SagerNet / sing-box

The universal proxy platform
https://sing-box.sagernet.org/
Other
20.44k stars 2.44k forks source link

I can't listen on localhost when I use strict_route #2096

Closed hyperboreancode closed 2 months ago

hyperboreancode commented 2 months ago

Operating system

Windows

System version

10

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

1.9.4

Description

When I use strict_route in TUN I can't connect to the HTTP local server that listen on the localhost I get ERR_CONNECTION_REFUSED, but if I listen on 127.0.0.0.1 or 0.0.0.0 instead of localhost it's working, another way to make it work is to disable strict_route in sing-box configuration.

I saw in documentation that apps like VirtualBox may not work properly with strict_route, but I don't if this applies to this case.

Reproduction

Configure client:

{
  "log": {
    "level": "fatal"
  },
  "dns": {
    "independent_cache": true,
    "final": "dns-remote-proxy",
    "servers": [
      {
        "tag": "dns-remote-proxy",
        "address": "https://1.1.1.1/dns-query",
        "address_resolver": "dns-local",
        "detour": "proxy"
      },
      {
        "tag": "dns-direct",
        "address": "https://1.1.1.1/dns-query",
        "address_resolver": "dns-local",
        "detour": "direct"
      },
      {
        "address": "rcode://success",
        "tag": "dns-block"
      },
      {
        "address": "local",
        "detour": "local",
        "tag": "dns-local"
      }
    ],
    "rules": [
      {
        "query_type": [
          32,
          33
        ],
        "server": "dns-block"
      },
      {
        "domain_suffix": ".lan",
        "server": "dns-block"
      }
    ]
  },
  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "inet4_address": "172.16.0.1/30",
      "mtu": 9000,
      "auto_route": true,
      "strict_route": true,
      "sniff": true,
      "sniff_override_destination": false
    }
  ],
  "outbounds": [
    {
      "type": "vless",
      "tag": "proxy",
      "server": "",
      "server_port": 443,
      "uuid": "",
      "flow": "xtls-rprx-vision",
      "tls": {
        "enabled": true,
        "server_name": "yahoo.com",
        "utls": {
          "enabled": true,
          "fingerprint": "firefox"
        },
        "reality": {
          "enabled": true,
          "public_key": "",
          "short_id": ""
        }
      }
    },
    {
      "tag": "direct",
      "type": "direct"
    },
    {
      "tag": "block",
      "type": "block"
    },
    {
      "tag": "dns-out",
      "type": "dns"
    }
  ],
  "route": {
    "auto_detect_interface": true,
    "final": "proxy",
    "rules": [
      {
        "outbound": "dns-out",
        "protocol": "dns"
      },
      {
        "network": "udp",
        "outbound": "block",
        "port": [
          135,
          137,
          138,
          139,
          5353
        ]
      }
    ]
  }
}

Create server via node.js (You can use something else):

const http = require('http');

const hostname = 'localhost'; // If use 127.0.0.1 or 0.0.0.0 it will work
const port = 3000;

const server = http.createServer((req, res) => {
    res.statusCode = 200;
    res.setHeader('Content-Type', 'text/plain');
    res.end('Hello, this is a response from your Node.js server!\n');
});

server.listen(port, hostname, () => {
    console.log(`Server running at http://${hostname}:${port}/`);
});

Start server: node server.js

Go to http://localhost:3000/

Logs

No response

Supporter

Integrity requirements

nekohasekai commented 2 months ago

Route domain_suffix: localhost to dns-local

hyperboreancode commented 2 months ago

Still not working