That script is adding a rule to route all packets marked with 0x1, and then the iptables rules are skipping all local traffic, and only tagging external traffic with 0x1 so that the ip rule will handle the routing.
I have been wanting to put my whole network - no matter if windows, playstation, or synology nas - under the umbrella of a policy routing solution. So, I found Clash. Written in go and quite amazing! However, I never knew how to do transparent proxying...
After working with Gluetun for a little while for some services I run at home, I realized that Gluetun directly modifys it's networking stack and this then gets shared with other containers. Soooo... Clash would need to do the exact same to achieve this. Well, guess what; there is a Docker container that HAS the commands for a transparent proxy in it!
https://github.com/rinex20/clash-transparent-proxy-docker/blob/master/entrypoint.sh
Only thing is: I suck at iptables. xD Can someone explain th is one to me perhaps?
#devstr #asknostr #techstr
Discussion
So if I were to use this, at verbatim, I could still access my local network resources just fine - but would have no unternet, unless I started clash with that tproxy configuration?
And, since my router has three ports (wan, lan1, lan2), how can I make this work network-wide? lan1 and lan2 is where my pc and wifi AP is connected to, whilst wan goes into the modem for PPPoE.