I tried a long time, a lot of ways. after I set the rule such as iptables -t nat -D OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 1080. the dns is crashed and no log from trojan.

but if I use a normal dns and forward the tcp to 1080 . I can visit the website and can see a lot of logs from trojan. but you know it is not safe. I want to forward the tcp and I need also forward the und for dns. because it may be polluted.

what can I do for it, thanks

iptables -t nat -I PREROUTING 3 -i eth0 -p tcp -j REDIRECT --to-ports 1081

"run_type": "forward",
"local_addr": "0.0.0.0",
"local_port": 5353,
"remote_addr": "YOUR SERVER IP",
"remote_port": YOUR SERVER PORT,
"target_addr": "8.8.8.8",
"target_port": 53,

LINUX client need both "forward" and "nat"