在debian中，sing-box 的tun模式 不处理由 cURL 发起的请求

[Toroung]

操作系统

Linux

系统版本

root@debian:~# uname -a Linux debian 4.19.0-24-amd64 #1 SMP Debian 4.19.282-1 (2023-04-29) x86_64 GNU/Linux

安装类型

sing-box 原始命令行程序

如果您使用图形客户端程序，请提供该程序版本。

No response

版本

client ```sh root@debian:~# sing-box version sing-box version unknown Environment: go1.21.3 linux/amd64 Tags: with_quic,with_grpc,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_clash_api,with_v2ray_api,with_gvisor,with_lwip,with_acme Revision: e82dab027df19a3c1fbfb6d47d4acc1a9cccd9c6 CGO: enabled ```

描述

client ```txt sing-box在开启tun模式后，解析DNS失败 ERROR dns: exchange failed for google.com. IN A: Post "https://1.1.1.1/dns-query": dial udp #.#.#.#:443: operation not permitted ERROR dns: exchange failed for baidu.com. IN A: dial udp 223.5.5.5:53: operation not permitted ```

重现方式

```sh root@debian:~# sysctl -p net.ipv4.ip_forward = 1 root@debian:~# ufw status Status: inactive sudo systemctl restart sing-box root@debian:~# sudo systemctl status sing-box ● sing-box.service - sing-box service Loaded: loaded (/etc/systemd/system/sing-box.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2023-11-07 16:07:26 CST; 3min 33s ago Docs: https://sing-box.sagernet.org Main PID: 3506 (sing-box) Tasks: 13 (limit: 2355) Memory: 14.7M CGroup: /system.slice/sing-box.service └─3506 /usr/local/bin/sing-box -D /var/lib/sing-box -C /usr/local/etc/sing-box run Nov 07 16:07:26 debian systemd[1]: Started sing-box service. root@debian:~# curl baidu.com curl: (6) Could not resolve host: baidu.com root@debian:~# curl google.com curl: (6) Could not resolve host: google.com ``` client config file ```json { "log": { "level": "trace", "output": "/usr/local/etc/sing-box/box.log", "timestamp": true }, "dns": { "servers": [ { "tag": "cf", "address": "https://1.1.1.1/dns-query" }, { "tag": "local", "address": "223.5.5.5", "detour": "direct" }, { "tag": "block", "address": "rcode://success" } ], "rules": [ { "geosite": "category-ads-all", "server": "block", "disable_cache": true }, { "outbound": "any", "server": "local" }, { "geosite": "cn", "server": "local" } ], "strategy": "ipv4_only" }, "inbounds": [ { "type": "tun", "inet4_address": "172.19.0.1/30", "auto_route": true, "strict_route": false, "sniff": true } ], "outbounds": [ { "type": "hysteria2", "tag": "proxy", "server": "#.#.#.#", "server_port": 443, "up_mbps": 30, "down_mbps": 100, "password": "mypassword", "tls": { "enabled": true, "server_name": "####.com", "insecure": true } }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns-out" } ], "route": { "geoip": { "download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db", "download_detour": "direct" }, "geosite": { "download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db", "download_detour": "direct" }, "rules": [ { "protocol": "dns", "outbound": "dns-out" }, { "geosite": "cn", "geoip": [ "private", "cn" ], "outbound": "direct" }, { "geosite": "category-ads-all", "outbound": "block" } ], "auto_detect_interface": true } } ```

日志

client ```txt +0800 2023-11-06 07:45:57 INFO router: loaded geoip database: 250 codes +0800 2023-11-06 07:45:58 INFO router: loaded geosite database: 1419 codes +0800 2023-11-06 07:45:58 INFO router: updated default interface ens18, index 2 +0800 2023-11-06 07:45:58 TRACE initializing inbound/tun[0] +0800 2023-11-06 07:45:58 TRACE inbound/tun[0]: opening interface +0800 2023-11-06 07:45:58 TRACE inbound/tun[0]: creating stack +0800 2023-11-06 07:45:58 TRACE inbound/tun[0]: starting stack +0800 2023-11-06 07:45:58 INFO inbound/tun[0]: started at tun0 +0800 2023-11-06 07:45:58 INFO sing-box started (0.99s) +0800 2023-11-06 07:46:05 INFO [3193399320 0ms] inbound/tun[0]: inbound packet connection from 172.19.0.1:37464 +0800 2023-11-06 07:46:05 INFO [3193399320 0ms] inbound/tun[0]: inbound packet connection to 192.168.2.1:53 +0800 2023-11-06 07:46:05 DEBUG [3193399320 0ms] router: sniffed packet protocol: dns +0800 2023-11-06 07:46:05 DEBUG [3193399320 0ms] router: match[0] protocol=dns => dns-out +0800 2023-11-06 07:46:05 DEBUG dns: exchange google.com. IN AAAA +0800 2023-11-06 07:46:05 DEBUG dns: strategy rejected +0800 2023-11-06 07:46:05 DEBUG dns: exchange google.com. IN A +0800 2023-11-06 07:46:05 INFO outbound/hysteria2[proxy]: outbound connection to 1.1.1.1:443 +0800 2023-11-06 07:46:05 ERROR dns: exchange failed for google.com. IN A: Post "https://1.1.1.1/dns-query": dial udp *.*.*.*:443: operation not permitted +0800 2023-11-06 07:46:05 DEBUG [3193399320 0ms] inbound/tun[0]: connection closed: EOF | upstream: context canceled +0800 2023-11-06 07:46:10 INFO [164814842 0ms] inbound/tun[0]: inbound packet connection from 172.19.0.1:37464 +0800 2023-11-06 07:46:10 INFO [164814842 0ms] inbound/tun[0]: inbound packet connection to 192.168.2.1:53 +0800 2023-11-06 07:46:10 DEBUG [164814842 0ms] router: sniffed packet protocol: dns +0800 2023-11-06 07:46:10 DEBUG [164814842 0ms] router: match[0] protocol=dns => dns-out +0800 2023-11-06 07:46:10 DEBUG dns: exchange google.com. IN AAAA +0800 2023-11-06 07:46:10 DEBUG dns: strategy rejected +0800 2023-11-06 07:46:10 DEBUG dns: exchange google.com. IN A +0800 2023-11-06 07:46:10 INFO outbound/hysteria2[proxy]: outbound connection to 1.1.1.1:443 +0800 2023-11-06 07:46:10 ERROR dns: exchange failed for google.com. IN A: Post "https://1.1.1.1/dns-query": dial udp #.#.#.#:443: operation not permitted +0800 2023-11-06 07:46:10 DEBUG [164814842 0ms] inbound/tun[0]: connection closed: EOF | upstream: context canceled +0800 2023-11-06 07:46:19 INFO [3670308668 0ms] inbound/tun[0]: inbound packet connection from 172.19.0.1:39384 +0800 2023-11-06 07:46:19 INFO [3670308668 0ms] inbound/tun[0]: inbound packet connection to 192.168.2.1:53 +0800 2023-11-06 07:46:19 DEBUG [3670308668 0ms] router: sniffed packet protocol: dns +0800 2023-11-06 07:46:19 DEBUG [3670308668 0ms] router: match[0] protocol=dns => dns-out +0800 2023-11-06 07:46:19 DEBUG dns: exchange baidu.com. IN A +0800 2023-11-06 07:46:19 DEBUG dns: match[2] geosite=cn => local +0800 2023-11-06 07:46:19 INFO outbound/direct[direct]: outbound packet connection to 223.5.5.5:53 +0800 2023-11-06 07:46:19 INFO outbound/direct[direct]: outbound packet connection to 223.5.5.5:53 +0800 2023-11-06 07:46:19 INFO outbound/direct[direct]: outbound packet connection to 223.5.5.5:53 +0800 2023-11-06 07:46:19 ERROR dns: exchange failed for baidu.com. IN A: dial udp 223.5.5.5:53: operation not permitted +0800 2023-11-06 07:46:19 DEBUG [3670308668 0ms] inbound/tun[0]: connection closed: EOF | upstream: context canceled +0800 2023-11-06 07:46:24 INFO [102947133 0ms] inbound/tun[0]: inbound packet connection from 172.19.0.1:39384 +0800 2023-11-06 07:46:24 INFO [102947133 0ms] inbound/tun[0]: inbound packet connection to 192.168.2.1:53 +0800 2023-11-06 07:46:24 DEBUG [102947133 0ms] router: sniffed packet protocol: dns +0800 2023-11-06 07:46:24 DEBUG [102947133 0ms] router: match[0] protocol=dns => dns-out +0800 2023-11-06 07:46:24 DEBUG dns: exchange baidu.com. IN AAAA +0800 2023-11-06 07:46:24 DEBUG dns: match[2] geosite=cn => local +0800 2023-11-06 07:46:24 DEBUG dns: exchange baidu.com. IN A +0800 2023-11-06 07:46:24 DEBUG dns: match[2] geosite=cn => local +0800 2023-11-06 07:46:24 INFO outbound/direct[direct]: outbound packet connection to 223.5.5.5:53 +0800 2023-11-06 07:46:24 INFO outbound/direct[direct]: outbound packet connection to 223.5.5.5:53 +0800 2023-11-06 07:46:24 INFO outbound/direct[direct]: outbound packet connection to 223.5.5.5:53 +0800 2023-11-06 07:46:24 ERROR dns: exchange failed for baidu.com. IN A: dial udp 223.5.5.5:53: operation not permitted +0800 2023-11-06 07:46:24 DEBUG [102947133 0ms] inbound/tun[0]: connection closed: EOF | upstream: context canceled +0800 2023-11-06 07:46:24 DEBUG dns: strategy rejected ```

[yangtao278080785570121]

老哥解决了吗 我也碰到这个问题