在jetson nx上无法实现透明代理

[VCCICCV]

sing-box版本sing-box-1.11.11-linux-arm64.tar.gz
我通过v2ray已经实现了代理，通过curl、wget都可以正常使用，但是像pip、conda等自己下载依赖时不会经过代理，所以安装sing-box实现透明代理，sing-box通过以下配置已经可以正常运行，但是流量并没有经过sing-box,且jetson nx不支持自动路由，以下配置是一个可以正常启动的配置，添加或修改任何其他规则都无法启动
我的配置sudo vim /etc/sing-box/config.json

{
  "log": {
    "level": "info",
    "output": "stderr"
  },
  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "interface_name": "sing0",
      "mtu": 9000,
      "auto_route": false,
      "strict_route": false,
      "address": ["172.19.0.1/30"],
      "stack": "system"
    }
  ],
  "outbounds": [
    {
      "type": "vless",
      "tag": "proxy",
      "server": "xxx.xxx.xxx.xx",
      "server_port": 10086,
      "uuid": "xxxxxxxxxxxxxxx",
      "tls": {
        "enabled": false
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ],
  "route": {
    "auto_detect_interface": true,
    "rules": [
      {
        "ip_is_private": true,
        "outbound": "direct"
      },
      {
        "rule_set": "geoip-cn",
        "outbound": "direct"
      },
      {
        "rule_set": "geosite-cn",
        "outbound": "direct"
      },
      {
        "outbound": "proxy"
      }
    ],
    "rule_set": [
      {
        "tag": "geoip-cn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
        "download_detour": "proxy"
      },
      {
        "tag": "geosite-cn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-cn.srs",
        "download_detour": "proxy"
      }
    ]
  },
  "experimental": {
    "cache_file": {
      "enabled": true
    }
  }
}

设置启动服务sudo vim /etc/systemd/system/sing-box.service

[Unit]
Description=Sing-box Service
After=network.target
[Service]
ExecStart=/usr/local/bin/sing-box run -c /etc/sing-box/config.json
Restart=on-failure
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
DeviceAllow=/dev/net/tun rw
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

重新加载并设置开机启动

sudo systemctl daemon-reexec

sudo systemctl daemon-reload

sudo systemctl enable --now sing-box

设置转发

sudo sysctl -w net.ipv4.ip_forward=1

持久化转发sudo vim /etc/sysctl.conf,添加

net.ipv4.ip_forward = 1

设置iptables规则

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

持久化iptables规则

sudo apt install iptables-persistent -y
sudo netfilter-persistent save
sudo systemctl enable netfilter-persistent

nvidia@nx-108:~/Downloads$ ifconfig

enP8p1s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 48:b0:2d:f9:31:37  txqueuelen 1000  (Ethernet)

l4tbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.55.1  netmask 255.255.255.0  broadcast 192.168.55.255

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
sing0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 9000
        inet 172.19.0.1  netmask 255.255.255.252  destination 172.19.0.1

wlP1p1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.31.179  netmask 255.255.255.0  broadcast 192.168.31.255