Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QUESTION] Selected apps TProxy-fication #102

Open
Anderhar opened this issue Mar 22, 2024 · 1 comment
Open

[QUESTION] Selected apps TProxy-fication #102

Anderhar opened this issue Mar 22, 2024 · 1 comment

Comments

@Anderhar
Copy link

I dipped into your box.iptables config and, well... it's quite something. But unfortunately, like all other TProxy via IPTales examples, your config assumes redirecting all system traffic and is redundant for cases where only one application needs to be proxied, especially some blocked VPN client. The latter is a fairly popular request on the users side, but not on the developers side.
Can I ask you to write an additional config or some tutorial on how to use IPTables to redirect only selected apps to TProxy?

(Actually, I've been struggling to achieve this for a week now, but without proper tutorial from a IPTables expert, all I can do is mess up hardly, only knowing that it's possible.)
@Anderhar
Copy link
Author

Anderhar commented Mar 23, 2024
edited
Loading

Well, I was wrong: box.iptables contains section 'whitelist', which corresponds to my request. But I still can't adapt it to my minimalistic needs to tunnel only one application. My useless script now looks like this with TProxy running on 127.0.0.1:8200:

#!/system/bin/sh  
UID='dumpsys package ch.protonvpn.android | grep userId | cut -d= -f2'  
PORT=8200  
ip rule add fwmark 1 table 100  
ip route add local default dev lo table 100  
ip -6 rule add fwmark 1 table 100  
ip -6 route add local default dev lo table 100  
iptables -t mangle -A PREROUTING -p tcp -i lo -j TPROXY --on-port $PORT --tproxy-mark 1  
iptables -t mangle -A PREROUTING -p udp -i lo -j TPROXY --on-port $PORT --tproxy-mark 1  
iptables -t mangle -A PREROUTING -p tcp -m owner --uid-owner $UID -j MARK --set-mark 1  
iptables -t mangle -A PREROUTING -p udp -m owner --uid-owner $UID -j MARK --set-mark 1

I can see a lot of potentially doubtful points here, particularly the lack of -N NEW_CHAIN and -I PREROUTING -j NEW_CHAIN (it just blocked my network completely), but I don't know how to bring it all to the robust working minimum.

If anyone can help with correcting this mess, that would be great.
(Eventually I wish to write a tutorial on how to use blocked VPN clients through sing-box/v2ray, because I couldn't find any.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Anderhar