vernesong / OpenClash

A Clash Client For OpenWrt
MIT License
17.59k stars 3.19k forks source link

使用OpenClash代理远端局域网网段,设置Openclash Bypass #1169

Closed EYW-015 closed 3 years ago

EYW-015 commented 3 years ago

情况描述

  1. 我有一台远端公网服务器,开启了socks5代理,局域网网段是192.168.50.0/24
  2. 本地主机网段192.168.60.0/24,使用Clash for Windows/Openclash,添加socks5节点并链接至远端服务器,在规则前部内添加了- IP-CIDR,192.168.50.0/24,Proxy
  3. 订阅使用lhie1规则,其中RULE-SET,LAN,DERICT配置中有局域网直连规则- IP-CIDR,192.168.0.0/16,且此规则位于底部

实际使用

  1. 使用CFW,并自行添加上述50网段代理规则,修改系统代理bypass,去除192.168.*,改为192.168.60.*,此时可以正常使用50网段访问远端局域网设备

  2. 使用OpenClash,使用上述相同规则,无法访问50网段,YACD界面中,RULES内,所有RULE-SET配置全部按文件名顺序排列在最前端,RULE-SET配置结束之后才是自定义规则

image image image

原因推测

Openwrt内Bypass规则未修改,导致无法代理局域网网段至远端服务器

OpenClash 调试日志 生成时间: 2021-01-16 15:41:25 插件版本: v0.41.14-beta ``` #===================== 系统信息 =====================# 主机型号: Raspberry Pi 4 Model B Rev 1.2 固件版本: OpenWrt SNAPSHOT r2995-e14ddaea3 LuCI版本: git-20.343.54716-6fc079f-1 内核版本: 5.4.84 处理器架构: aarch64_cortex-a72 #此项在使用Tun模式时应为ACCEPT 防火墙转发: ACCEPT #此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP IPV6-DHCP: #此项结果应仅有配置文件的DNS监听地址 Dnsmasq转发设置: 127.0.0.1#7874 #===================== 依赖检查 =====================# dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 jsonfilter: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 iptables-mod-tproxy: 已安装 kmod-ipt-tproxy: 已安装 iptables-mod-extra: 已安装 kmod-ipt-extra: 已安装 libcap: 已安装 libcap-bin: 已安装 ruby: 已安装 ruby-yaml: 已安装 ruby-psych: 已安装 ruby-pstore: 已安装 ruby-dbm: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci-19.07): 已安装 #===================== 内核检查 =====================# 运行状态: 运行中 进程pid: 23430 运行权限: 23430: = cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource+eip 运行用户: nobody 已选择的架构: linux-armv8 #下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限 Tun内核版本: 2021.01.01.g0ab75c5 Tun内核文件: 存在 Tun内核运行权限: 正常 Game内核版本: v0.17.0-232-ge389e33 Game内核文件: 存在 Game内核运行权限: 正常 Dev内核版本: v1.3.5-4-g6fedd7e Dev内核文件: 存在 Dev内核运行权限: 正常 #===================== 插件设置 =====================# 当前配置文件: /etc/openclash/config/Dler-Back.yaml 启动配置文件: /etc/openclash/Dler-Back.yaml 运行模式: redir-host 默认代理模式: rule UDP流量转发(tproxy): 停用 DNS劫持: 启用 自定义DNS: 启用 IPV6-DNS解析: 停用 禁用Dnsmasq缓存: 启用 自定义规则: 停用 仅允许内网: 停用 仅代理命中规则流量: 停用 仅允许常用端口流量: 停用 绕过中国大陆IP: 停用 #启动异常时建议关闭此项后重试 混合节点: 停用 保留配置: 停用 #启动异常时建议关闭此项后重试 第三方规则: 停用 #===================== 配置文件 =====================# port: 7890 socks-port: 7891 mixed-port: 7893 allow-lan: true mode: rule log-level: silent external-controller: 0.0.0.0:9090 experimental: ignore-resolve-fail: true clash-for-android: ui-subtitle-pattern: "[一-龥]{2,4}" proxy-groups: - name: Proxy type: select proxies: - DIRECT - Auto - UrlTest - "\U0001F1F7\U0001F1FA 俄罗斯 RT" - name: Domestic type: select proxies: - Auto - UrlTest - DIRECT - Proxy - 杭州 BGP 01 - 杭州 BGP 02 - 深圳 BGP - 上海 CN2 01 - 上海 CN2 02 - 上海 CN2 03 - 上海 CN2 04 - 上海 CN2 05 - 上海 CN2 06 - 上海 CN2 07 - 柳州 - name: Others type: select proxies: - Proxy - DIRECT - Domestic - name: AdBlock type: select proxies: - REJECT - DIRECT - Proxy - name: Apple type: select proxies: - DIRECT - Proxy - name: AsianTV type: select proxies: - Domestic - DIRECT - Proxy - name: GlobalTV type: select proxies: - Proxy - DIRECT - name: Netflix type: select proxies: - Proxy - DIRECT - name: Spotify type: select proxies: - Proxy - DIRECT - name: YouTube type: select proxies: - Proxy - DIRECT - name: Disney type: select proxies: - Proxy - DIRECT - name: Telegram type: select proxies: - Proxy - DIRECT - name: Steam type: select proxies: - Proxy - DIRECT - "\U0001F1F7\U0001F1FA 俄罗斯 RT" - name: Speedtest type: select proxies: - Proxy - DIRECT - Domestic - name: PayPal type: select proxies: - DIRECT - Proxy - Domestic - name: Microsoft type: select proxies: - Proxy - DIRECT - name: Auto - UrlTest type: url-test proxies: - 杭州 BGP 01 - 杭州 BGP 02 - 深圳 BGP - 上海 CN2 01 - 上海 CN2 02 - 上海 CN2 03 - 上海 CN2 04 - 上海 CN2 05 - 上海 CN2 06 - 上海 CN2 07 - 柳州 url: http://cp.cloudflare.com/generate_204 interval: '3600' rules: - DOMAIN-KEYWORD,dmhy,DIRECT - DOMAIN-KEYWORD,skyey,DIRECT - IP-CIDR,192.168.50.0/24,Domestic - RULE-SET,Reject,AdBlock - RULE-SET,Special,DIRECT - RULE-SET,Netflix,Netflix - RULE-SET,Spotify,Spotify - RULE-SET,YouTube,YouTube - RULE-SET,Disney Plus,Disney - RULE-SET,Bilibili,AsianTV - RULE-SET,iQiyi,AsianTV - RULE-SET,Letv,AsianTV - RULE-SET,Netease Music,AsianTV - RULE-SET,Tencent Video,AsianTV - RULE-SET,Youku,AsianTV - RULE-SET,WeTV,AsianTV - RULE-SET,ABC,GlobalTV - RULE-SET,Abema TV,GlobalTV - RULE-SET,Amazon,GlobalTV - RULE-SET,Apple News,GlobalTV - RULE-SET,Apple TV,GlobalTV - RULE-SET,Bahamut,GlobalTV - RULE-SET,BBC iPlayer,GlobalTV - RULE-SET,DAZN,GlobalTV - RULE-SET,Discovery Plus,GlobalTV - RULE-SET,encoreTVB,GlobalTV - RULE-SET,Fox Now,GlobalTV - RULE-SET,Fox+,GlobalTV - RULE-SET,HBO,GlobalTV - RULE-SET,Hulu Japan,GlobalTV - RULE-SET,Hulu,GlobalTV - RULE-SET,Japonx,GlobalTV - RULE-SET,JOOX,GlobalTV - RULE-SET,KKBOX,GlobalTV - RULE-SET,KKTV,GlobalTV - RULE-SET,Line TV,GlobalTV - RULE-SET,myTV SUPER,GlobalTV - RULE-SET,Pandora,GlobalTV - RULE-SET,PBS,GlobalTV - RULE-SET,Pornhub,GlobalTV - RULE-SET,Soundcloud,GlobalTV - RULE-SET,ViuTV,GlobalTV - RULE-SET,Telegram,Telegram - RULE-SET,Steam,Steam - RULE-SET,Speedtest,Speedtest - RULE-SET,PayPal,PayPal - RULE-SET,Microsoft,Microsoft - RULE-SET,PROXY,Proxy - RULE-SET,Apple,Apple - RULE-SET,Domestic,Domestic - RULE-SET,Domestic IPs,Domestic - RULE-SET,LAN,DIRECT - IP-CIDR,198.18.0.1/16,REJECT,no-resolve - GEOIP,CN,Domestic - MATCH,Others script: code: | def main(ctx, metadata): port_list = [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889] ruleset_action = {"Reject": "AdBlock", "Special": "DIRECT", "Netflix": "Netflix", "Spotify": "Spotify", "YouTube": "YouTube", "Disney Plus": "Disney", "Bilibili": "AsianTV", "iQiyi": "AsianTV", "Letv": "AsianTV", "Netease Music": "AsianTV", "Tencent Video": "AsianTV", "Youku": "AsianTV", "WeTV": "AsianTV", "ABC": "GlobalTV", "Abema TV": "GlobalTV", "Amazon": "GlobalTV", "Apple News": "GlobalTV", "Apple TV": "GlobalTV", "Bahamut": "GlobalTV", "BBC iPlayer": "GlobalTV", "DAZN": "GlobalTV", "Discovery Plus": "GlobalTV", "encoreTVB": "GlobalTV", "Fox Now": "GlobalTV", "Fox+": "GlobalTV", "HBO": "GlobalTV", "Hulu Japan": "GlobalTV", "Hulu": "GlobalTV", "Japonx": "GlobalTV", "JOOX": "GlobalTV", "KKBOX": "GlobalTV", "KKTV": "GlobalTV", "Line TV": "GlobalTV", "myTV SUPER": "GlobalTV", "Pandora": "GlobalTV", "PBS": "GlobalTV", "Pornhub": "GlobalTV", "Soundcloud": "GlobalTV", "ViuTV": "GlobalTV", "Telegram": "Telegram", "Steam": "Steam", "Speedtest": "Speedtest", "PayPal": "PayPal", "Microsoft": "Microsoft", "PROXY": "Proxy", "Apple": "Apple", "Domestic": "Domestic", "Domestic IPs": "Domestic", "LAN": "DIRECT" } port = int(metadata["dst_port"]) if port not in port_list: return "DIRECT" for rule_name in ctx.rule_providers.keys(): if ctx.rule_providers[rule_name].match(metadata): return ruleset_action[rule_name] ip = metadata["dst_ip"] or ctx.resolve_ip(metadata["host"]) if ip == "": return "DIRECT" code = ctx.geoip(ip) if code == "CN": return "Domestic" return "Others" rule-providers: Reject: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Reject.yaml path: "./rule_provider/Reject" interval: 86400 Special: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Special.yaml path: "./rule_provider/Special" interval: 86400 Netflix: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Netflix.yaml path: "./rule_provider/Netflix" interval: 86400 Spotify: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Spotify.yaml path: "./rule_provider/Spotify" interval: 86400 YouTube: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/YouTube.yaml path: "./rule_provider/YouTube" interval: 86400 Bilibili: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Bilibili.yaml path: "./rule_provider/Bilibili" interval: 86400 iQiyi: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/iQiyi.yaml path: "./rule_provider/iQiyi" interval: 86400 Letv: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Letv.yaml path: "./rule_provider/Letv" interval: 86400 Netease Music: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Netease%20Music.yaml path: "./rule_provider/Netease_Music" interval: 86400 Tencent Video: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Tencent%20Video.yaml path: "./rule_provider/Tencent_Video" interval: 86400 Youku: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Youku.yaml path: "./rule_provider/Youku" interval: 86400 WeTV: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/WeTV.yaml path: "./rule_provider/WeTV" interval: 86400 ABC: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/ABC.yaml path: "./rule_provider/ABC" interval: 86400 Abema TV: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Abema%20TV.yaml path: "./rule_provider/Abema_TV" interval: 86400 Amazon: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Amazon.yaml path: "./rule_provider/Amazon" interval: 86400 Apple News: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Apple%20News.yaml path: "./rule_provider/Apple_News" interval: 86400 Apple TV: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Apple%20TV.yaml path: "./rule_provider/Apple_TV" interval: 86400 Bahamut: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Bahamut.yaml path: "./rule_provider/Bahamut" interval: 86400 BBC iPlayer: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/BBC%20iPlayer.yaml path: "./rule_provider/BBC_iPlayer" interval: 86400 DAZN: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/DAZN.yaml path: "./rule_provider/DAZN" interval: 86400 Discovery Plus: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Discovery%20Plus.yaml path: "./rule_provider/Discovery_Plus" interval: 86400 Disney Plus: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Disney%20Plus.yaml path: "./rule_provider/Disney_Plus" interval: 86400 encoreTVB: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/encoreTVB.yaml path: "./rule_provider/encoreTVB" interval: 86400 Fox Now: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Fox%20Now.yaml path: "./rule_provider/Fox_Now" interval: 86400 Fox+: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Fox%2B.yaml path: "./rule_provider/Fox+" interval: 86400 HBO: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/HBO.yaml path: "./rule_provider/HBO" interval: 86400 Hulu Japan: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Hulu%20Japan.yaml path: "./rule_provider/Hulu_Japan" interval: 86400 Hulu: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Hulu.yaml path: "./rule_provider/Hulu" interval: 86400 Japonx: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Japonx.yaml path: "./rule_provider/Japonx" interval: 86400 JOOX: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/JOOX.yaml path: "./rule_provider/JOOX" interval: 86400 KKBOX: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/KKBOX.yaml path: "./rule_provider/KKBOX" interval: 86400 KKTV: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/KKTV.yaml path: "./rule_provider/KKTV" interval: 86400 Line TV: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Line%20TV.yaml path: "./rule_provider/Line_TV" interval: 86400 myTV SUPER: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/myTV%20SUPER.yaml path: "./rule_provider/myTV_SUPER" interval: 86400 Pandora: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Pandora.yaml path: "./rule_provider/Pandora" interval: 86400 PBS: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/PBS.yaml path: "./rule_provider/PBS" interval: 86400 Pornhub: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Pornhub.yaml path: "./rule_provider/Pornhub" interval: 86400 Soundcloud: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Soundcloud.yaml path: "./rule_provider/Soundcloud" interval: 86400 ViuTV: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/ViuTV.yaml path: "./rule_provider/ViuTV" interval: 86400 Telegram: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Telegram.yaml path: "./rule_provider/Telegram" interval: 86400 Steam: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Steam.yaml path: "./rule_provider/Steam" interval: 86400 Speedtest: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Speedtest.yaml path: "./rule_provider/Speedtest" interval: 86400 PayPal: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/PayPal.yaml path: "./rule_provider/PayPal" interval: 86400 Microsoft: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Microsoft.yaml path: "./rule_provider/Microsoft" interval: 86400 PROXY: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Proxy.yaml path: "./rule_provider/Proxy" interval: 86400 Domestic: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Domestic.yaml path: "./rule_provider/Domestic" interval: 86400 Apple: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Apple.yaml path: "./rule_provider/Apple" interval: 86400 Domestic IPs: type: http behavior: ipcidr url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Domestic%20IPs.yaml path: "./rule_provider/Domestic_IPs" interval: 86400 LAN: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/LAN.yaml path: "./rule_provider/LAN" dns: nameserver: - 119.29.29.29 - 119.28.28.28 - https://cloudflare-dns.com/dns-query - https://dns.google/dns-query - tls://dns.google:853 - https://1.1.1.1/dns-query - tls://1.1.1.1:853 - tls://8.8.8.8:853 fallback: - 114.114.114.114 - 223.5.5.5 enable: true ipv6: false enhanced-mode: redir-host listen: 127.0.0.1:7874 fallback-filter: geoip: false ipcidr: - 0.0.0.0/8 - 10.0.0.0/8 - 100.64.0.0/10 - 127.0.0.0/8 - 169.254.0.0/16 - 172.16.0.0/12 - 192.0.0.0/24 - 192.0.2.0/24 - 192.88.99.0/24 - 192.168.0.0/16 - 198.18.0.0/15 - 198.51.100.0/24 - 203.0.113.0/24 - 224.0.0.0/4 - 240.0.0.0/4 - 255.255.255.255/32 domain: - "+.google.com" - "+.facebook.com" - "+.youtube.com" - "+.githubusercontent.com" redir-port: 7892 bind-address: "*" external-ui: "/usr/share/openclash/dashboard" ipv6: false #===================== 防火墙设置 =====================# #NAT chain # Generated by iptables-save v1.8.4 on Sat Jan 16 15:41:27 2021 *nat :PREROUTING ACCEPT [21:10523] :INPUT ACCEPT [207:11755] :OUTPUT ACCEPT [644:47572] :POSTROUTING ACCEPT [151:14618] :CLOUD_MUSIC - [0:0] :MINIUPNPD - [0:0] :MINIUPNPD-POSTROUTING - [0:0] :openclash - [0:0] :openclash_output - [0:0] :postrouting_lan_rule - [0:0] :postrouting_rule - [0:0] :postrouting_wan_rule - [0:0] :prerouting_lan_rule - [0:0] :prerouting_rule - [0:0] :prerouting_wan_rule - [0:0] :zone_lan_postrouting - [0:0] :zone_lan_prerouting - [0:0] :zone_wan_postrouting - [0:0] :zone_wan_prerouting - [0:0] -A PREROUTING -d 8.8.4.4/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -p tcp -m set --match-set music dst -j CLOUD_MUSIC -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule -A PREROUTING -i wlan0 -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_wan_prerouting -A PREROUTING -p tcp -j openclash -A OUTPUT -j openclash_output -A POSTROUTING -o ztbtox52n4 -j MASQUERADE -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule -A POSTROUTING -o wlan0 -m comment --comment "!fw3" -j zone_lan_postrouting -A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_wan_postrouting -A CLOUD_MUSIC -d 0.0.0.0/8 -j RETURN -A CLOUD_MUSIC -d 10.0.0.0/8 -j RETURN -A CLOUD_MUSIC -d 127.0.0.0/8 -j RETURN -A CLOUD_MUSIC -d 169.254.0.0/16 -j RETURN -A CLOUD_MUSIC -d 172.16.0.0/12 -j RETURN -A CLOUD_MUSIC -d 192.168.0.0/16 -j RETURN -A CLOUD_MUSIC -d 224.0.0.0/4 -j RETURN -A CLOUD_MUSIC -d 240.0.0.0/4 -j RETURN -A CLOUD_MUSIC -p tcp -m set ! --match-set music_http src -m tcp --dport 80 -j REDIRECT --to-ports 5200 -A CLOUD_MUSIC -p tcp -m set ! --match-set music_https src -m tcp --dport 443 -j REDIRECT --to-ports 5201 -A MINIUPNPD -p udp -m udp --dport 48279 -j DNAT --to-destination 192.168.60.199:47999 -A MINIUPNPD -p udp -m udp --dport 48290 -j DNAT --to-destination 192.168.60.199:48010 -A MINIUPNPD -p udp -m udp --dport 48278 -j DNAT --to-destination 192.168.60.199:47998 -A MINIUPNPD -p udp -m udp --dport 48280 -j DNAT --to-destination 192.168.60.199:48000 -A MINIUPNPD -p udp -m udp --dport 48282 -j DNAT --to-destination 192.168.60.199:48002 -A MINIUPNPD -p udp -m udp --dport 20426 -j DNAT --to-destination 192.168.60.199:20426 -A MINIUPNPD-POSTROUTING -s 192.168.60.199/32 -p udp -m udp --sport 47999 -j MASQUERADE --to-ports 48279 -A MINIUPNPD-POSTROUTING -s 192.168.60.199/32 -p udp -m udp --sport 48010 -j MASQUERADE --to-ports 48290 -A MINIUPNPD-POSTROUTING -s 192.168.60.199/32 -p udp -m udp --sport 47998 -j MASQUERADE --to-ports 48278 -A MINIUPNPD-POSTROUTING -s 192.168.60.199/32 -p udp -m udp --sport 48000 -j MASQUERADE --to-ports 48280 -A MINIUPNPD-POSTROUTING -s 192.168.60.199/32 -p udp -m udp --sport 48002 -j MASQUERADE --to-ports 48282 -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -p tcp -j REDIRECT --to-ports 7892 -A openclash_output -p tcp -m tcp --sport 1688 -j RETURN -A openclash_output -m set --match-set localnetwork dst -j RETURN -A openclash_output -m owner ! --uid-owner 65534 -m set ! --match-set common_ports dst -j RETURN -A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892 -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule -A zone_wan_postrouting -j MINIUPNPD-POSTROUTING -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule -A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT -A zone_wan_prerouting -j MINIUPNPD -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule -A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT COMMIT # Completed on Sat Jan 16 15:41:27 2021 #Mangle chain # Generated by iptables-save v1.8.4 on Sat Jan 16 15:41:27 2021 *mangle :PREROUTING ACCEPT [32191589:24414185805] :INPUT ACCEPT [31481300:24164078353] :FORWARD ACCEPT [663077:244496868] :OUTPUT ACCEPT [29537961:25234183687] :POSTROUTING ACCEPT [30265938:25489748605] -A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu COMMIT # Completed on Sat Jan 16 15:41:27 2021 #===================== IPSET状态 =====================# Name: music Name: music_http Name: music_https Name: localnetwork Name: common_ports #===================== 路由表状态 =====================# #route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.1.230.1 0.0.0.0 UG 0 0 0 eth0 10.1.230.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.60.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 192.168.194.0 0.0.0.0 255.255.255.0 U 0 0 0 ztbtox52n4 #ip route list default via 10.1.230.1 dev eth0 proto static src 10.1.230.53 10.1.230.0/24 dev eth0 proto kernel scope link src 10.1.230.53 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 192.168.60.0/24 dev wlan0 proto kernel scope link src 192.168.60.1 192.168.194.0/24 dev ztbtox52n4 proto kernel scope link src 192.168.194.60 #ip rule show 0: from all lookup local 32766: from all lookup main 32767: from all lookup default #===================== 端口占用状态 =====================# tcp 0 0 :::7890 :::* LISTEN 23430/clash tcp 0 0 :::7891 :::* LISTEN 23430/clash tcp 0 0 :::7892 :::* LISTEN 23430/clash tcp 0 0 :::7893 :::* LISTEN 23430/clash tcp 0 0 :::9090 :::* LISTEN 23430/clash udp 0 0 127.0.0.1:7874 0.0.0.0:* 23430/clash udp 0 0 :::7891 :::* 23430/clash udp 0 0 :::7892 :::* 23430/clash udp 0 0 :::7893 :::* 23430/clash #===================== 测试本机DNS查询 =====================# Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.baidu.com www.baidu.com canonical name = www.a.shifen.com Name: www.a.shifen.com www.a.shifen.com canonical name = www.wshifen.com Name: www.wshifen.com Address 1: 119.63.197.151 Address 2: 119.63.197.139 *** Can't find www.baidu.com: No answer #===================== resolv.conf.d =====================# # Interface WAN nameserver 1.1.1.1 nameserver 8.8.8.8 #===================== 测试本机网络连接 =====================# HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Connection: keep-alive Content-Length: 277 Content-Type: text/html Date: Sat, 16 Jan 2021 06:41:27 GMT Etag: "575e1f71-115" Last-Modified: Mon, 13 Jun 2016 02:50:25 GMT Pragma: no-cache Server: bfe/1.0.8.18 #===================== 测试本机网络下载 =====================# HTTP/1.1 200 OK Connection: keep-alive Content-Length: 80 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: text/plain; charset=utf-8 ETag: "00cdb0532e41777645c9ad3e0a65a1b1ac87d6afaf72cf6e33d925dbbd05be97" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block via: 1.1 varnish (Varnish/6.0), 1.1 varnish X-GitHub-Request-Id: 236E:1295:3CF122:43062A:60028A98 Accept-Ranges: bytes Date: Sat, 16 Jan 2021 06:41:28 GMT X-Served-By: cache-lck10923-LCK X-Cache: MISS, MISS X-Cache-Hits: 0, 0 X-Timer: S1610779289.791812,VS0,VE97 Vary: Authorization,Accept-Encoding Access-Control-Allow-Origin: * X-Fastly-Request-ID: f8f088b1e00ef637c4cd19d7e71df0b5bad730cf Expires: Sat, 16 Jan 2021 06:46:28 GMT Source-Age: 0 #===================== 最近运行日志 =====================# time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider HBO" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Domestic IPs" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Apple TV" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider YouTube" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Speedtest" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Telegram" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Abema TV" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Domestic" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider LAN" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Bilibili" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Letv" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider ABC" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider iQiyi" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider KKTV" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Apple" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider JOOX" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Pornhub" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider myTV SUPER" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Pandora" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Youku" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Bahamut" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Tencent Video" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider PBS" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider WeTV" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider PayPal" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider encoreTVB" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider KKBOX" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider DAZN" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Spotify" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Steam" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Netease Music" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider ViuTV" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Reject" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Special" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Line TV" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Netflix" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Discovery Plus" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Disney Plus" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Fox+" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Soundcloud" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider PROXY" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Hulu Japan" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Microsoft" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Hulu" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Japonx" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider BBC iPlayer" time="2021-01-16T06:12:50Z" level=info msg="Start initial rule provider Fox Now" time="2021-01-16T06:12:50Z" level=info msg="DNS server listening at: 127.0.0.1:7874" 2021-01-16 15:12:57 History:【Dler-Back.yaml】 Restore Successful 2021-01-16 15:12:40 OpenClash Start Successful ```
EYW-015 commented 3 years ago

已解决,将/etc/init.d/openclash文件内的#local字段修改即可 效果等同于Windows代理设置里的不代理以下地址 以及Clash for Windows里的Bypass

#local
   ipset create localnetwork hash:net
   ipset add localnetwork 0.0.0.0/8
   ipset add localnetwork 127.0.0.0/8
   ipset add localnetwork 10.0.0.0/8
   ipset add localnetwork 169.254.0.0/16
   ipset add localnetwork 192.168.0.0/16 #改成本地网段例如192.168.60.0/24
   ipset add localnetwork 224.0.0.0/4
   ipset add localnetwork 240.0.0.0/4
   ipset add localnetwork 172.16.0.0/12