search

shadowsocks / ChinaDNS

Protect yourself against DNS poisoning in China.
GNU General Public License v3.0
3.58k stars 1.3k forks source link

chinadns 在openwrt上不能开机自动启动 #133

Open actg opened 7 years ago

actg commented 7 years ago

原因是安装以后,并没有把/etc/init.d/chinadns链接到/etc/rc.d目录下,所以不能启动

AxIauk commented 6 years ago

我也碰上过无法启动情况,后来发现是53和5353 端口被别的程序占用监听。改了监听端口我的就起来了。

AxIauk commented 6 years ago

发送自 Windows 10 版邮件应用

发件人: muromirikka 发送时间: 2017年10月27日 16:44 收件人: shadowsocks/ChinaDNS 抄送: AxIauk; Mention 主题: Re: [shadowsocks/ChinaDNS] chinadns 在openwrt上不能开机自动启动 (#133)

@AxIauk 能不能请详细说明下是怎么改的监听端口,是改chinadns的监听端口还是解除这些端口的占用? 我的lede上的chinadns无法运行,而且严重影响了dns的工作。虽然电脑连接wifi可以上网,但手机端无法获取dns,只能通过输入ip浏览网站。(卸载chinadns后一切正常) 手动启动也是无效

配置

刚刚尝试了把占用53端口的dnsmasq换了个端口,再试图手动启动chinadns,结果后两行提示消失了,变成

但是进程就卡在这里了,没有正常返回,chinadns也没有启动。 尝试输入"chinadns -c /etc/chinadns_chroute.txt"也还是一样的结果,仍然提示“CHROUTE_FILE not specified, CHNRoute is disabled” 谁能告诉我该怎么办... — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread. 很长时间忘了,当时整理的笔记。你参考一下。 Chinadns异常,多数情况下是 ss-stunel 的问题。

ASUSWRT-Merlin配置ss+iptable+dnsmasq+chinadns 1、环境 ASUSWRT-Merlin RT-AC88U_380.68_0 (2.6.36.4brcmarm armv7l) Dnsmasq version 2.76 iptables v1.4.14 ipset v6.32, protocol version: 6 2、安装Entware ./entware-setup.sh 3、自启动加载模块(非必要) echo "modprobe ip_set" > /jffs/scripts/post-mount echo "modprobe ip_set_hash_net" > /jffs/scripts/post-mount echo "modprobe ip_set_hash_ip" > /jffs/scripts/post-mount echo "modprobe xt_set" > /jffs/scripts/post-mount echo "modprobe xt_TPROXY" > /jffs/scripts/post-mount 4、安装ss-libev opkg install Shadowsocks-libev vi /opt/etc/shadowsocks.json { "server":"...", "server_port":*, "password":"**", "timeout":60, "method":"chacha20-ietf-poly1305" } vi /opt/etc/init.d/S22shadowsocks PROCS=ss-redir ARGS="-c /opt/etc/shadowsocks.json -u -b 0.0.0.0 -l 1080" cp /opt/etc/init.d/S22shadowsocks /opt/etc/init.d/S33tunnel vi /opt/etc/init.d/S33tunnel PROCS=ss-tunnel ARGS="-c /opt/etc/shadowsocks.json -u -b 0.0.0.0 -l 1081 -L 8.8.8.8:53" ./S22shadowsocks start ./S33tunnel start ps | grep ss- 5、安装chinadns opkg install chinadns vi /opt/etc/init.d/S56chinadns ARGS="-l /opt/etc/chinadns_iplist.txt -c /opt/etc/chinadns_chnroute.txt -p 1082 -s 114.114.114.114,127.0.0.1:1081" 6、修改Dnsmasq配置 echo "no-resolv" > /jffs/configs/dnsmasq.conf.add echo "server=127.0.0.1#1082" >> /jffs/configs/dnsmasq.conf.add echo "server=/.taobao.com/114.114.114.114" >> /jffs/configs/dnsmasq.conf.add 7、iptables 配置 (1)IPset+ iptables curl -sL http://f.ip.cn/rt/chnroutes.txt | egrep -v '^$|^#' > /jffs/scripts/chnroutes ipset -N chnroutes hash:net for i in cat chnroutes; do echo ipset -A chnroutes $i >> ipset.sh; done chmod +x ipset.sh && ./ipset.sh ipset -S > /jffs/scripts/ipset.chnroutes vi /jffs/scripts/ddns-start

!/bin/sh

iptables -t nat -N SHADOWSOCKS iptables -t nat -A SHADOWSOCKS -d 138.197.212.26 -j RETURN iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -m set --match-set chnroutes dst -j RETURN iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080 iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS

备注:dnsmasq 需指定127.0.0.1#1082

(2)全局代理:ss-redir vi /jffs/scripts/ddns-start

!/bin/sh

iptables -t nat -N SHADOWSOCKS iptables -t mangle -N SHADOWSOCKS iptables -t nat -A SHADOWSOCKS -d 138.197.212.26 -j RETURN iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080 ip rule add fwmark 0x01/0x01 table 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 1080 --tproxy-mark 0x01 iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS iptables -t mangle -A PREROUTING -j SHADOWSOCKS iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS

备注:dnsmasq 需指定DNS 8.8.8.8

(3)全局代理:ss-redir+ss-tunnel

!/bin/sh

iptables -t nat -N SHADOWSOCKS iptables -t nat -A SHADOWSOCKS -d 138.197.212.26 -j RETURN iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080 iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS

备注:dnsmasq 需指定127.0.0.1#1082

8、备注DNS查询端口 (1)dnsmasq(127.0.0.1#1082) -> ChinaDNS(-p 1082 127.0.0.1:1081) -> ss-tunnel(1081) (2)使用以下命令生成最新的chnroute.txt: curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /opt/etc/chnroute.txt 或 wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F| '/CN|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /opt/etc/chnroute.txt (3)分别 wget Google 和 Baidu,失败则尝试重启 shadowsocks 和 chinadns,仍失败则重启路由。 以下脚本需要先 opkg install wget,安装完整版的 wget 才可执行。最后设置 755 运行权限,定时执行即可。记得间隔时间千万不要太短。我手贱设置成了 1 分钟执行一次,结果它真的重启了,然而 1 分钟根本不够它完成联网,导致重启被无限循环,费了好大劲才旧救回来…… 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

!/bin/sh

LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") wget -4 -q -O /etc/ss/google.html --quiet --tries=3 --timeout=10 www.google.com.hk wget -4 -q -O /etc/ss/baidu.html --quiet --tries=3 --timeout=10 www.baidu.com g_size=$(ls -l /etc/ss/google.html | awk '{ print $5 }') b_size=$(ls -l /etc/ss/baidu.html | awk '{ print $5 }') error=0   if [ $g_size -gt 0 ] && [ $b_size -gt 0 ] ; then echo '['$LOGTIME'] No Problem.' >> /etc/ss/status.log rm /etc/ss/google.html rm /etc/ss/baidu.html exit 0 else error=1 fi   if [ $error=1 ] ; then   echo '['$LOGTIME'] Problem decteted. Restarting shadowsocks.'  >> /etc/ss/status.log /etc/init.d/shadowsocks restart sleep 5

/etc/init.d/chinadns restart

sleep 5

    LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") wget -4 -q -O /etc/ss/google.html --quiet --tries=3 --timeout=10 www.google.com.hk wget -4 -q -O /etc/ss/baidu.html --quiet --tries=3 --timeout=10 www.baidu.com g_size=$(ls -l /etc/ss/google.html | awk '{ print $5 }') b_size=$(ls -l /etc/ss/google.html | awk '{ print $5 }')   if [ $g_size -gt 0 ] && [ $b_size -gt 0 ] ; then echo '['$LOGTIME'] Problem fixed.' >> /etc/ss/status.log rm /etc/ss/google.html rm /etc/ss/baidu.html error=0 exit 0 else echo '['$LOGTIME'] Unable to fix the problem. Restarting router.' >> /etc/ss/status.log reboot -f fi fi