search

Kr328 / clash-premium-installer

Simple clash premium core installer for Linux.
319 stars 88 forks source link

Ubuntu的TUN设置问题 #4

Open JingxinLee opened 3 years ago

JingxinLee commented 3 years ago

您好,电脑系统是Ubuntu18.04, 用clash-premium-installer安装的clash。 想用开启clash的电脑做个网关,但是手机经过配置后完全没有网。此时手机的Router改成了电脑的IP, DNS为dns-hijack的8.8.8.8. 请问是哪里出问题导致手机没网呢?

下面是配置文件的头部:

config.yaml 

redir-port: 7892
tproxy-port: 7893
mixed-port: 7890

allow-lan: true
bind-address: '*'
mode: rule
log-level: info
ipv6: false
external-controller: 127.0.0.1:9111

hosts:
  'mtalk.google.com': 108.177.125.188
  't.cn': 203.107.55.116

dns:
  enable: false
  listen: 0.0.0.0:53
  default-nameserver:
    - 114.114.114.114
    - 8.8.8.8
  enhanced-mode: redir-host  # or fake-ip
  fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR

  fake-ip-filter:
    - '*.lan'
    - localhost.ptlogin2.qq.com
    - '+.srv.nintendo.net'
    - '+.stun.playstation.net'
    - '+.msftconnecttest.com'
    - '+.msftncsi.com'
    - '+.xboxlive.com'
    - 'msftconnecttest.com'
    - 'xbox.*.microsoft.com'

  nameserver:
    - 114.114.114.114 # default value
    - 8.8.8.8 # default value
    - tls://dns.rubyfish.cn:853 # DNS over TLS
    - https://1.1.1.1/dns-query # DNS over HTTPS

  fallback-filter:
    geoip: true
    ipcidr:

tun:
  enable: true
  stack: system # or gvisor
  dns-listen: 0.0.0.0:53
  dns-hijack:
     - 8.8.8.8:53
     - tcp://8.8.8.8:53
roccoren commented 3 years ago

@JingxinLee 检查一下操作系统有没有允许转发?试一下sysctl -p,看一下结果。

marlonfan commented 2 years ago

@JingxinLee Hi 后来问题解决了么~

@roccoren 已开启ip_forward还是不行. 如果把nft规则清空的话 走clash的fake-ip模式可以使用. 但是针对其他ip没有看到有nat规则.

marlonfan commented 2 years ago

经过测试, 我现在的做法是把下面两个转发规则去掉, 开启clash的dns服务器给本机和局域网内其他机器使用。 转发功能正常了。可能是因为用了fake-ip模式导致流量都走tun才生效的.

chain local-dns-redirect {
    type nat hook output priority 0; policy accept;

    ip protocol != { tcp, udp } accept

    meta cgroup $BYPASS_CGROUP_CLASSID accept
    ip daddr 127.0.0.0/8 accept

    udp dport 53 dnat $FORWARD_DNS_REDIRECT
    tcp dport 53 dnat $FORWARD_DNS_REDIRECT
}

chain forward-dns-redirect {
    type nat hook prerouting priority 0; policy accept;

    ip protocol != { tcp, udp } accept

    udp dport 53 dnat $FORWARD_DNS_REDIRECT
    tcp dport 53 dnat $FORWARD_DNS_REDIRECT
}