Open actg opened 7 years ago
我也碰上过无法启动情况,后来发现是53和5353 端口被别的程序占用监听。改了监听端口我的就起来了。
发送自 Windows 10 版邮件应用
发件人: muromirikka 发送时间: 2017年10月27日 16:44 收件人: shadowsocks/ChinaDNS 抄送: AxIauk; Mention 主题: Re: [shadowsocks/ChinaDNS] chinadns 在openwrt上不能开机自动启动 (#133)
@AxIauk 能不能请详细说明下是怎么改的监听端口,是改chinadns的监听端口还是解除这些端口的占用? 我的lede上的chinadns无法运行,而且严重影响了dns的工作。虽然电脑连接wifi可以上网,但手机端无法获取dns,只能通过输入ip浏览网站。(卸载chinadns后一切正常) 手动启动也是无效
配置
刚刚尝试了把占用53端口的dnsmasq换了个端口,再试图手动启动chinadns,结果后两行提示消失了,变成
但是进程就卡在这里了,没有正常返回,chinadns也没有启动。 尝试输入"chinadns -c /etc/chinadns_chroute.txt"也还是一样的结果,仍然提示“CHROUTE_FILE not specified, CHNRoute is disabled” 谁能告诉我该怎么办... — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread. 很长时间忘了,当时整理的笔记。你参考一下。 Chinadns异常,多数情况下是 ss-stunel 的问题。
ASUSWRT-Merlin配置ss+iptable+dnsmasq+chinadns
1、环境
ASUSWRT-Merlin RT-AC88U_380.68_0 (2.6.36.4brcmarm armv7l)
Dnsmasq version 2.76
iptables v1.4.14
ipset v6.32, protocol version: 6
2、安装Entware
./entware-setup.sh
3、自启动加载模块(非必要)
echo "modprobe ip_set" > /jffs/scripts/post-mount
echo "modprobe ip_set_hash_net" > /jffs/scripts/post-mount
echo "modprobe ip_set_hash_ip" > /jffs/scripts/post-mount
echo "modprobe xt_set" > /jffs/scripts/post-mount
echo "modprobe xt_TPROXY" > /jffs/scripts/post-mount
4、安装ss-libev
opkg install Shadowsocks-libev
vi /opt/etc/shadowsocks.json
{
"server":"...",
"server_port":*,
"password":"**",
"timeout":60,
"method":"chacha20-ietf-poly1305"
}
vi /opt/etc/init.d/S22shadowsocks
PROCS=ss-redir
ARGS="-c /opt/etc/shadowsocks.json -u -b 0.0.0.0 -l 1080"
cp /opt/etc/init.d/S22shadowsocks /opt/etc/init.d/S33tunnel
vi /opt/etc/init.d/S33tunnel
PROCS=ss-tunnel
ARGS="-c /opt/etc/shadowsocks.json -u -b 0.0.0.0 -l 1081 -L 8.8.8.8:53"
./S22shadowsocks start
./S33tunnel start
ps | grep ss-
5、安装chinadns
opkg install chinadns
vi /opt/etc/init.d/S56chinadns
ARGS="-l /opt/etc/chinadns_iplist.txt -c /opt/etc/chinadns_chnroute.txt -p 1082 -s 114.114.114.114,127.0.0.1:1081"
6、修改Dnsmasq配置
echo "no-resolv" > /jffs/configs/dnsmasq.conf.add
echo "server=127.0.0.1#1082" >> /jffs/configs/dnsmasq.conf.add
echo "server=/.taobao.com/114.114.114.114" >> /jffs/configs/dnsmasq.conf.add
7、iptables 配置
(1)IPset+ iptables
curl -sL http://f.ip.cn/rt/chnroutes.txt | egrep -v '^$|^#' > /jffs/scripts/chnroutes
ipset -N chnroutes hash:net
for i in cat chnroutes
; do echo ipset -A chnroutes $i >> ipset.sh; done
chmod +x ipset.sh && ./ipset.sh
ipset -S > /jffs/scripts/ipset.chnroutes
vi /jffs/scripts/ddns-start
iptables -t nat -N SHADOWSOCKS iptables -t nat -A SHADOWSOCKS -d 138.197.212.26 -j RETURN iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -m set --match-set chnroutes dst -j RETURN iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080 iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
(2)全局代理:ss-redir vi /jffs/scripts/ddns-start
iptables -t nat -N SHADOWSOCKS iptables -t mangle -N SHADOWSOCKS iptables -t nat -A SHADOWSOCKS -d 138.197.212.26 -j RETURN iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080 ip rule add fwmark 0x01/0x01 table 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 1080 --tproxy-mark 0x01 iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS iptables -t mangle -A PREROUTING -j SHADOWSOCKS iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
(3)全局代理:ss-redir+ss-tunnel
iptables -t nat -N SHADOWSOCKS iptables -t nat -A SHADOWSOCKS -d 138.197.212.26 -j RETURN iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080 iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
8、备注DNS查询端口 (1)dnsmasq(127.0.0.1#1082) -> ChinaDNS(-p 1082 127.0.0.1:1081) -> ss-tunnel(1081) (2)使用以下命令生成最新的chnroute.txt: curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /opt/etc/chnroute.txt 或 wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F| '/CN|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /opt/etc/chnroute.txt (3)分别 wget Google 和 Baidu,失败则尝试重启 shadowsocks 和 chinadns,仍失败则重启路由。 以下脚本需要先 opkg install wget,安装完整版的 wget 才可执行。最后设置 755 运行权限,定时执行即可。记得间隔时间千万不要太短。我手贱设置成了 1 分钟执行一次,结果它真的重启了,然而 1 分钟根本不够它完成联网,导致重启被无限循环,费了好大劲才旧救回来…… 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") wget -4 -q -O /etc/ss/google.html --quiet --tries=3 --timeout=10 www.google.com.hk wget -4 -q -O /etc/ss/baidu.html --quiet --tries=3 --timeout=10 www.baidu.com g_size=$(ls -l /etc/ss/google.html | awk '{ print $5 }') b_size=$(ls -l /etc/ss/baidu.html | awk '{ print $5 }') error=0 if [ $g_size -gt 0 ] && [ $b_size -gt 0 ] ; then echo '['$LOGTIME'] No Problem.' >> /etc/ss/status.log rm /etc/ss/google.html rm /etc/ss/baidu.html exit 0 else error=1 fi if [ $error=1 ] ; then echo '['$LOGTIME'] Problem decteted. Restarting shadowsocks.' >> /etc/ss/status.log /etc/init.d/shadowsocks restart sleep 5
sleep 5
LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") wget -4 -q -O /etc/ss/google.html --quiet --tries=3 --timeout=10 www.google.com.hk wget -4 -q -O /etc/ss/baidu.html --quiet --tries=3 --timeout=10 www.baidu.com g_size=$(ls -l /etc/ss/google.html | awk '{ print $5 }') b_size=$(ls -l /etc/ss/google.html | awk '{ print $5 }') if [ $g_size -gt 0 ] && [ $b_size -gt 0 ] ; then echo '['$LOGTIME'] Problem fixed.' >> /etc/ss/status.log rm /etc/ss/google.html rm /etc/ss/baidu.html error=0 exit 0 else echo '['$LOGTIME'] Unable to fix the problem. Restarting router.' >> /etc/ss/status.log reboot -f fi fi
原因是安装以后,并没有把/etc/init.d/chinadns链接到/etc/rc.d目录下,所以不能启动