shadowsocks-rust
shadowsocks-rust copied to clipboard
shadowsocks-rust on openwrt never transfer ipv6 trafic
as title, I think there is something wrong, shadowsocks-rust compatible with openwrt's ipv6 iptable rule? need add iptable6 rule's manully?
btw, my network support ipv6 well
after add iptable6 rule's, ipv5 trafic transferred, but ipv4 cannot, how can tell me how to setup iptable right both for ipv4 and ipv6, thanks very much
sslocal
must be started with protocol: redir
and listens to different addresses for IPv4 and IPv6. You cannot use one local instance to handle both IPv4 and IPv6 traffic.
How was your iptables
configuration? You should provide more useful detail instead of just describing what you just saw.
sslocal
must be started withprotocol: redir
and listens to different addresses for IPv4 and IPv6. You cannot use one local instance to handle both IPv4 and IPv6 traffic.How was your
iptables
configuration? You should provide more useful detail instead of just describing what you just saw. sorry for lack of detail vi /etc/dnsmasq.d/gfwlist6.conf server=/ipv6.google.com/127.0.0.1#5300 ipset=/ipv6.google.com/gfwlist6
ipset create gfwlist6 hash:ip family inet6 ip6tables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist6 dst -j REDIRECT --to-port 1234 ip6tables -t nat -A OUTPUT -p tcp -m set --match-set gfwlist6 dst -j REDIRECT --to-port 1234
my iptables rule followed another issue under shadowsocks-libev, sorry forget exact url. this instructions means, when request ipv6.google.com, dnsmasq will use dns-forwarder use tcp connection sent to shadowsocks server, then add dns result to ipset list. so iptables rule will transfer ipv6 address in gfwlist6 to shadowsocks.
does those ip6table rule have any problem?
I tried only use one instance, tomorrow I will try use two instance
can make shadowsocks-rust listen to ipv6 and ipv4 same time?
can make shadowsocks-rust listen to ipv6 and ipv4 same time?
If you mean dual-stack, of course, because it is a system provided feature, just set local_address
to ::
will make it listens to both IPv4 and IPv6.
But the key point is dual-stack is not working for redir
, because system's API won't be able to get the destination address properly. So sslocal
must run redir
with 2 different instances that listening to 2 different ports, for example:
{
"locals": [
{
"local_address": "0.0.0.0",
"local_port": 1234,
"protocol": "redir"
},
{
"local_address": "::",
"local_port": 1235,
"protocol": "redir"
}
]
}
Set IPv4 redirect rules with iptables
to 1234
, and IPv6 rules set to 1235
.
BTW, since I have already set IPV4_V6ONLY
on the IPv6 listener, actually you can use the same port for both instances:
{
"locals": [
{
"local_address": "0.0.0.0",
"local_port": 1234,
"protocol": "redir"
},
{
"local_address": "::",
"local_port": 1234,
"protocol": "redir"
}
]
}