Closed phantomcraft closed 2 years ago
Just complementing, the connections come from 10.0.0.2 address, perhaps is this what causes this error, maybe ipt2socks only works with 127.0.0.1 address?
也许吧,我没有以此种方式使用过ipt2socks。我都是监听127.0.0.1地址的。
The tproxy server and socks5 server are working:
I think it's my iptables rules that are missing something that prevents the UDP packet for going through sub-net (eth2).
Can someone help me?
I removed the rule in OUTPUT chain and now it works fine:
ip netns add nsx
ip li add vethx type veth peer name peerx netns nsx
ip li set vethx up
ip addr add 10.0.0.1/24 dev vethx
ip netns exec nsx ip li set lo up
ip netns exec nsx ip li set peerx up
ip netns exec nsx ip addr add 10.0.0.2/24 dev peerx
ip netns exec nsx ip route add default via 10.0.0.1 dev peerx
ip rule add fwmark 1088 table 100
ip route add local default dev vethx table 100
iptables -t mangle -A PREROUTING -i vethx -p udp -j TPROXY --on-ip 10.0.0.1 --on-port 10000 --tproxy-mark 1088
sysctl -w net.ipv4.conf.vethx.forwarding=1
root@localhost:/home/user# ip netns exec nsx dig @1.1.1.1 g.co
; <<>> DiG 9.16.15-Debian <<>> @1.1.1.1 g.co
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1000
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;g.co. IN A
;; ANSWER SECTION:
g.co. 254 IN A 142.250.219.238
;; Query time: 24 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Oct 11 00:58:48 EDT 2021
;; MSG SIZE rcvd: 49
I want to forward UDP from a sub-net to ipt2socks via its trproxy port.
I added this rules:
/\ "eth2" has 10.0.0.1/24 as IP and the peer has 10.0.0.2/24
This is the ipt2socks log:
This is the socks5 server log: