Closed ryanerwin closed 5 years ago
It may caused by the (in-)compatibility of SOCKSv5 implementation. I saw this issue on another backend, but not yet to check whether your situation is the same case, although the behaviors are similar.
The SOCKSv5 client implemented on moproxy is actually not in compliance with the RFC 1928. It bypasses parts of SOCKS handshaking (version checking, auth method negotiation, etc.) by sending all the bytes the server would expect in once, directly, w/o waiting for server's ask.
This is simpler to implement and save several RTTs delay for each connection, but was found not be such friendly to some SOCKS servers.
I will try to improve this when I got time.
Just confirmed, trojan don't allow we do SOCKS in this way.
Thanks for checking into it @sorz
In the mean time I setup redsocks combined with an iptables based roundrobbin, but definitely would be far better to use moproxy
to distribute the load!
I will try to improve this when I got time.
Cool!
Hi, can you try out the latest code on master? Thanks.
Awesome! Tried it and it works great now!
When I try to run
curl
on withmoproxy
setup with a single trojan socks5 backend, I'm getting:When I check the
moproxy
log, I see this as the curl is executed:When I check the
trojan
socks5 proxy log, I see:Due to the timing of these in the logs, it seems definitive that
iptables
is forwarding my connection request tomoproxy
and through to my backend socks proxy, but the formatting of the request when moproxy provides it doesn't seem to be working for my socks proxy.I followed the redsocks method for creating the iptables rule, but also an exception so that anything running as
uid = proxy
would not get redirected tomoproxy
.my iptables rules
``` ❯❯❯ iptables -t nat -A MOPROXY -d 0.0.0.0/8 -j RETURN ❯❯❯ iptables -t nat -A MOPROXY -d 10.0.0.0/8 -j RETURN ❯❯❯ iptables -t nat -A MOPROXY -d 100.64.0.0/10 -j RETURN ❯❯❯ iptables -t nat -A MOPROXY -d 127.0.0.0/8 -j RETURN ❯❯❯ iptables -t nat -A MOPROXY -d 127.0.0.0/8 -j RETURN ❯❯❯ iptables -t nat -A MOPROXY -d 169.254.0.0/16 -j RETURN ❯❯❯ iptables -t nat -A MOPROXY -d 172.16.0.0/12 -j RETURN ❯❯❯ iptables -t nat -A MOPROXY -d 192.168.0.0/16 -j RETURN ❯❯❯ iptables -t nat -A MOPROXY -d 198.18.0.0/15 -j RETURN ❯❯❯ iptables -t nat -A MOPROXY -d 224.0.0.0/4 -j RETURN ❯❯❯ iptables -t nat -A MOPROXY -d 240.0.0.0/4 -j RETURN ❯❯❯ iptables -t nat -A MOPROXY -p tcp -m owner ! --uid-owner proxy -j REDIRECT --to-ports 2080 ❯❯❯ iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy -j MOPROXY ```Any tips on how to further debug this?
Note, running on Arch Linux (rolling release) with a stock kernel and all packages updated to current.