xray没有收到tproxy转发的数据?

[Torinomii]

Hello~ 我正在折腾PVE里的LXC-openwrt，遇到了个奇怪的问题。 启动xray后能看到tproxy转发数据到xray，但是xray的日志没有相关的数据。

PC使用http proxy 1083，能够正常转发。

环境: Proxmox VE 8.0.3+LXC 特权container+openwrt 22.03.5_x86_64

端口监听

配置文件

config general
    option xray_bin '/usr/bin/xray'
    option dns_port '5300'
    option dns_count '3'
    list bypassed_domain_rules 'geosite:cn'
    option wan_bp_list '/dev/null'
    option lan_target 'TP_SPEC_WAN_AC'
    option lan_ifaces 'br-lan'
    option xray_api '1'
    option conn_idle '300'
    option handshake '4'
    option uplink_only '2'
    option downlink_only '5'
    option buffer_size '512'
    option loglevel 'debug'
    option access_log '1'
    option transparent_proxy_enable '1'
    option fast_dns '223.5.5.5'
    option default_dns '1.1.1.1'
    option tproxy_sniffing '1'
    option direct_bittorrent '1'
    option fw4_counter '1'
    option main_server 'cfg024a8f'
    option tproxy_udp_server 'cfg024a8f'
    option mark '255'
    option transparent_default_port_policy 'forwarded'
    list geoip_direct_code_list 'cn'
    option tproxy_port_tcp '1080'
    option tproxy_port_udp '1081'
    option socks_port '1082'
    option http_port '1083'
    option secure_dns '8.8.8.8'
    list forwarded_domain_rules 'geosite:geolocation-!cn'
    option routing_domain_strategy 'AsIs'
    list wan_bp_ips '114.114.114.114'
    list wan_bp_ips '223.5.5.5'

config servers
    option alias 'VLESS'
    option server 'MyServerIP'
    option domain_strategy 'UseIP'
    option server_port '443'
    option password 'xxxxxxx-xxxxxxxxx'
    option protocol 'vless'
    option vless_encryption 'none'
    option vless_tls 'reality'
    option vless_flow_reality 'xtls-rprx-vision'
    option vless_reality_fingerprint 'randomized'
    option vless_reality_server_name 'www.microsoft.com'
    option vless_reality_public_key 'AUi-xxxxxxxxxxxxxxxxxxxxxxxx'
    option vless_reality_short_id 'xxxxxxxxxxxx'
    option transport 'tcp'
    option tcp_guise 'none'
    option dialer_proxy 'disabled'

nft规则

table inet fw4 {
        set tp_spec_src_ac {
                type ether_addr
                size 65536
        }

        set tp_spec_src_bp {
                type ether_addr
                size 65536
        }

        set tp_spec_src_fw {
                type ether_addr
                size 65536
        }

        set tp_spec_dst_sp {
                type ipv4_addr
                size 65536
                flags interval
                elements = { 0.0.0.0/8, 10.0.0.0/8,
                             100.64.0.0/10, 127.0.0.0/8,
                             169.254.0.0/16, 172.16.0.0/12,
                             192.0.0.0/24, 192.31.196.0/24,
                             192.52.193.0/24, 192.88.99.0/24,
                             192.168.0.0/16, 192.175.48.0/24,
                             224.0.0.0-255.255.255.255 }
        }

        set tp_spec_dst_bp {
                type ipv4_addr
                size 65536
                flags interval
                elements = { 114.114.114.114, 223.5.5.5 }
        }

        set tp_spec_dst_fw {
                type ipv4_addr
                size 65536
                flags interval
                elements = { 8.8.8.8 }
        }

        set tp_spec_def_gw {
                type ipv4_addr
                size 65536
                flags interval
                elements = { MyIPv4 }
        }

        chain xray_prerouting {
                meta nftrace set 1
                type filter hook prerouting priority filter; policy accept;
                meta mark 0x000000fc counter packets 1636 bytes 93502 goto tp_spec_wan_ac
                iifname "br-lan" counter packets 52796 bytes 14566695 goto tp_spec_lan_dg
        }

        chain xray_output {
                type route hook output priority filter; policy accept;
                counter packets 50297 bytes 37316254 goto tp_spec_wan_dg
        }

        chain tp_spec_lan_ac {
                ether saddr @tp_spec_src_bp counter packets 0 bytes 0 return
                ether saddr @tp_spec_src_fw counter packets 0 bytes 0 goto tp_spec_wan_fw
                ether saddr @tp_spec_src_ac counter packets 0 bytes 0 goto tp_spec_wan_ac
                counter packets 19058 bytes 1127862 goto tp_spec_wan_ac
        }

        chain tp_spec_lan_dg {
                ip daddr @tp_spec_dst_fw counter packets 881 bytes 57698 goto tp_spec_lan_re
                ip daddr @tp_spec_dst_sp counter packets 33625 bytes 13429635 return
                ip daddr @tp_spec_dst_bp counter packets 16 bytes 1086 return
                ip daddr @tp_spec_def_gw counter packets 0 bytes 0 return
                counter packets 18274 bytes 1078276 goto tp_spec_lan_re
        }

        chain tp_spec_lan_re {
                meta l4proto { tcp, udp } counter packets 19058 bytes 1127862 goto tp_spec_lan_ac
        }

        chain tp_spec_wan_ac {
                ip daddr @tp_spec_dst_fw counter packets 866 bytes 56438 goto tp_spec_wan_fw
                ip daddr @tp_spec_dst_bp counter packets 0 bytes 0 return
                counter packets 19828 bytes 1164926 goto tp_spec_wan_fw
        }

        chain tp_spec_wan_dg {
                meta mark 0x000000ff counter packets 24765 bytes 8569806 return
                ip daddr @tp_spec_dst_fw counter packets 0 bytes 0 goto tp_spec_wan_re
                ip daddr @tp_spec_dst_sp counter packets 22944 bytes 28476532 return
                ip daddr @tp_spec_dst_bp counter packets 0 bytes 0 return
                ip daddr @tp_spec_def_gw counter packets 0 bytes 0 return
                counter packets 2588 bytes 269916 goto tp_spec_wan_re
        }

        chain tp_spec_wan_re {
                meta l4proto { tcp, udp } counter packets 1707 bytes 96342 meta mark set 0x000000fc
        }

        chain tp_spec_wan_fw {
                meta l4proto tcp counter packets 17905 bytes 990748 meta mark set 0x000000fb tproxy ip to 0.0.0.0:1080 accept
                meta l4proto udp counter packets 2789 bytes 230616 meta mark set 0x000000fb tproxy ip to 0.0.0.0:1081 accept
        }

        chain input {
                type filter hook input priority filter; policy accept;
                iifname "lo" accept comment "!fw4: Accept traffic from loopback"
                ct state established,related accept comment "!fw4: Allow inbound established and related flows"
                tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
                iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
                iifname "pppoe-wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
        }

        chain forward {
                type filter hook forward priority filter; policy drop;
                ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
                iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
                iifname "pppoe-wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
                jump handle_reject
        }

        chain output {
                type filter hook output priority filter; policy accept;
                oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
                ct state established,related accept comment "!fw4: Allow outbound established and related flows"
                oifname "br-lan" jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic"
                oifname "pppoe-wan" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic"
        }

        chain prerouting {
                type filter hook prerouting priority filter; policy accept;
                iifname "br-lan" jump helper_lan comment "!fw4: Handle lan IPv4/IPv6 helper assignment"
        }

        chain handle_reject {
                meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
                reject comment "!fw4: Reject any other traffic"
        }

        chain syn_flood {
                limit rate 25/second burst 50 packets return comment "!fw4: Accept SYN packets below rate-limit"
                drop comment "!fw4: Drop excess packets"
        }

        chain input_lan {
                jump accept_from_lan
        }

        chain output_lan {
                jump accept_to_lan
        }

        chain forward_lan {
                jump accept_to_wan comment "!fw4: Accept lan to wan forwarding"
                jump accept_to_lan
        }

        chain helper_lan {
        }

        chain accept_from_lan {
                iifname "br-lan" counter packets 21274 bytes 1517572 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
        }

        chain accept_to_lan {
                oifname "br-lan" counter packets 218 bytes 31772 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
        }

        chain input_wan {
                meta nfproto ipv4 udp dport 68 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCP-Renew"
                icmp type echo-request counter packets 64 bytes 5388 accept comment "!fw4: Allow-Ping"
                meta nfproto ipv4 meta l4proto igmp counter packets 0 bytes 0 accept comment "!fw4: Allow-IGMP"
                meta nfproto ipv6 udp dport 546 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCPv6"
                ip6 saddr fe80::/10 icmpv6 type . icmpv6 code { mld-listener-query . no-route, mld-listener-report . no-route, mld-listener-done . no-route, mld2-listener-report . no-route } counter packets 0 bytes 0 accept comment "!fw4: Allow-MLD"
                icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply, nd-router-solicit, nd-router-advert } limit rate 1000/second counter packets 4 bytes 416 accept comment "!fw4: Allow-ICMPv6-Input"
                icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, nd-neighbor-solicit . no-route, nd-neighbor-advert . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Input"
                jump reject_from_wan
        }

        chain output_wan {
                jump accept_to_wan
        }

        chain forward_wan {
                icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
                icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
                meta l4proto esp counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-IPSec-ESP"
                udp dport 500 counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-ISAKMP"
                jump reject_to_wan
        }

        chain accept_to_wan {
                oifname "pppoe-wan" counter packets 342 bytes 23781 accept comment "!fw4: accept wan IPv4/IPv6 traffic"
        }

        chain reject_from_wan {
                iifname "pppoe-wan" counter packets 1995 bytes 225008 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
        }

        chain reject_to_wan {
                oifname "pppoe-wan" counter packets 0 bytes 0 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
        }

        chain dstnat {
                type nat hook prerouting priority dstnat; policy accept;
        }

        chain srcnat {
                type nat hook postrouting priority srcnat; policy accept;
                oifname "pppoe-wan" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
        }

        chain srcnat_wan {
                meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 wan traffic"
        }

        chain raw_prerouting {
                type filter hook prerouting priority raw; policy accept;
        }

        chain raw_output {
                type filter hook output priority raw; policy accept;
        }

        chain mangle_prerouting {
                type filter hook prerouting priority mangle; policy accept;
        }

        chain mangle_postrouting {
                type filter hook postrouting priority mangle; policy accept;
        }

        chain mangle_input {
                type filter hook input priority mangle; policy accept;
        }

        chain mangle_output {
                type route hook output priority mangle; policy accept;
        }

        chain mangle_forward {
                type filter hook forward priority mangle; policy accept;
                iifname "pppoe-wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing"
                oifname "pppoe-wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing"
        }
}

nft monitor trace

trace id 2d88d5a7 inet fw4 xray_prerouting packet: iif "br-lan" ether saddr 70:85:f3:e8:de:d5 ether daddr ca:4f:45:0c:3f:ae ip saddr 192.168.201.189 ip daddr 142.251.42.238 ip dsc
trace id 2d88d5a7 inet fw4 xray_prerouting rule meta nftrace set 1 (verdict continue)                                                                   
trace id 2d88d5a7 inet fw4 xray_prerouting rule iifname "br-lan" counter packets 2949 bytes 370949 goto tp_spec_lan_dg (verdict goto tp_spec_lan_dg)
trace id 2d88d5a7 inet fw4 tp_spec_lan_dg rule counter packets 2191 bytes 144384 goto tp_spec_lan_re (verdict goto tp_spec_lan_re)               
trace id 2d88d5a7 inet fw4 tp_spec_lan_re rule meta l4proto { tcp, udp } counter packets 2247 bytes 147820 goto tp_spec_lan_ac (verdict goto tp_spec_lan_ac)
trace id 2d88d5a7 inet fw4 tp_spec_lan_ac rule counter packets 2247 bytes 147820 goto tp_spec_wan_ac (verdict goto tp_spec_wan_ac)                                     
trace id 2d88d5a7 inet fw4 tp_spec_wan_ac rule counter packets 2267 bytes 146940 goto tp_spec_wan_fw (verdict goto tp_spec_wan_fw)                                                 
trace id 2d88d5a7 inet fw4 tp_spec_wan_fw rule meta l4proto tcp counter packets 2117 bytes 135197 meta mark set 0x000000fb tproxy ip to 0.0.0.0:1080 accept (verdict accept)

Xray日志

Wed Jul 12 08:39:16 2023 daemon.info xray[47717]: 2023/07/12 00:39:16 [Warning] core: Xray 1.8.3 started
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Debug] [3263080835] proxy/dokodemo: processing connection from: 127.0.0.1:40888
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] [3263080835] proxy/dokodemo: received request for 127.0.0.1:40888
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] [3263080835] app/dispatcher: taking detour [dns_server_outbound] for [udp:1.1.1.1:53]
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] [3263080835] proxy/dns: handling DNS traffic to udp:1.1.1.1:53
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 127.0.0.1:40888 accepted udp:1.1.1.1:53 [dns_server_inbound_5300 -> dns_server_outbound]
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Debug] app/dns: domain catalog.gamepass.com matches following rules: [geosite:geolocation-!cn(DNS idx:2)]
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Debug] app/dns: domain catalog.gamepass.com will use DNS in order: [UDP:8.8.8.8:53 UDP:1.1.1.1:53 UDP:223.5.5.5:53]
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Debug] app/dns: UDP:8.8.8.8:53 querying DNS for: catalog.gamepass.com.
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Debug] transport/internet/udp: dispatch request to: udp:8.8.8.8:53
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] transport/internet/udp: establishing new connection for udp:8.8.8.8:53
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] app/dispatcher: taking detour [tcp_outbound] for [udp:8.8.8.8:53]
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] transport/internet/tcp: dialing TCP to tcp:MyServerIP:443
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Debug] transport/internet: dialing to tcp:MyServerIP:443
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 DNS accepted udp:8.8.8.8:53 [dns_conf_inbound -> tcp_outbound]
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Debug] [3231053880] proxy/dokodemo: processing connection from: 127.0.0.1:40888
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] [3231053880] proxy/dokodemo: received request for 127.0.0.1:40888
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] [3231053880] app/dispatcher: taking detour [dns_server_outbound] for [udp:1.1.1.1:53]
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] [3231053880] proxy/dns: handling DNS traffic to udp:1.1.1.1:53
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 127.0.0.1:40888 accepted udp:1.1.1.1:53 [dns_server_inbound_5301 -> dns_server_outbound]
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] proxy/vless/outbound: tunneling request to udp:8.8.8.8:53 via MyServerIP:443
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] app/dns: UDP:8.8.8.8:53 got answer: catalog.gamepass.com. TypeA -> [139.175.236.49 139.175.236.40] 108.508761ms
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Debug] app/dns: UDP:8.8.8.8:53 updating IP records for domain:catalog.gamepass.com.
Wed Jul 12 08:39:20 2023 daemon.info xray[47717]: 2023/07/12 00:39:20 [Info] app/dns: UDP:8.8.8.8:53 got answer: catalog.gamepass.com. TypeA -> [139.175.236.49 139.175.236.40] 136.538906ms
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Debug] [1462679921] proxy/dokodemo: processing connection from: 127.0.0.1:47304
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Info] [1462679921] proxy/dokodemo: received request for 127.0.0.1:47304
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Info] [1462679921] app/dispatcher: taking detour [dns_server_outbound] for [udp:1.1.1.1:53]
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Info] [1462679921] proxy/dns: handling DNS traffic to udp:1.1.1.1:53
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 127.0.0.1:47304 accepted udp:1.1.1.1:53 [dns_server_inbound_5300 -> dns_server_outbound]
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Debug] app/dns: domain v10.events.data.microsoft.com matches following rules: [geosite:geolocation-!cn(DNS idx:2)]
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Debug] app/dns: domain v10.events.data.microsoft.com will use DNS in order: [UDP:8.8.8.8:53 UDP:1.1.1.1:53 UDP:223.5.5.5:53]
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Debug] app/dns: UDP:8.8.8.8:53 querying DNS for: v10.events.data.microsoft.com.
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Debug] transport/internet/udp: dispatch request to: udp:8.8.8.8:53
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Debug] [2393378482] proxy/dokodemo: processing connection from: 127.0.0.1:47304
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Info] [2393378482] proxy/dokodemo: received request for 127.0.0.1:47304
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Info] [2393378482] app/dispatcher: taking detour [dns_server_outbound] for [udp:1.1.1.1:53]
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Info] [2393378482] proxy/dns: handling DNS traffic to udp:1.1.1.1:53
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 127.0.0.1:47304 accepted udp:1.1.1.1:53 [dns_server_inbound_5301 -> dns_server_outbound]
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Info] app/dns: UDP:8.8.8.8:53 got answer: v10.events.data.microsoft.com. TypeA -> [20.42.73.25] 38.903624ms
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Debug] app/dns: UDP:8.8.8.8:53 updating IP records for domain:v10.events.data.microsoft.com.
Wed Jul 12 08:39:24 2023 daemon.info xray[47717]: 2023/07/12 00:39:24 [Info] app/dns: UDP:8.8.8.8:53 got answer: v10.events.data.microsoft.com. TypeA -> [52.182.143.211] 35.722869ms
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 [Debug] [3731593187] proxy/dokodemo: processing connection from: 127.0.0.1:50265
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 [Info] [3731593187] proxy/dokodemo: received request for 127.0.0.1:50265
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 [Info] [3731593187] app/dispatcher: taking detour [dns_server_outbound] for [udp:1.1.1.1:53]
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 [Info] [3731593187] proxy/dns: handling DNS traffic to udp:1.1.1.1:53
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 127.0.0.1:50265 accepted udp:1.1.1.1:53 [dns_server_inbound_5300 -> dns_server_outbound]
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 [Debug] app/dns: domain gateway.discord.gg matches following rules: [geosite:geolocation-!cn(DNS idx:2) geosite:geolocation-!cn(DNS idx:2)]
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 [Debug] app/dns: domain gateway.discord.gg will use DNS in order: [UDP:8.8.8.8:53 UDP:1.1.1.1:53 UDP:223.5.5.5:53]
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 [Debug] app/dns: UDP:8.8.8.8:53 querying DNS for: gateway.discord.gg.
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 [Debug] transport/internet/udp: dispatch request to: udp:8.8.8.8:53
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 [Debug] [3057002629] proxy/dokodemo: processing connection from: 127.0.0.1:50265
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 [Info] [3057002629] proxy/dokodemo: received request for 127.0.0.1:50265
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 [Info] [3057002629] app/dispatcher: taking detour [dns_server_outbound] for [udp:1.1.1.1:53]
Wed Jul 12 08:39:25 2023 daemon.info xray[47717]: 2023/07/12 00:39:25 127.0.0.1:50265 accepted udp:1.1.1.1:53 [dns_server_inbound_5301 -> dns_server_outbound]
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Info] [1285586463] proxy/dns: handling DNS traffic to udp:1.1.1.1:53
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 127.0.0.1:39285 accepted udp:1.1.1.1:53 [dns_server_inbound_5300 -> dns_server_outbound]
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Debug] app/dns: domain google.com matches following rules: [geosite:geolocation-!cn(DNS idx:2)]
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Debug] app/dns: domain google.com will use DNS in order: [UDP:8.8.8.8:53 UDP:1.1.1.1:53 UDP:223.5.5.5:53]
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Debug] app/dns: UDP:8.8.8.8:53 querying DNS for: google.com.
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Debug] transport/internet/udp: dispatch request to: udp:8.8.8.8:53
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Debug] [1580324605] proxy/dokodemo: processing connection from: 127.0.0.1:39285
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Info] [1580324605] proxy/dokodemo: received request for 127.0.0.1:39285
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Info] [1580324605] app/dispatcher: taking detour [dns_server_outbound] for [udp:1.1.1.1:53]
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Info] [1580324605] proxy/dns: handling DNS traffic to udp:1.1.1.1:53
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 127.0.0.1:39285 accepted udp:1.1.1.1:53 [dns_server_inbound_5301 -> dns_server_outbound]
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Info] app/dns: UDP:8.8.8.8:53 got answer: google.com. TypeA -> [142.251.42.238] 44.609479ms
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Debug] app/dns: UDP:8.8.8.8:53 updating IP records for domain:google.com.
Wed Jul 12 08:53:35 2023 daemon.info xray[47717]: 2023/07/12 00:53:35 [Info] app/dns: UDP:8.8.8.8:53 got answer: google.com. TypeA -> [142.251.42.238] 40.574242ms
Wed Jul 12 08:53:37 2023 daemon.info xray[47717]: 2023/07/12 00:53:37 [Debug] [4203233403] proxy/dokodemo: processing connection from: 127.0.0.1:49342
Wed Jul 12 08:53:37 2023 daemon.info xray[47717]: 2023/07/12 00:53:37 [Info] [4203233403] proxy/dokodemo: received request for 127.0.0.1:49342
Wed Jul 12 08:53:37 2023 daemon.info xray[47717]: 2023/07/12 00:53:37 [Info] [4203233403] app/dispatcher: taking detour [dns_server_outbound] for [udp:1.1.1.1:53]

奇怪的是运行/etc/init.d/xray_fw4后继续xray -confdir /root/ ，我能得到两个同端口的监听，而且后者能正常获取tproxy输入的数据。 (但是会得到all retry attempts failed)

2023/07/12 02:07:35 [Warning] [2069067923] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [REALITY: processed invalid connection] > common/retry: all retry attempts failed
2023/07/12 02:07:35 [Info] [2069067923] app/proxyman/inbound: connection ends > proxy/socks: connection ends > proxy/socks: failed to transport all TCP response > io: read/write on closed pipe

多个监听

[yichya]

检查一下 1080 端口上是不是有什么别的东西在 listen

[Torinomii]

检查一下 1080 端口上是不是有什么别的东西在 listen

1080 端口上没有其他东西在 listen ，/etc/init.d/xray_fw4 stop 后 1080, 1081 等端口停止 listen

尝试使用其他端口例如 7080, 7081 端口也和 1080 一样的状态收不到数据。

/etc/init.d/xray_fw4 stop 后的所有 listen

[yichya]

其他的工具比如 passwall 之类试过嘛，没有用过 lxc 容器这种方式，不确定可能会有什么问题

[Torinomii]

好的，谢谢回复。 我再试试，不行就换回vm方式吧。