Nostr Web Client

I have been wanting to put my whole network - no matter if windows, playstation, or synology nas - under the umbrella of a policy routing solution. So, I found Clash. Written in go and quite amazing! However, I never knew how to do transparent proxying...

After working with Gluetun for a little while for some services I run at home, I realized that Gluetun directly modifys it's networking stack and this then gets shared with other containers. Soooo... Clash would need to do the exact same to achieve this. Well, guess what; there is a Docker container that HAS the commands for a transparent proxy in it!

https://github.com/rinex20/clash-transparent-proxy-docker/blob/master/entrypoint.sh

Only thing is: I suck at iptables. xD Can someone explain th is one to me perhaps?

#devstr #asknostr #techstr

Reply to this note

Please Login to reply.

Discussion

Ingwie Phoenix (aka. birb) 2y ago

Ultimatively, I would love to:

- Route everything through protonVPN (I can have up to 10 connections, since I pay a sub)

- Route .i2p and .tor through their respective parts.

- Make tor upstream into protonVPN if it receives a clearnet URL - otherwise, it's fine to use my normal pppoe-assigned IP

- Same for i2p, basically

- Exclude a few domains, IPs and hosts to make sure games don't break

- use i2p as a makeshift VPN to bootstrap my actual VPN between my NAS, home server, VPS, and other devices. The VPN is available from outside through a clearnet IP; running i2pd on my phone has been... not very functional - and I can't really take a good amount of network control on Android so, I am kinda stuck there.

What I do have working is that *.birb.it resolves to my home server directly while I am at home; whilst anywhere else, it resolves to my server. Within the VPN, I would love for it to resolve to the i2p address instead, probably an easy fix with CNAME, I think.

Maybe I can squeeze AdGuard or something inbetween there to get rid of ads and stuff while I am at it. :) I should even have a mostly-done Clash config file somewhere. But I struggled, and then failed, to make the transparent proxy work... drove me nuts lol

Rif'at Ahdi R 2y ago

Hopefully you will got some answers soon from any #devops or #sysadmin user here 😅

Toof 2y ago

That script is adding a rule to route all packets marked with 0x1, and then the iptables rules are skipping all local traffic, and only tagging external traffic with 0x1 so that the ip rule will handle the routing.

Ingwie Phoenix (aka. birb) 2y ago

So if I were to use this, at verbatim, I could still access my local network resources just fine - but would have no unternet, unless I started clash with that tproxy configuration?

And, since my router has three ports (wan, lan1, lan2), how can I make this work network-wide? lan1 and lan2 is where my pc and wifi AP is connected to, whilst wan goes into the modem for PPPoE.