文件只保留一个入站透明代理,一个出站vmess。

from luci-app-transparent-proxy.

techotaku avatar techotaku commented on June 26, 2024

@hutozh 不客气。

from luci-app-transparent-proxy.

Related Issues (7)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.