search

nadoo / glider

glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
GNU General Public License v3.0
3.04k stars 417 forks source link

Glider v0.10.0 doesn't work with `listen=redir + forward=trojan` setting #163

Closed bnuhero closed 4 years ago

bnuhero commented 4 years ago

If glider v0.10.0 listens as a socks5 proxy and forwards to a trojan server, it works like a charm.

If glider listens as a transparent proxy and forwards to the same trojan server, we keep getting the following error messages.

... 020/05/06 12:38:45 forward.go:118: [forwarder] trojan_server:443 recorded 1521 failures, maxfailures: 3 2020/05/06 12:38:45 redir_linux.go:109: [redir] source_ip:port1 <-> dest_ip:port via ftrojan_server:443, error in dial: read tcp source_ip:port2->trojan_server_ip:443: read: connection reset by peer ...

nadoo commented 4 years ago

I tested and no problem here, you can follow the instructions blow: https://github.com/nadoo/glider/tree/master/config/examples/9.transparent_proxy_without_dnsmasq

nadoo commented 4 years ago

May I know what happened please? no problem now? πŸ˜ƒ

bnuhero commented 4 years ago

No, it doesn't work. I run glider on the ASUS router with asuswrt-merlin 384.17 and linux kernel 2.6.36. Maybe trojan doesn't work as a transparent proxy in this router. l am sure the glider setting and iptables rules are OK because other forward proxies (shadowsocks, vvmess etc.) do work.

nadoo notifications@github.com 于 2020εΉ΄5月9ζ—₯周六 δΈ‹εˆ4:00ε†™ι“οΌš

May I know what happened please? no problem now? πŸ˜ƒ

β€” You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/nadoo/glider/issues/163#issuecomment-626125321, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMV3MVRI4RRN2774DQEP7TRQUEQ7ANCNFSM4M2NTRCQ .

nadoo commented 4 years ago

Strange, the listener and forwarder are independent, so if trojan forwarder worked with socks5 listener, it should also work with redir, I've tested and it worked in my environment (x86 box with debian 10). I have no clue about the reason why this could happen.

nadoo commented 4 years ago

Maybe that was affected by your iptables settings, e.g. a wrong reject rule?

bnuhero commented 4 years ago

All other forward proxies do work with the same glider setting and iptables rules. The error message in the first post shows that the listener (redir) tried to talk to the remote trojan Server but failed. I have tried to run trojan directly (without glider) in the router and got the same result: socks5 proxy worked and transparent proxy failed.

nadoo notifications@github.com 于 2020εΉ΄5月9ζ—₯周六 δΈ‹εˆ4:39ε†™ι“οΌš

Maybe that was affected by your iptables settings, e.g. a wrong reject rule?

β€” You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/nadoo/glider/issues/163#issuecomment-626129947, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMV3MQTYJAXRU5QHKRVXJDRQUJEHANCNFSM4M2NTRCQ .

nadoo commented 4 years ago

The only difference is the trojan server's host and port, maybe there're some iptables rules related to the trojan server's ip or port?