8000 关于macos上的pf redir · Issue #4838 · XTLS/Xray-core · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
关于macos上的pf redir #4838
New issue
New issue
Closed as not planned
Closed as not planned
关于macos上的pf redir#4838
@fbion

Description

@fbion
fbion
opened on Jun 24, 2025

完整性要求

  • 我保证阅读了文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。
  • 我提供了完整的配置文件和日志,而不是出于自己的判断只给出截取的部分。
  • 我搜索了 issues, 没有发现已提出的类似问题。
  • 问题在 Release 最新的版本上可以成功复现

描述

arm macos15
sudo ./xray run -c rdr.json

pf.conf
rdr pass log on lo0 proto tcp from any to any port {80,443} -> 127.0.0.1 port 12345
pass out log route-to (lo0 127.0.0.1) proto tcp from any to 1.1.1.1 port {80,443}

sudo pfctl -e -f pf.conf

这两条规则在本机执行
curl https://1.1.1.1/
是正常的 能转给xray
2025/06/24 12:56:18.914643 from 192.168.5.207:52347 accepted tcp:1.1.1.1:443 [dokodemo -> proxy]

但是用macos做网关时
sudo sysctl -w net.inet.ip.forwarding=1

sudo tcpdump -n -e -ttt -i pflog0
00:00:33.477986 rule 1/0(match): pass out on en0: 192.168.5.98.49350 > 1.1.1.1.443: Flags [SEW], seq 122906386, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 217696427 ecr 0,sackOK,eol], length 0
00:00:00.000094 rule 1/0(match): rdr in on lo0: 192.168.5.98.49350 > 127.0.0.1.12345: Flags [SEW], seq 122906386, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 217696427 ecr 0,sackOK,eol], length 0

是有日志的
5.98那边curl -v https://1.1.1.1/
卡在Client hello在等待回应

xray这边一点反应也没有 没有日志

sudo pfctl -ss
ALL tcp 192.168.5.98:49352 -> 1.1.1.1:443 SYN_SENT:CLOSED
ALL tcp 127.0.0.1:12345 <- 1.1.1.1:443 <- 192.168.5.98:49352 ESTABLISHED:ESTABLISHED

重现方式

如上

客户端配置


{

"listen": "127.0.0.1",

"port": 12345,

"protocol": "dokodemo-door",

"tag": "dokodemo",

"settings": {

"network": "tcp",

"followRedirect": true

},

"sniffing": {

"enabled": true,

"destOverride": ["http", "tls"]

},

"streamSettings": {

"sockopt": {

"tproxy": "Redirect"

}

}

}

服务端配置

客户端日志


2025/06/24 01:37:23.631042 [Debug] app/log: Logger closing
2025/06/24 12:45:26.674245 [Debug] app/log: Logger started
2025/06/24 12:45:26.686862 [Debug] app/router: MphDomainMatcher is enabled for 3 domain rule(s)
2025/06/24 12:45:26.686955 [Debug] app/router: MphDomainMatcher is enabled for 9 domain rule(s)
2025/06/24 12:45:26.772181 [Debug] app/router: MphDomainMatcher is enabled for 118377 domain rule(s)
2025/06/24 12:45:26.775375 [Debug] app/router: MphDomainMatcher is enabled for 6440 domain rule(s)
2025/06/24 12:45:26.775472 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:10808
2025/06/24 12:45:26.775487 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:12345
2025/06/24 12:45:26.775913 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:12345
2025/06/24 12:45:26.775942 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:10808
2025/06/24 12:45:26.775951 [Info] transport/internet/udp: listening UDP on 127.0.0.1:10808
2025/06/24 12:45:26.775956 [Warning] core: Xray 25.6.8 started

服务端日志

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0