Pleez help me with containers and routing traffic on the router.
Have Mikrotik hAP ax3 with a USB flash drive for storage, AdguardHome, Xray-core and Tun2Socks containers are installed on the router.
Configuration:
Code: Select all
/interface bridge
add name=Dockers port-cost-mode=short
/interface veth
add address=10.6.0.2/24 gateway=10.6.0.1 gateway6="" name=VETH1-adguard
add address=10.6.0.3/24 gateway=10.6.0.1 gateway6="" name=VETH2-xray
add address=10.6.0.4/24 gateway=10.6.0.1 gateway6="" name=VETH3-tun
/interface list
add name=LANs
add name=WANs
/container
add interface=VETH1-adguard root-dir=usb1-part1/Containers/adguard start-on-boot=yes workdir=/opt/adguardhome/work
add dns=10.6.0.2 interface=VETH2-xray root-dir=usb1-part1/Containers/xray-core start-on-boot=yes workdir=/root
add dns=10.6.0.2 interface=VETH3-tun root-dir=usb1-part1/Containers/tun2socks start-on-boot=yes
/container config
set ram-high=250.0MiB registry-url=https://ghcr.io tmpdir=usb1-part1/TMP
/interface bridge port
add bridge=Dockers interface=VETH1-adguard
add bridge=Dockers interface=VETH2-xray
add bridge=Dockers interface=VETH3-tun
/interface list member
add interface=Bridge list=LANs
add interface=WAN list=WANs
/ip address
add address=10.10.12.1/24 interface=Bridge network=10.10.12.0
add address=10.6.0.1/24 interface=Dockers network=10.6.0.0
/ip dhcp-server network
add address=10.10.12.0/24 dns-server=10.6.0.2 gateway=10.10.12.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w3d doh-timeout=6s query-server-timeout=2s500ms query-total-timeout=12s servers=1.1.1.1 use-doh-server=https://cloudflare-dns.com/dns-query verify-doh-cert=yes
/ip firewall filter
add action=fasttrack-connection chain=forward comment="Rule 1.0 Fasttrack" connection-state=established,related hw-offload=yes in-interface=Bridge out-interface=WAN
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes in-interface=WAN out-interface=Bridge
add action=accept chain=forward comment="Rule 1.0.1 Forward input established/related acept" connection-state=established,related,untracked log-prefix="Forward accept"
add action=accept chain=input connection-state=established,related,untracked log-prefix="Input accept"
add action=drop chain=forward comment="Rule 1.0.2 Forward input invalid drop" connection-state=invalid in-interface=WAN log-prefix="Forward drop invalid"
add action=drop chain=input connection-state=invalid in-interface=WAN log-prefix="Input drop invalid"
add action=drop chain=input comment="Rule 1.2.1 Input drop from WAN" in-interface-list=WANs log-prefix="Input all drop from WAN"
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=10.6.0.2 new-routing-mark=proxy_mark passthrough=yes src-address=10.10.12.52
/ip firewall nat
add action=dst-nat chain=dstnat comment="NAT 1.01 - TCP 53 Redirect DNS requests to AdguardHome" dst-port=53 in-interface=Bridge protocol=tcp to-addresses=10.6.0.2
add action=dst-nat chain=dstnat comment="NAT 1.02 - UDP 53 Redirect DNS requests to AdguardHome" dst-port=53 in-interface=Bridge protocol=udp to-addresses=10.6.0.2
add action=masquerade chain=srcnat comment="Containers through NAT" out-interface=WAN src-address=10.6.0.0/24
add action=masquerade chain=srcnat comment="WWW through VPN" dst-address-list=rkn_wg out-interface=WG1-VPS
add action=masquerade chain=srcnat comment="LAN through NAT" out-interface=WAN src-address=10.10.12.2-10.10.12.254
/routing table
add disabled=no fib name=wg_mark
add disabled=no fib name=proxy_mark
/ip route
add comment="Acceess to WWW through Proxy" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.6.0.4 pref-src="" routing-table=proxy_mark scope=30 suppress-hw-offload=yes target-scope=10
add comment="Acceess to WWW through WG1-VPS" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=WG1-VPS pref-src="" routing-table=wg_mark scope=30 suppress-hw-offload=yes target-scope=10The Xray-core container (acts as a client to the VPS server with 3X-UI is installed) - after launching the container is stopped and the file edited config.json (connection settings are specified). It also works without questions, it connects to the VPS server via XLTS+Reality, from a local computer (Windows) and virtual (Ubunta) when specifying http://socks=IP:port I can easily access the Internet through Socks.
The whole question is about the following Tun2Socks container.
To launch the container, an image was mounted from the github, then the container was started, i'm stopped it. And edited entrypoint.sh.
Code: Select all
#!/bin/sh
ip tuntap add mode tun dev tun0
ip addr add 198.18.0.1/15 dev tun0
ip link set dev tun0 up
ip route del default
ip route add default via 198.18.0.1 dev tun0 metric 1
ip route add default via 10.6.0.1 dev eth0 metric 10
tun2socks -device tun0 -proxy socks5://10.6.0.3:30804 -interface eth0
run || exit 1I myself am not an expert in Unix systems at all, it was difficult to figure out the microtics.
So I can't understand the problem in the tunnel, or is it in the routing settings on the router?
Or maybe someone knows an easier way?
