{ "inbounds": [ { "port": 1080, "protocol": "socks", "settings": { "auth": "no", "udp": true } } ], "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "your-v2ray-server.com", "port": 443, "users": [{ "id": "uuid", "alterId": 0, "security": "auto" }] } ] } } ] } Run V2Ray: v2ray run -c config.json Install redsocks or iptables TPROXY to redirect traffic to V2Ray’s SOCKS5.
Example with redsocks (simpler):
apt install redsocks /etc/redsocks.conf : v2ray mikrotik
On a LAN client, check public IP:
Avoid containers for transparent proxying. Use an external Linux box. Testing & Verification On MikroTik: { "inbounds": [ { "port": 1080, "protocol": "socks",
Enable forwarding:
/tool sniffer quick ip-protocol=tcp port=1080 Check that packets reach the V2Ray proxy. Testing & Verification On MikroTik: Enable forwarding: /tool
sysctl -w net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -i eth0 -p tcp -j REDIRECT --to-port 12345 Send specific traffic (or all) to the Linux box. Route all internet traffic via Linux box (policy routing): /ip route add dst-address=0.0.0.0/0 gateway=192.168.88.2 (Only if Linux box has its own default route to the real internet) Or use firewall marking (e.g., only for certain src/dst): /ip firewall mangle add chain=prerouting src-address=192.168.88.100/32 action=mark-routing new-routing-mark=via-v2ray /ip route add dst-address=0.0.0.0/0 gateway=192.168.88.2 routing-mark=via-v2ray Step 4 – NAT Consideration If the Linux box is on the same LAN, ensure MikroTik does not NAT traffic to it. Add a bypass rule: