v2ray-core to redirect traffic to proxy.
ip rule and route to route traffic marked as 1 to the system.
ip rule add fwmark 1 table 100 pref 0
ip route add local default dev lo table 100
OpenWrt network configuration to route traffic marked as 1 to the system.
config rule
option priority '0'
option lookup '100'
option mark '1'
config route
option interface 'loopback'
option type 'local'
option target '0.0.0.0/0'
option table '100'
/etc/nftables.d/proxy.nft
for OpenWrt's firewall4.
set proxy_byp4 {
typeof ip daddr
flags interval
elements = { 0.0.0.0/8, 10.0.0.0/8,
100.64.0.0/10, 127.0.0.0/8,
169.254.0.0/16, 172.16.0.0/12,
192.0.0.0/24, 192.0.2.0/24,
192.88.99.0/24, 192.168.0.0/16,
198.18.0.0/15, 198.51.100.0/24,
203.0.113.0/24, 224.0.0.0/4,
240.0.0.0/4 }
}
set proxy_byp6 {
typeof ip6 daddr
flags interval
elements = { ::,
::1,
::ffff:0:0:0/96,
64:ff9b::/96,
100::/64,
2001::/32,
2001:20::/28,
2001:db8::/32,
2002::/16,
fc00::/7,
fe80::/10,
ff00::/8 }
}
chain proxy_prerouting {
type filter hook prerouting priority mangle + 1; policy accept;
ip daddr @proxy_byp4 return
ip6 daddr @proxy_byp6 return
meta l4proto { tcp, udp } tproxy ip to 127.0.0.1:12345 meta mark set 0x00000001 accept
}
chain proxy_output {
type route hook output priority mangle + 1; policy accept;
meta mark 0x00000002 return
ip daddr @proxy_byp4 return
ip6 daddr @proxy_byp6 return
meta l4proto { tcp, udp } meta mark set 0x00000001
}