How to set iptables to use dokodemo-door

[Benyjuice]

提交 Issue 之前请先阅读 Issue 指引，然后回答下面的问题，谢谢。
Please answer the following questions before submitting your issue. Thank you.

1. 你正在使用哪个版本的 V2Ray？（如果服务器和客户端使用了不同版本，请注明）

2. What version of V2Ray are you using?
   v2.2.1

3. 你的使用场景是什么？比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。

4. What your scenario of using V2Ray? E.g., Watching YouTube videos in Chrome via Socks/VMess proxy.
   use dokodemo-door

5. 你看到的不正常的现象是什么？

6. What did you see?
   mess warning message

7. 你期待看到的正确表现是怎样的？

8. What do you expected to see instead?

9. 请附上你的配置文件。

10. Please attach your configuration file.
    "inboundDetour": [
    {
    "protocol":"dokodemo-door",
    "port":"1111",
    "settings":{
    "address": "",
    "network": "tcp",
    "timeout": 0,
    "followRedirect": true
    }
    }
    ]

Problems:
I use iptables to redirect all traffics to localhost:1111 port.
iptables -t nat -N v2ray
iptables -t nat -A v2ray -d REMOTEIP -j RETURN
iptables -t nat -A v2ray -p tcp -j REDIRECT --to-ports 1111
iptables -t nat -A OUTPUT -p tcp -j v2ray

when I try to connect to www.google.com via web browser, and I get fellowing warnings too many times:
2016/10/07 19:42:09 [Warning]Internet|Listener: Failed to accept new TCP connection: accept tcp [::]:1111: accept4: too many open files

Anyone can help me? Many thanks.

[v2ray]

You probably need to bypass local connections as well. The following is copied from shadowsocks-libev's document:

# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

[Benyjuice]

Finally, I solved the problem.
I use route rules tag "direct" to ignore CHINAIP in v2ray. So, if I try to link CHINAIP, fellowing cycle will be happend:
CHINAIP --> iptables --> 127.0.0.1:1111 --> v2ray --> fredom --> iptables --> 127.0.0.1:1111 --> v2ray

So, I don't use route rules in v2ray but in iptables,everyting might be OK(I guess).

[v2ray]

Assuming fixed.