梅林固件 Firmware Version:384.13

jacky441 commented 5 years ago

不知道是不是因为最新版本的问题我配置了没问题但是就是代理不成功

在电脑上用了SSR 代理没问题但是放到了路由器上运行了然后访问还是不走代理

请问怎么排查？

jacky441 commented 5 years ago

几个月前用了没问题只是有些网站代理不成功而已

jacky441 commented 5 years ago

好像就是访问网站的时候无响应

@RT-AC88U-C9D0:/tmp/mnt/miniUSB/unblockchn# curl http://ipservice.163.com/isFromMainland curl: (7) Failed to connect to ipservice.163.com port 80: Connection timed out

This site can’t be reached ipservice.163.com took too long to respond. Try:

Checking the connection Checking the proxy and the firewall Running Windows Network Diagnostics ERR_CONNECTION_TIMED_OUT

gxfxyz commented 5 years ago

你好，

正常情况下，即使开启了代理后在路由器上 curl http://ipservice.163.com/isFromMainland 也是不会走代理的，只有局域网内的 NAT 请求才会进行代理分流判断，所以如果路由器上 curl 都不通应该是除这工具以外的地方出问题了。

另外这工具用的是原版的 Shadowsocks，不支持 ShadowsocksR，你在路由器上的 ShadowsocksR 代理是自己配置的吗？如果是的话，可能是这地方出问题了。

你可以试试用 python3 unblockchn.py router restore 命令还原路由器后，再 curl 看看通不通？如果也是不通的话，要检查下你路由器的 iptables 规则。

列出 iptables filter 规则命令： iptables -t filter -L -n -v

列出 iptables nat 规则命令： iptables -t nat -L -n -v

jacky441 commented 5 years ago

你好，

你的意思是我中国服务器上要配置 Shadowsocks 不是 ShadowsocksR?

路由器 restore 后在电脑上是可以通的只是不走代理而已

以下是 iptables filter 输出 jmao@RT-AC88U-C9D0:/tmp/mnt/miniUSB/unblockchn# iptables -t filter -L -n -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 24099 3030K ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 211K 53M ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2198 102K DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID 114K 22M PTCSRVWAN all -- !br0 0.0.0.0/0 0.0.0.0/0 211K 91M PTCSRVLAN all -- br0 0.0.0.0/0 0.0.0.0/0 211K 91M ACCEPT all -- br0 0.0.0.0/0 0.0.0.0/0 state NEW 110K 22M ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 state NEW 4212 231K OVPN all -- 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68 0 0 SSHBFP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8868 state NEW 65 4826 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3353 175K DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 8864K 12G ipttolan all -- br0 0.0.0.0/0 0.0.0.0/0 3162K 316M iptfromlan all -- br0 0.0.0.0/0 0.0.0.0/0 12M 12G ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 53 5300 other2wan all -- !br0 eth0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0 9435 442K DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID 4 530 SECURITY all -- eth0 0.0.0.0/0 0.0.0.0/0 71647 9053K NSFW all -- 0.0.0.0/0 0.0.0.0/0 71573 9046K ACCEPT all -- br0 0.0.0.0/0 0.0.0.0/0 4 530 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate DNAT 70 6388 OVPN all -- 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 DNSFILTER_DOT tcp -- br0 0.0.0.0/0 0.0.0.0/0 tcp dpt:853 53 5300 DROP all -- * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 285K packets, 71M bytes) pkts bytes target prot opt in out source destination

Chain ACCESS_RESTRICTION (0 references) pkts bytes target prot opt in out source destination

Chain DNSFILTER_DOT (1 references) pkts bytes target prot opt in out source destination 0 0 REJECT all -- 0.0.0.0/0 !1.1.1.1 reject-with icmp-port-unreachable

Chain FUPNP (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- 0.0.0.0/0 192.168.2.166 udp dpt:50646

Chain INPUT_ICMP (0 references) pkts bytes target prot opt in out source destination

Chain NSFW (1 references) pkts bytes target prot opt in out source destination

Chain OVPN (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- tun11 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- tun12 0.0.0.0/0 0.0.0.0/0 811 52020 ACCEPT all -- tun21 * 0.0.0.0/0 192.168.2.0/24

Chain PControls (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain PTCSRVLAN (1 references) pkts bytes target prot opt in out source destination

Chain PTCSRVWAN (1 references) pkts bytes target prot opt in out source destination

Chain SECURITY (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x02 limit: avg 1/sec burst 5 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x02 0 0 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x04 limit: avg 1/sec burst 5 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x04 0 0 RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5 0 0 DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 4 530 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain SSHBFP (1 references) pkts bytes target prot opt in out source destination 0 0 all -- 0.0.0.0/0 0.0.0.0/0 recent: SET name: SSH side: source 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 60 hit_count: 4 name: SSH side: source 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain default_block (0 references) pkts bytes target prot opt in out source destination

Chain iptfromlan (1 references) pkts bytes target prot opt in out source destination 3052K 297M RETURN all -- eth0 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 192.168.2.0/255.255.255.0 name: lan 17875 14M RETURN all -- tun21 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 192.168.2.0/255.255.255.0 name: lan 137 14243 RETURN all -- tun12 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 192.168.2.0/255.255.255.0 name: lan 84181 5037K RETURN all -- tun11 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 192.168.2.0/255.255.255.0 name: lan

Chain ipttolan (1 references) pkts bytes target prot opt in out source destination 8759K 12G RETURN all -- eth0 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 192.168.2.0/255.255.255.0 name: lan 14517 770K RETURN all -- tun21 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 192.168.2.0/255.255.255.0 name: lan 206 215K RETURN all -- tun12 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 192.168.2.0/255.255.255.0 name: lan 84270 18M RETURN all -- tun11 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 192.168.2.0/255.255.255.0 name: lan

Chain logaccept (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix "ACCEPT " 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain logdrop (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix "DROP " 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain other2wan (1 references) pkts bytes target prot opt in out source destination 53 5300 RETURN all -- tun+ 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * 0.0.0.0/0 0.0.0.0/0

以下是 iptables nat输出 jmao@RT-AC88U-C9D0:/tmp/mnt/miniUSB/unblockchn# iptables -t nat -L -n -v Chain PREROUTING (policy ACCEPT 2197 packets, 549K bytes) pkts bytes target prot opt in out source destination 8 336 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 3126 175K VSERVER all -- 0.0.0.0/0 106.69.253.229 15144 1122K DNSFILTER udp -- 192.168.2.0/24 0.0.0.0/0 udp dpt:53 0 0 DNSFILTER tcp -- 192.168.2.0/24 0.0.0.0/0 tcp dpt:53 1 60 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 match-set chn dst redir ports 1080

Chain INPUT (policy ACCEPT 1726 packets, 495K bytes) pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 82 packets, 10204 bytes) pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 78 packets, 8372 bytes) pkts bytes target prot opt in out source destination 761 42351 MASQUERADE all -- tun11 192.168.2.0/24 0.0.0.0/0 6 312 MASQUERADE all -- tun12 192.168.2.0/24 0.0.0.0/0 0 0 ACCEPT all -- 192.168.2.0/24 0.0.0.0/0 policy match dir out pol ipsec 57108 6679K PUPNP all -- eth0 0.0.0.0/0 0.0.0.0/0 53545 6428K MASQUERADE all -- eth0 !106.69.253.229 0.0.0.0/0 541 239K MASQUERADE all -- * br0 192.168.2.0/24 192.168.2.0/24

Chain DNSFILTER (2 references) pkts bytes target prot opt in out source destination 15144 1122K DNAT all -- 0.0.0.0/0 0.0.0.0/0 to:1.1.1.1

Chain LOCALSRV (0 references) pkts bytes target prot opt in out source destination

Chain PCREDIRECT (0 references) pkts bytes target prot opt in out source destination

Chain PUPNP (1 references) pkts bytes target prot opt in out source destination

Chain VSERVER (1 references) pkts bytes target prot opt in out source destination 3126 175K VUPNP all -- 0.0.0.0/0 0.0.0.0/0

Chain VUPNP (1 references) pkts bytes target prot opt in out source destination 1 137 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:50646 to:192.168.2.166:50646

谢谢

G.X.F. mailto:notifications@github.com 28 August 2019 at 5:14 am

你好，

正常情况下，即使开启了代理后在路由器上 |curl http://ipservice.163.com/isFromMainland| 也是不会走代理的，只有局域网内的 NAT 请求才会进行代理分流判断，所以如果路由器上 |curl| 都不通应该是除这工具以外的地方出问题了。

另外这工具用的是原版的 Shadowsocks，不支持 ShadowsocksR，你在路由器上的 ShadowsocksR 代理是自己配置的吗？如果是的话，可能是这地方出问题了。

你可以试试用 |python3 unblockchn.py router restore| 命令还原路由器后，再 |curl| 看看通不通？如果也是不通的话，要检查下你路由器的 iptables 规则。

列出 iptables filter 规则命令： |iptables -t filter -L -n -v|

列出 iptables nat 规则命令： |iptables -t nat -L -n -v|

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/gxfxyz/unblockchn/issues/9?email_source=notifications&email_token=ANAOUF7DTBKUMSAVDW222XTQGWKLVA5CNFSM4IQENBE2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5JEOZQ#issuecomment-525485926, or mute the thread https://github.com/notifications/unsubscribe-auth/ANAOUF5N2TNZBNV4K7RF6UDQGWKLVANCNFSM4IQENBEQ.

gxfxyz commented 5 years ago

是的，服务器端要配置原版 Shadowsocks，而不是 ShadowsocksR。

jacky331 commented 5 years ago

请问如果设置可以让音频视频也加速？

gxfxyz commented 5 years ago

@jacky331 目前没有这功能，因为从 Unblock Youku 提取的分流规则只是为了解锁，想要音视频也走代理的话得自己去找相应音视频流的地址然后加到规则中，或者你就直接全局都走代理。

jacky331 commented 5 years ago

全局太浪费流量了这几天用了下KoolShare的科学上网插件可以用但是有时候不稳定最主要的原因就是迅雷下载什么的都走代理了有点吃不消 0.8/元每GB.....

gxfxyz / unblockchn

梅林固件 Firmware Version:384.13 #9