v2fly · xzxiaoshan · Dec 22, 2022 · Dec 22, 2022 · Dec 22, 2022 · Dec 22, 2022
diff --git a/Dockerfile b/Dockerfile
@@ -5,14 +5,18 @@ WORKDIR /tmp
 ARG TARGETPLATFORM
 ARG TAG
 COPY v2ray.sh "${WORKDIR}"/v2ray.sh
+COPY v4-forward.conf /etc/sysctl.d/v4-forward.conf
+COPY rules.v4 /etc/iptables/rules.v4
+COPY tproxy.sh /usr/bin/v2ray-tproxy
 
 RUN set -ex \
- && apk add --no-cache ca-certificates \
+ && apk add --no-cache ca-certificates curl iptables \
  && mkdir -p /etc/v2ray /usr/local/share/v2ray /var/log/v2ray \
  # forward request and error logs to docker log collector
  && ln -sf /dev/stdout /var/log/v2ray/access.log \
  && ln -sf /dev/stderr /var/log/v2ray/error.log \
  && chmod +x "${WORKDIR}"/v2ray.sh \
+ && chmod +x /usr/bin/v2ray-tproxy \
  && "${WORKDIR}"/v2ray.sh "${TARGETPLATFORM}" "${TAG}"
 
 ENTRYPOINT ["/usr/bin/v2ray"]
diff --git a/README.md b/README.md
@@ -16,3 +16,12 @@ docker run -d --name v2ray -v /path/to/config.json:/etc/v2ray/config.json -p 100
 # If you want to use v5 format config
 docker run -d --name v2ray -v /path/to/config.json:/etc/v2ray/config.json -p 10086:10086 v2fly/v2fly-core run -c /etc/v2ray/config.json -format jsonv5
 ```
+
+## 使用TPROXY透明代理的额外说明
+
+- 需要添加容器启动参数 `--privileged` 使用特权模式启动 
+- 使用容器macvlan功能，为容器分配一个独占的主网络IP地址
+- macvlan默认不支持dns，启动容器时挂载宿主机 `-v /etc/resolv.conf:/etc/resolv.conf` 文件保证容器内域名可以正常解析
+- 为宿主机的主网卡开启混杂模式
+- 如果容器以host网络方式启动，则不需要以上几步操作，直接就可以用（不推荐host方式，还是推荐容器完全隔离模式启动） 
+- 启动容器使用 `--entrypoint="/usr/bin/v2ray-tproxy"` 覆盖默认的 entrypoint
diff --git a/rules.v4 b/rules.v4
@@ -0,0 +1,33 @@
+# Generated by iptables-save v1.8.8 on Wed Dec 21 04:30:23 2022
+*mangle
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:DIVERT - [0:0]
+:V2RAY - [0:0]
+:V2RAY_MASK - [0:0]
+-A PREROUTING -p tcp -m socket -j DIVERT
+-A PREROUTING -j V2RAY
+-A OUTPUT -j V2RAY_MASK
+-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
+-A DIVERT -j ACCEPT
+-A V2RAY -d 127.0.0.1/32 -j RETURN
+-A V2RAY -d 224.0.0.0/4 -j RETURN
+-A V2RAY -d 255.255.255.255/32 -j RETURN
+-A V2RAY -d 192.168.0.0/16 -p tcp -j RETURN
+-A V2RAY -d 192.168.0.0/16 -p udp -m udp ! --dport 53 -j RETURN
+-A V2RAY -m mark --mark 0xff -j RETURN
+-A V2RAY -p udp -j TPROXY --on-port 12345 --on-ip 127.0.0.1 --tproxy-mark 0x1/0xffffffff
+-A V2RAY -p tcp -j TPROXY --on-port 12345 --on-ip 127.0.0.1 --tproxy-mark 0x1/0xffffffff
+-A V2RAY_MASK -d 224.0.0.0/4 -j RETURN
+-A V2RAY_MASK -d 255.255.255.255/32 -j RETURN
+-A V2RAY_MASK -d 192.168.0.0/16 -p tcp -j RETURN
+-A V2RAY_MASK -d 192.168.0.0/16 -p udp -m udp ! --dport 53 -j RETURN
+-A V2RAY_MASK -m mark --mark 0xff -j RETURN
+-A V2RAY_MASK -p udp -j MARK --set-xmark 0x1/0xffffffff
+-A V2RAY_MASK -p tcp -j MARK --set-xmark 0x1/0xffffffff
+COMMIT
+# Completed on Wed Dec 21 04:30:23 2022
+
diff --git a/tproxy.sh b/tproxy.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+ip route add local default dev lo table 100
+ip rule add fwmark 1 lookup 100
+/sbin/iptables-restore /etc/iptables/rules.v4
+/usr/bin/v2ray $@
diff --git a/v2ray.sh b/v2ray.sh
@@ -35,8 +35,8 @@ DGST_FILE="v2ray-linux-${ARCH}.zip.dgst"
 echo "Downloading binary file: ${V2RAY_FILE}"
 echo "Downloading binary file: ${DGST_FILE}"
 
-wget -O ${PWD}/v2ray.zip https://github.com/v2fly/v2ray-core/releases/download/${TAG}/${V2RAY_FILE} > /dev/null 2>&1
-wget -O ${PWD}/v2ray.zip.dgst https://github.com/v2fly/v2ray-core/releases/download/${TAG}/${DGST_FILE} > /dev/null 2>&1
+curl -L -o ${PWD}/v2ray.zip https://github.com/v2fly/v2ray-core/releases/download/${TAG}/${V2RAY_FILE} > /dev/null 2>&1
+curl -L -o ${PWD}/v2ray.zip.dgst https://github.com/v2fly/v2ray-core/releases/download/${TAG}/${DGST_FILE} > /dev/null 2>&1
 
 if [ $? -ne 0 ]; then
  echo "Error: Failed to download binary file: ${V2RAY_FILE} ${DGST_FILE}" && exit 1

diff --git a/v4-forward.conf b/v4-forward.conf
@@ -0,0 +1,2 @@
+net.ipv4.ip_forward=1
+