matthuo333
commented
3 years ago 通过ipt反向查kernel配置文件,发现下面几个未打开,clash是不是底层依赖这个几个模块?
Closed matthuo333 closed 2 years ago
matthuo333
commented
3 years ago 通过ipt反向查kernel配置文件,发现下面几个未打开,clash是不是底层依赖这个几个模块?
vernesong
commented
3 years ago output链是路由自身的流量,prerouting链才是下面的设备
matthuo333
commented
3 years ago output链是路由自身的流量,prerouting链才是下面的设备
所以只要prerouting链以及引用的clash链没问题,就可以? 为什么正确环境没有需要mangle表的配合,对于失败的环境需要mangle配合?
matthuo333
commented
3 years ago 另外Dreamacro 大神推荐参考 clash-premium-installer 这个项目,可是该项目作者又说其中脚本不适用op。。。
vernesong
commented
3 years ago mangle是udp或者tun模式下需要用的规则
vernesong
commented
3 years ago 你直接发调试日志
matthuo333
commented
3 years ago 主机型号: Amlogic 固件版本: OpenWrt SNAPSHOT r2907-71e335c0b LuCI版本: git-20.256.12360-1a54222-1 内核版本: 3.14.29 处理器架构: aarch64_generic
防火墙转发: ACCEPT
IPV6-DHCP: server
Dnsmasq转发设置: 127.0.0.1#7874
dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 jsonfilter: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 iptables-mod-tproxy: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci-19.07): 已安装
运行状态: 运行中 已选择的架构: linux-armv8
Tun内核版本: 2020.12.18.gaf66a7a Tun内核文件: 存在 Tun内核运行权限: 正常
Game内核版本: Game内核文件: 不存在 Game内核运行权限: 否
Dev内核版本: v1.3.0-4-g4b1b494 Dev内核文件: 存在 Dev内核运行权限: 正常
当前配置文件: /etc/openclash/config/clash-stand1.yaml 运行模式: fake-ip 默认代理模式: rule UDP流量转发: 停用 DNS劫持: 启用 自定义DNS: 停用 IPV6-DNS解析: 停用 禁用Dnsmasq缓存: 停用 自定义规则: 停用 仅允许内网: 停用 仅代理命中规则流量: 停用 绕过中国大陆IP: 停用
保留配置: 停用 第三方规则: 停用
port: 7890 socks-port: 7891 allow-lan: true bind-address: "*" ipv6: false mode: rule log-level: silent external-controller: 0.0.0.0:9090 redir-port: 7892 interface-name: eth0 external-ui: "/usr/share/openclash/dashboard" dns: use-hosts: true listen: 127.0.0.1:7874 enable: true ipv6: false enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 fake-ip-filter:
nameserver:
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 8.8.4.4 redir ports 7892
2 REDIRECT tcp -- 0.0.0.0/0 8.8.8.8 redir ports 7892
3 prerouting_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom prerouting rule chain /
4 zone_lan_prerouting all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /
5 zone_vpn_prerouting all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /
6 REDIRECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 redir ports 53
7 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 redir ports 53
8 openclash tcp -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 openclash_output tcp -- 0.0.0.0/0 0.0.0.0/0
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.199.1 0.0.0.0 UG 0 0 0 br-lan 10.147.20.0 0.0.0.0 255.255.255.0 U 0 0 0 ztwfuhbsgp 192.168.199.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
default via 192.168.199.1 dev br-lan proto static src 192.168.199.192 10.147.20.0/24 dev ztwfuhbsgp proto kernel scope link src 10.147.20.94 192.168.199.0/24 dev br-lan proto kernel scope link src 192.168.199.192
0: from all lookup local 32766: from all lookup main 32767: from all lookup default
tcp 0 0 :::9090 ::: LISTEN 15179/clash tcp 0 0 :::7890 ::: LISTEN 15179/clash tcp 0 0 :::7891 ::: LISTEN 15179/clash tcp 0 0 :::7892 ::: LISTEN 15179/clash udp 0 0 127.0.0.1:7874 0.0.0.0: 15179/clash udp 0 0 :::7891 ::: 15179/clash udp 0 0 :::7892 :::* 15179/clash
Server: 127.0.0.1 Address: 127.0.0.1#53
Name: www.baidu.com Address 1: 198.18.0.2 *** Can't find www.baidu.com: No answer
nameserver 192.168.199.1 search lan
Multiple Start Scripts Running, Exit... time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Others" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Hulu" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Netflix" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Spotify" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Auto - UrlTest" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Disneyplus" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Microsoft" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Youtube" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Netease Music" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider AsianTV" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider HBOGo" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider AdBlock" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Telegram" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider PayPal" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider GlobalTV" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider PrimeVideo" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Scholar" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Steam" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Speedtest" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Proxies" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Domestic" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial compatible provider Apple" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial rule provider Netflix" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial rule provider Youtube" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial rule provider Hulu" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial rule provider PrimeVideo" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial rule provider HBOGo" time="2020-12-25T23:42:45+08:00" level=info msg="Start initial rule provider Disneyplus" time="2020-12-25T23:42:45+08:00" level=info msg="DNS server listening at: 127.0.0.1:7874" 2020-12-25 23:42:30 OpenClash Start Successful, Please Note That Network May Abnormal With IPV6's DHCP Server
vernesong
commented
3 years ago 关下ipv6,本机网络不通,测试下curl是否正常
vernesong
commented
3 years ago 绑定接口那,先不要设置
matthuo333
commented
3 years ago 绑定接口?
matthuo333
commented
3 years ago 关下ipv6,本机网络不通,测试下curl是否正常
实际已经关了。就是用curl测试的,不正常。另外,kernel版本是不是太低?
vernesong
commented
3 years ago interface-name: eth0删除 ipv6关闭:
IPV6-DHCP: server
日志显示路由本机无法测通百度和github 因为你装的是旧版,跟内核版本应该关系不大
matthuo333
commented
3 years ago 请问,ipv6在下图哪里关闭?
matthuo333
commented
3 years ago interface-name: eth0删除后,curl baidu.com 正常,但是curl google.com 不行。调试日志:
OpenClash 调试日志
生成时间: 2020-12-29 10:45:47 插件版本: v0.40.7-beta
#===================== 系统信息 =====================#
主机型号: Amlogic
固件版本: OpenWrt SNAPSHOT r2907-71e335c0b
LuCI版本: git-20.256.12360-1a54222-1
内核版本: 3.14.29
处理器架构: aarch64_generic
#此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT
#此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: server
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
jsonfilter: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
已选择的架构: linux-armv8
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2020.12.18.gaf66a7a
Tun内核文件: 存在
Tun内核运行权限: 正常
Game内核版本:
Game内核文件: 不存在
Game内核运行权限: 否
Dev内核版本: v1.3.0-4-g4b1b494
Dev内核文件: 存在
Dev内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/clash-stand1.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发: 停用
DNS劫持: 启用
自定义DNS: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
绕过中国大陆IP: 停用
#启动异常时建议关闭此项后重试
保留配置: 停用
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
allow-lan: true
bind-address: "*"
ipv6: false
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
redir-port: 7892
#interface-name: eth0
external-ui: "/usr/share/openclash/dashboard"
hosts:
##Custom HOSTS##
# experimental hosts, support wildcard (e.g. *.clash.dev Even *.foo.*.example.com)
# static domain has a higher priority than wildcard domain (foo.example.com > *.example.com)
# NOTE: hosts don't work with `fake-ip`
# '*.clash.dev': 127.0.0.1
# 'alpha.clash.dev': '::1'
##Custom HOSTS END##
dns:
use-hosts: true
listen: 127.0.0.1:7874
enable: true
ipv6: false
enhanced-mode: redir-host
fake-ip-filter:
nameserver:
- 114.114.114.114
- 119.29.29.29
fallback:
- https://cloudflare-dns.com/dns-query
- https://dns.google/dns-query
- https://1.1.1.1/dns-query
- tls://8.8.8.8:853
fallback-filter:
geoip: true
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
#===================== 防火墙设置 =====================#
#NAT chain
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 8.8.4.4 redir ports 7892
2 REDIRECT tcp -- 0.0.0.0/0 8.8.8.8 redir ports 7892
3 REDIRECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 redir ports 53
4 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 redir ports 53
5 prerouting_rule all -- 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom prerouting rule chain */
6 zone_lan_prerouting all -- 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
7 zone_vpn_prerouting all -- 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
8 openclash tcp -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
#Mangle chain
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br-lan
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route list
default via 192.168.1.1 dev br-lan proto static src 192.168.1.32
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.32
#ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
tcp 0 0 :::9090 :::* LISTEN 23893/clash
tcp 0 0 :::7890 :::* LISTEN 23893/clash
tcp 0 0 :::7891 :::* LISTEN 23893/clash
tcp 0 0 :::7892 :::* LISTEN 23893/clash
udp 0 0 127.0.0.1:7874 0.0.0.0:* 23893/clash
udp 0 0 :::7891 :::* 23893/clash
udp 0 0 :::7892 :::* 23893/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.baidu.com
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address 1: 110.242.68.4
Address 2: 110.242.68.3
*** Can't find www.baidu.com: No answer
#===================== resolv.conf.d =====================#
# Interface lan
nameserver 192.168.1.1
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Tue, 29 Dec 2020 02:45:48 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
#===================== 最近运行日志 =====================#
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial compatible provider Telegram"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial compatible provider AdBlock"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial compatible provider Scholar"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial compatible provider Proxies"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial compatible provider Steam"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial compatible provider Disneyplus"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial compatible provider Microsoft"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial compatible provider HBOGo"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial compatible provider Netflix"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial compatible provider PrimeVideo"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial compatible provider Apple"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial rule provider Youtube"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial rule provider Hulu"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial rule provider PrimeVideo"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial rule provider HBOGo"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial rule provider Disneyplus"
time="2020-12-29T10:42:48+08:00" level=info msg="Start initial rule provider Netflix"
time="2020-12-29T10:42:48+08:00" level=info msg="DNS server listening at: 127.0.0.1:7874"
2020-12-29 10:42:33 OpenClash Start Successful, Please Note That Network May Abnormal With IPV6's DHCP Server
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Netease Music"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Telegram"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider PrimeVideo"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Microsoft"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider AdBlock"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider HBOGo"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Scholar"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider AsianTV"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Others"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider PayPal"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Spotify"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Hulu"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Youtube"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Apple"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Netflix"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Disneyplus"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider GlobalTV"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Speedtest"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Steam"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Auto - UrlTest"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Proxies"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial compatible provider Domestic"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial rule provider Disneyplus"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial rule provider Netflix"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial rule provider Youtube"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial rule provider Hulu"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial rule provider PrimeVideo"
time="2020-12-29T10:44:58+08:00" level=info msg="Start initial rule provider HBOGo"
time="2020-12-29T10:44:58+08:00" level=info msg="RESTful API listening at: 0.0.0.0:9090"
time="2020-12-29T10:44:58+08:00" level=info msg="DNS server listening at: 127.0.0.1:7874"
2020-12-29 10:44:42 OpenClash Start Successful, Please Note That Network May Abnormal With IPV6's DHCP Server
好消息:切换到fake-ip后就都OK了。。。
Laifang
commented
2 years ago 貌似 必须开启udp tun模式
github-actions[bot]
commented
2 years ago This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
之前通过在软路由配置后,是没问题的。 然后,通过在docker 中的op进行配置clash, 日志均正常但是就不能出海。 经对比以上两个环境下的iptables,发现 openclash_output 链中的规则和正确环境下的不一样。即如下,仅有2条,
另外,在Mangle 表中,也新增了 openclash链,这个也是和正确环境不同。
是这里导致不能出海,对么? 这里和kernel配置有关么?