V2Ray: Forward all traffic to v2ray dokodemo-door

Hi everyone. I have successfully installed and configured v2ray on openWRT 22 on my Raspberry pi. Firefox can connect to v2ray using socks5 and http proxy. I want that all traffic goes through v2ray without configuring socks5. this is my iptables script. dokodemo-door port is 12347

iptables -t nat -N V2RAY
iptables -t nat -A V2RAY -d "server ip" -j RETURN
iptables -t nat -A V2RAY -d "local networks" -j RETURN
iptables -t nat -p tcp -A V2RAY -j REDIRECT --to-ports 12347
iptables -t nat -p udp -A V2RAY -j REDIRECT --to-ports 12347
iptables -t nat -I OUTPUT -j V2RAY
iptables -t nat -I PREROUTING -j V2RAY

but after running. no pages can be loaded.
I used this Tutorial

Edit: I also tried this iptables script. it works but after a minute raspberry pi gets slow and devices cant access internet at all.

iptables -t nat -N V2RAY
iptables -t mangle -N V2RAY
iptables -t mangle -N V2RAY_MARK

iptables -t nat -A V2RAY -d "server ip" -j RETURN
iptables -t nat -A V2RAY -d "local networks" -j RETURN
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports 12345

ip route add local default dev lo table 100
ip rule add fwmark 1 lookup 100
iptables -t mangle -A V2RAY -p udp --dport 53 -j TPROXY --on-port 12347 --tproxy-mark 0x01/0x01
iptables -t mangle -A V2RAY_MARK -p udp --dport 53 -j MARK --set-mark 1

iptables -t nat -A OUTPUT -p tcp -j V2RAY
iptables -t mangle -A PREROUTING -j V2RAY
iptables -t mangle -A OUTPUT -j V2RAY_MARK

I'm assuming you installed iptables? If I remember correctly, with OpenWrt 22.03, nftables is used instead of iptables.

Sorry that I reposed with delay.
I didn't. I wanted to install iptables-mod-tproxy but it was pre-installed so I assume that iptables is installed. This is suspicious because I'm told I can't install and run 2 different firewall programs in regular Desktop Linux.

iptables-mod-tproxy was pre-installed on the official OpenWrt image?

Yes, it was. should I remove it? is it possible that iptables has a conflict with nftables? I'm sure that there is no rule in iptables before I enter those commands.
I do appreciate that you answer me in a short time.

That's very odd. It shouldn't be there by default or at all on 22.03 and above since kmod-nft-tproxy would be used for nftables. iptables would have a conflict with nftables but it was completely removed and replaced with iptables-nft which just translates iptables commands to nftables. You shouldn't even have the iptables binary.

Where exactly do you download the image? I want to read the image manifest.

I downloaded it from here a couple of months ago.
https://openwrt.org/toh/raspberry_pi_foundation/raspberry_pi
For some reason, I do not have access to this Raspberry pi Today so I can't confirm the existence of iptables-nft. Tomorrow I would give you whatever information you need.
I do not know the exact release date of OpenWrt 22.03, it is possible that at that time OpenWrt 22.02 was the most recent one.

Try again on latest stable release. Which Raspberry Pi is it?

Raspberry pi 3 B1.2

# cat /etc/openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='22.03.2'
DISTRIB_REVISION='r19803-9a599fee93'
DISTRIB_TARGET='bcm27xx/bcm2710'
DISTRIB_ARCH='aarch64_cortex-a53'
DISTRIB_DESCRIPTION='OpenWrt 22.03.2 r19803-9a599fee93'
DISTRIB_TAINTS=''
# cat /etc/openwrt_version 
r19803-9a599fee93
# opkg list-installed | grep iptables
iptables-mod-conntrack-extra - 1.8.7-7
iptables-mod-extra - 1.8.7-7
iptables-mod-filter - 1.8.7-7
iptables-mod-ipopt - 1.8.7-7
iptables-mod-tproxy - 1.8.7-7
# opkg list-installed | grep nft
kmod-nft-core - 5.10.146-1
kmod-nft-fib - 5.10.146-1
kmod-nft-nat - 5.10.146-1
kmod-nft-offload - 5.10.146-1
libnftnl11 - 1.2.1-2
nftables-json - 1.0.2-2.1

if you advise I will remove iptables.

There's no RPi 3 B 1.2 unless you mean RPi 2 B 1.2 (according to OpenWrt wiki page), and that's not the latest release. Please download from https://firmware-selector.openwrt.org/ and print this again. Do you download the 32-bit or 64-bit version?

On the board is Raspberry pi 3 Model B v 1.2 written.
I will reinstall and try again, but do you recommend 32 bit or 64 bit?

I've got no idea. Did you download the image for Raspberry Pi 3 B on the wiki page?

Edit: Looking at the firmware selector, all 32 bit versions actually serve the RPi 2 32-bit image. You should download the 64-bit image for RPi 3.

OK thanks. I will reply after installation

still the same. if its not listed in image manifest, the reason could be v2ray and/or v2raya dependency

# opkg list-installed | grep iptables
iptables-mod-conntrack-extra - 1.8.7-7
iptables-mod-extra - 1.8.7-7
iptables-mod-filter - 1.8.7-7
iptables-mod-ipopt - 1.8.7-7
iptables-mod-tproxy - 1.8.7-7
iptables-zz-legacy - 1.8.7-7
# opkg list-installed | grep nft
kmod-nft-core - 5.10.161-1
kmod-nft-fib - 5.10.161-1
kmod-nft-nat - 5.10.161-1
kmod-nft-offload - 5.10.161-1
libnftnl11 - 1.2.1-2
nftables-json - 1.0.2-2.1

It wouldn't be a v2ray dependency as we're trying to find out why the default image comes with these packages. You wouldn't show me the list of installed packages without even letting me know you've installed packages on top of what comes with the default image now, would you? Because that would be directly against what I've been telling you and would be a great waste of time.

Since you finally mentioned v2rayA, I took a look on its makefile and realised that all the iptables extensions come from this package.

Why don't you just install v2ray-core, kmod-nft-tproxy and iptables-nft, and see if my iptables commands work?

That explain everything.

Edit: could you please tell me how can I redirect or reroute all traffic to that port? I will remove V2rayA but how can I redirect or reroute all traffic without installing iptables.

Either figure it out yourself with nftables or just use iptables-nft.