vernesong
commented
3 years ago 控制面板连接日志,等级debug
Closed yukeiyang closed 2 years ago
vernesong
commented
3 years ago 控制面板连接日志,等级debug
yukeiyang
commented
3 years ago OpenClash 调试日志
生成时间: 2021-03-14 00:11:46 插件版本: v0.42.03-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: Default string Default string
固件版本: OpenWrt 19.07.7 r11306-c4a6851c72
LuCI版本: git-21.044.30835-34e0d65-1
内核版本: 4.14.221
处理器架构: x86_64
#此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT
#此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
jsonfilter: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 3265
运行权限: 3265: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.03.10
Tun内核文件: 存在
Tun内核运行权限: 正常
Game内核版本: 20210310
Game内核文件: 存在
Game内核运行权限: 正常
Dev内核版本: v1.4.2-1-g0976d27
Dev内核文件: 存在
Dev内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/sttcloud_airport_vmess.yaml
启动配置文件: /etc/openclash/sttcloud_airport_vmess.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
redir-port: 7892
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/dashboard"
dns:
enable: true
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
listen: 127.0.0.1:7874
fake-ip-filter:
- "*.lan"
- time.windows.com
- time.nist.gov
- time.apple.com
- time.asia.apple.com
- "*.ntp.org.cn"
- "*.openwrt.pool.ntp.org"
- time1.cloud.tencent.com
- time.ustc.edu.cn
- pool.ntp.org
- ntp.ubuntu.com
- ntp.aliyun.com
- ntp1.aliyun.com
- ntp2.aliyun.com
- ntp3.aliyun.com
- ntp4.aliyun.com
- ntp5.aliyun.com
- ntp6.aliyun.com
- ntp7.aliyun.com
- time1.aliyun.com
- time2.aliyun.com
- time3.aliyun.com
- time4.aliyun.com
- time5.aliyun.com
- time6.aliyun.com
- time7.aliyun.com
- "*.time.edu.cn"
- time1.apple.com
- time2.apple.com
- time3.apple.com
- time4.apple.com
- time5.apple.com
- time6.apple.com
- time7.apple.com
- time1.google.com
- time2.google.com
- time3.google.com
- time4.google.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "*.msftconnecttest.com"
- "*.msftncsi.com"
- localhost.ptlogin2.qq.com
- "+.srv.nintendo.net"
- "+.stun.playstation.net"
- xbox.*.microsoft.com
- "+.xboxlive.com"
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- heartbeat.belkin.com
- "*.linksys.com"
- "*.linksyssmartwifi.com"
- "+.battlenet.com.cn"
nameserver:
- 114.114.114.114
- 119.29.29.29
fallback:
- https://cloudflare-dns.com/dns-query
- https://dns.google/dns-query
- https://1.1.1.1/dns-query
- tls://8.8.8.8:853
ipv6: false
profile:
store-selected: true
#===================== 防火墙设置 =====================#
#NAT chain
# Generated by iptables-save v1.8.3 on Sun Mar 14 00:11:48 2021
*nat
:PREROUTING ACCEPT [79:34923]
:INPUT ACCEPT [1057:97563]
:OUTPUT ACCEPT [1493:93893]
:POSTROUTING ACCEPT [412:27025]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment dns_hijack -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment dns_hijack -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_wan_postrouting
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sun Mar 14 00:11:48 2021
#Mangle chain
# Generated by iptables-save v1.8.3 on Sun Mar 14 00:11:48 2021
*mangle
:PREROUTING ACCEPT [16624:7920884]
:INPUT ACCEPT [17154:8081045]
:FORWARD ACCEPT [37:3032]
:OUTPUT ACCEPT [17501:8098314]
:POSTROUTING ACCEPT [17530:8101014]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 546 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Sun Mar 14 00:11:48 2021
#===================== IPSET状态 =====================#
Name: localnetwork
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route list
default via 192.168.1.1 dev eth0 proto static src 192.168.1.2
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
tcp 0 0 :::7890 :::* LISTEN 3265/clash
tcp 0 0 :::7891 :::* LISTEN 3265/clash
tcp 0 0 :::7892 :::* LISTEN 3265/clash
tcp 0 0 :::7893 :::* LISTEN 3265/clash
tcp 0 0 :::9090 :::* LISTEN 3265/clash
udp 0 0 127.0.0.1:7874 0.0.0.0:* 3265/clash
udp 0 0 :::33126 :::* 3265/clash
udp 0 0 :::7891 :::* 3265/clash
udp 0 0 :::7892 :::* 3265/clash
udp 0 0 :::7893 :::* 3265/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.baidu.com
Address 1: 198.18.0.26
*** Can't find www.baidu.com: No answer
#===================== resolv.conf.auto =====================#
# Interface wan
nameserver 192.168.1.1
# Interface wan6
nameserver fe80::1%eth0
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 13 Mar 2021 16:11:49 GMT
Etag: "575e1f6f-115"
Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "bbac3539cac8750132d46a409c2d60f7d42986796ad70d34ac9a1d531bcdfe36"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 8D62:6F49:25819:58EAF:604A9D1E
Accept-Ranges: bytes
Date: Sat, 13 Mar 2021 16:11:50 GMT
Via: 1.1 varnish
X-Served-By: cache-hkg17925-HKG
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1615651911.633860,VS0,VE0
Vary: Authorization,Accept-Encoding
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: 40c1f79a1a545a156b8dd1b1c7ae7dfad2e02dc8
Expires: Sat, 13 Mar 2021 16:16:50 GMT
Source-Age: 278
#===================== 最近运行日志 =====================#
time="2021-03-13T16:09:56Z" level=info msg="Start initial compatible provider 🌍 国外媒体"
time="2021-03-13T16:09:56Z" level=info msg="Start initial compatible provider 📲 电报信息"
time="2021-03-13T16:09:56Z" level=info msg="Start initial compatible provider 🎯 全球直连"
time="2021-03-13T16:09:56Z" level=info msg="Start initial compatible provider ♻️ 自动选择"
time="2021-03-13T16:09:56Z" level=info msg="Start initial compatible provider 🔰 节点选择"
time="2021-03-13T16:09:56Z" level=info msg="Start initial compatible provider 🛑 全球拦截"
time="2021-03-13T16:09:56Z" level=info msg="Start initial compatible provider 🐟 漏网之鱼"
time="2021-03-13T16:09:56Z" level=info msg="Start initial compatible provider 🌏 国内媒体"
time="2021-03-13T16:09:56Z" level=info msg="Start initial compatible provider 🍎 苹果服务"
time="2021-03-13T16:09:56Z" level=info msg="Start initial compatible provider Ⓜ️ 微软服务"
2021-03-14 00:10:03 Groups History:【sttcloud_airport_vmess.yaml】 Restore Successful
2021-03-14 00:09:47 OpenClash Start Successful
fallback-filter:加上去
yukeiyang
commented
3 years ago 我利用第三方 bianyuan.xyz 重新转换了订阅配置文件,fallback-filter: 加进去了。
yukeiyang
commented
3 years ago 即使加了 fallback-filter: , 问题仍然存在。最终我通过配置第三方服务 AdGuardHome 作为上游 DNS 解决了这个问题。测试几天看看。
yukeiyang
commented
3 years ago **经过2天的测试,仍然间歇性不能上 Google 等网站。AdGuardHome 没有帮助。现在我调回到之前模式,由 OpenClash 接管 DNS。
故障如旧。
目前配置:x86-64, openwrt 19.07, fake-ip 模式, 已禁用 IPV6, 已启用 fallback-filter。回报新的调试日志如下:**
OpenClash 调试日志
生成时间: 2021-03-15 15:32:54 插件版本: v0.42.03-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: Default string Default string
固件版本: OpenWrt 19.07.7 r11306-c4a6851c72
LuCI版本: git-21.044.30835-34e0d65-1
内核版本: 4.14.221
处理器架构: x86_64
#此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT
#此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
jsonfilter: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 18288 15157
运行权限: 18288: =ep
15157: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.03.10
Tun内核文件: 存在
Tun内核运行权限: 正常
Game内核版本: 20210310
Game内核文件: 存在
Game内核运行权限: 正常
Dev内核版本: v1.4.2-1-g0976d27
Dev内核文件: 存在
Dev内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/sttcloud_airport_vmess.yaml
启动配置文件: /etc/openclash/sttcloud_airport_vmess.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
redir-port: 7892
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/dashboard"
dns:
enable: true
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
listen: 127.0.0.1:7874
fake-ip-filter:
- "*.lan"
- time.windows.com
- time.nist.gov
- time.apple.com
- time.asia.apple.com
- "*.ntp.org.cn"
- "*.openwrt.pool.ntp.org"
- time1.cloud.tencent.com
- time.ustc.edu.cn
- pool.ntp.org
- ntp.ubuntu.com
- ntp.aliyun.com
- ntp1.aliyun.com
- ntp2.aliyun.com
- ntp3.aliyun.com
- ntp4.aliyun.com
- ntp5.aliyun.com
- ntp6.aliyun.com
- ntp7.aliyun.com
- time1.aliyun.com
- time2.aliyun.com
- time3.aliyun.com
- time4.aliyun.com
- time5.aliyun.com
- time6.aliyun.com
- time7.aliyun.com
- "*.time.edu.cn"
- time1.apple.com
- time2.apple.com
- time3.apple.com
- time4.apple.com
- time5.apple.com
- time6.apple.com
- time7.apple.com
- time1.google.com
- time2.google.com
- time3.google.com
- time4.google.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "*.msftconnecttest.com"
- "*.msftncsi.com"
- localhost.ptlogin2.qq.com
- "+.srv.nintendo.net"
- "+.stun.playstation.net"
- xbox.*.microsoft.com
- "+.xboxlive.com"
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- heartbeat.belkin.com
- "*.linksys.com"
- "*.linksyssmartwifi.com"
- "+.battlenet.com.cn"
nameserver:
- 114.114.114.114
- 119.29.29.29
fallback:
- https://cloudflare-dns.com/dns-query
- https://dns.google/dns-query
- https://1.1.1.1/dns-query
- tls://8.8.8.8:853
fallback-filter:
geoip: false
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
domain:
- "+.google.com"
- "+.facebook.com"
- "+.youtube.com"
- "+.githubusercontent.com"
ipv6: false
profile:
store-selected: true
#===================== 防火墙设置 =====================#
#NAT chain
# Generated by iptables-save v1.8.3 on Mon Mar 15 15:32:57 2021
*nat
:PREROUTING ACCEPT [30:30780]
:INPUT ACCEPT [255:44186]
:OUTPUT ACCEPT [246:29457]
:POSTROUTING ACCEPT [12:778]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.4.4/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -d 192.168.2.1/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 5300
-A PREROUTING -d 192.168.1.4/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 5300
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment dns_hijack -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment dns_hijack -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_wan_postrouting
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Mon Mar 15 15:32:57 2021
#Mangle chain
# Generated by iptables-save v1.8.3 on Mon Mar 15 15:32:57 2021
*mangle
:PREROUTING ACCEPT [6743:3543403]
:INPUT ACCEPT [6439:3179923]
:FORWARD ACCEPT [504:488540]
:OUTPUT ACCEPT [5981:3311615]
:POSTROUTING ACCEPT [6485:3800155]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A PREROUTING -p udp -j openclash
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 546 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Mon Mar 15 15:32:57 2021
#===================== IPSET状态 =====================#
Name: localnetwork
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route list
default via 192.168.1.1 dev eth0 proto static src 192.168.1.4
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.4
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1
#ip rule show
0: from all lookup local
32764: from all fwmark 0x162 lookup 354
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
tcp 0 0 :::7892 :::* LISTEN 15157/clash
tcp 0 0 :::7893 :::* LISTEN 15157/clash
tcp 0 0 :::9090 :::* LISTEN 15157/clash
tcp 0 0 :::7890 :::* LISTEN 15157/clash
tcp 0 0 :::7891 :::* LISTEN 15157/clash
udp 0 0 127.0.0.1:7874 0.0.0.0:* 15157/clash
udp 0 0 :::40185 :::* 15157/clash
udp 0 0 :::56803 :::* 15157/clash
udp 0 0 :::38390 :::* 15157/clash
udp 0 0 :::7891 :::* 15157/clash
udp 0 0 :::7892 :::* 15157/clash
udp 0 0 :::7893 :::* 15157/clash
udp 0 0 :::53986 :::* 15157/clash
udp 0 0 :::41713 :::* 15157/clash
udp 0 0 :::38717 :::* 15157/clash
udp 0 0 :::54133 :::* 15157/clash
udp 0 0 :::58446 :::* 15157/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.baidu.com
Address 1: 198.18.0.5
*** Can't find www.baidu.com: No answer
#===================== resolv.conf.auto =====================#
# Interface wan
nameserver 192.168.1.1
# Interface wan6
nameserver fe80::1%eth0
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Mon, 15 Mar 2021 07:32:57 GMT
Etag: "575e1f6f-115"
Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "bbac3539cac8750132d46a409c2d60f7d42986796ad70d34ac9a1d531bcdfe36"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 8D62:6F49:25819:58EAF:604A9D1E
Accept-Ranges: bytes
Date: Mon, 15 Mar 2021 07:32:57 GMT
Via: 1.1 varnish
X-Served-By: cache-hkg17927-HKG
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1615793577.279674,VS0,VE1
Vary: Authorization,Accept-Encoding
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: d823c64ad0e1482cecfc1d03c136ca20b37e4b54
Expires: Mon, 15 Mar 2021 07:37:57 GMT
Source-Age: 94
#===================== 最近运行日志 =====================#
time="2021-03-15T07:22:03Z" level=info msg="Start initial compatible provider 🐟 漏网之鱼"
time="2021-03-15T07:22:03Z" level=info msg="Start initial compatible provider Ⓜ️ 微软服务"
time="2021-03-15T07:22:03Z" level=info msg="Start initial compatible provider 🛑 全球拦截"
time="2021-03-15T07:22:03Z" level=info msg="Start initial compatible provider 🎯 全球直连"
2021-03-15 15:22:09 Groups History:【sttcloud_airport_vmess.yaml】 Restore Successful
2021-03-15 15:21:53 OpenClash Start Successful
2021-03-15 15:22:42 Reload OpenClash Firewall Rules
2021-03-15 15:23:10 Watchdog: Reset Firewall For Enabling Redirect.
2021-03-15 15:27:51 Reload OpenClash Firewall Rules
time="2021-03-15T07:28:02Z" level=info msg="Start initial compatible provider 📲 电报信息"
time="2021-03-15T07:28:02Z" level=info msg="Start initial compatible provider 🛑 全球拦截"
time="2021-03-15T07:28:02Z" level=info msg="Start initial compatible provider 🍎 苹果服务"
time="2021-03-15T07:28:02Z" level=info msg="Start initial compatible provider Ⓜ️ 微软服务"
time="2021-03-15T07:28:02Z" level=info msg="Start initial compatible provider 🎯 全球直连"
time="2021-03-15T07:28:02Z" level=info msg="Start initial compatible provider 🔰 节点选择"
time="2021-03-15T07:28:02Z" level=info msg="Start initial compatible provider 🌏 国内媒体"
time="2021-03-15T07:28:02Z" level=info msg="Start initial compatible provider 🐟 漏网之鱼"
time="2021-03-15T07:28:02Z" level=info msg="Start initial compatible provider 🌍 国外媒体"
time="2021-03-15T07:28:02Z" level=info msg="Start initial compatible provider ♻️ 自动选择"
2021-03-15 15:28:09 Groups History:【sttcloud_airport_vmess.yaml】 Restore Successful
2021-03-15 15:27:50 OpenClash Start Successful
2021-03-15 15:28:09 Watchdog: Reset Firewall For Enabling Redirect.
2021-03-15 15:28:38 Reload OpenClash Firewall Rules
time="2021-03-15T07:28:50Z" level=info msg="Start initial compatible provider 🌍 国外媒体"
time="2021-03-15T07:28:50Z" level=info msg="Start initial compatible provider Ⓜ️ 微软服务"
time="2021-03-15T07:28:50Z" level=info msg="Start initial compatible provider ♻️ 自动选择"
time="2021-03-15T07:28:50Z" level=info msg="Start initial compatible provider 🔰 节点选择"
time="2021-03-15T07:28:50Z" level=info msg="Start initial compatible provider 📲 电报信息"
time="2021-03-15T07:28:50Z" level=info msg="Start initial compatible provider 🌏 国内媒体"
time="2021-03-15T07:28:50Z" level=info msg="Start initial compatible provider 🍎 苹果服务"
time="2021-03-15T07:28:50Z" level=info msg="Start initial compatible provider 🐟 漏网之鱼"
time="2021-03-15T07:28:50Z" level=info msg="Start initial compatible provider 🎯 全球直连"
time="2021-03-15T07:28:50Z" level=info msg="Start initial compatible provider 🛑 全球拦截"
2021-03-15 15:28:56 Groups History:【sttcloud_airport_vmess.yaml】 Restore Successful
2021-03-15 15:28:37 OpenClash Start Successful
2021-03-15 15:28:56 Watchdog: Reset Firewall For Enabling Redirect.
2021-03-15 15:31:02 Reload OpenClash Firewall Rules
time="2021-03-15T07:31:14Z" level=info msg="Start initial compatible provider 🎯 全球直连"
time="2021-03-15T07:31:14Z" level=info msg="Start initial compatible provider ♻️ 自动选择"
time="2021-03-15T07:31:14Z" level=info msg="Start initial compatible provider 🍎 苹果服务"
time="2021-03-15T07:31:14Z" level=info msg="Start initial compatible provider 🛑 全球拦截"
time="2021-03-15T07:31:14Z" level=info msg="Start initial compatible provider 🌏 国内媒体"
time="2021-03-15T07:31:14Z" level=info msg="Start initial compatible provider 🔰 节点选择"
time="2021-03-15T07:31:14Z" level=info msg="Start initial compatible provider Ⓜ️ 微软服务"
time="2021-03-15T07:31:14Z" level=info msg="Start initial compatible provider 🌍 国外媒体"
time="2021-03-15T07:31:14Z" level=info msg="Start initial compatible provider 🐟 漏网之鱼"
time="2021-03-15T07:31:14Z" level=info msg="Start initial compatible provider 📲 电报信息"
2021-03-15 15:31:21 Groups History:【sttcloud_airport_vmess.yaml】 Restore Successful
2021-03-15 15:31:01 OpenClash Start Successful
2021-03-15 15:31:21 Watchdog: Reset Firewall For Enabling Redirect.你这样设置后目前都是给代理服务器处理了,进控制面板看下连接日志
yukeiyang
commented
3 years ago 正确设置应该怎样? 关键的问题是, 这种 Google 间歇性不能使用的情形如何解决?
vernesong
commented
3 years ago 意思就是跟本地污染的关系不大,看跟服务器连接的问题
yukeiyang
commented
3 years ago @vernesong 感谢。
解决了。本地移动对 DNS 的干扰太严重,在 Chrome 的 Settings 中启用 Secure DNS 填入诸如 https://dns.google/dns-query 就好了,当然也可以使用 https//1.1.1.1/dns-query.
IOS 和 Android 目前都支持DNS over https,有此类 issue 的盆友们可以使用这个 solution.
可以 close 这个 issue 了。
github-actions[bot]
commented
2 years ago This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
v0.42.03-beta, 及之前的 v0.42.02-beta 都是这个问题。fake-ip 模式。已禁用 IPV6。测试了几个机场的订阅链接,以及我的自配节点,都是同一个问题。显然不是我的配置文件的问题。
我使用的是 x86-64 软路由。刷的是 openwrt 原版 19.07.