NEW - Black Lotus - $50 off
Black Friday - up to 33% off
Enable forwarding:
sysctl -w net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -i eth0 -p tcp -j REDIRECT --to-port 12345 Send specific traffic (or all) to the Linux box. Route all internet traffic via Linux box (policy routing): /ip route add dst-address=0.0.0.0/0 gateway=192.168.88.2 (Only if Linux box has its own default route to the real internet) Or use firewall marking (e.g., only for certain src/dst): /ip firewall mangle add chain=prerouting src-address=192.168.88.100/32 action=mark-routing new-routing-mark=via-v2ray /ip route add dst-address=0.0.0.0/0 gateway=192.168.88.2 routing-mark=via-v2ray Step 4 – NAT Consideration If the Linux box is on the same LAN, ensure MikroTik does not NAT traffic to it. Add a bypass rule:
Example with redsocks (simpler):
base { log_debug = off; log_info = on; daemon = on; redirector = iptables; } redsocks { local_ip = 192.168.88.2; local_port = 12345; ip = 192.168.88.2; port = 1080; type = socks5; }
/ip firewall nat add chain=srcnat src-address=192.168.88.0/24 dst-address=192.168.88.2 action=accept Some RouterOS versions (7.x) support containers. You can run a lightweight Linux with V2Ray. Step 1 – Enable containers /container config set registry-url=https://registry-1.docker.io tmpdir=containers Step 2 – Pull and run a V2Ray container /container add remote-image=v2ray/official:latest interface=veth1 root-dir=containers/v2ray /container start 0 Step 3 – Expose SOCKS5 port Bind container port 1080 to router’s IP. Step 4 – Transparent proxy inside container? This is complex because the container lacks full network control. Easier: Use SOCKS5 proxy on client devices manually, or run redsocks inside the container with TPROXY (requires advanced network namespaces – often unstable on RouterOS).
Here’s a technical write-up on integrating with MikroTik (RouterOS). This setup is commonly used to route traffic through a V2Ray proxy (e.g., VMess, VLESS, or Shadowsocks) from a MikroTik router, allowing entire networks to bypass restrictions or use encrypted tunnels. Write-Up: V2Ray + MikroTik Integration Objective Route LAN clients through a V2Ray proxy server using a MikroTik router as the gateway, without needing proxy software on each client. Limitations (Important) MikroTik RouterOS does not support V2Ray protocols natively (no VMess, VLESS, Trojan, etc.). Solution: Use an external device (Raspberry Pi, Linux VM, or container) as a transparent proxy bridge, or run V2Ray on a separate device and route traffic through it.
Avoid containers for transparent proxying. Use an external Linux box. Testing & Verification On MikroTik:
