Closed thomaspeng90s closed 2 years ago
不支持koolshare
有遇到相同的问题。指定ip作为旁路由的时候,流量不会通过openclash。直接指定代理的话就没问题。。
#===================== 系统信息 =====================#
主机型号: QEMU Standard PC (i440FX + PIIX, 1996)
固件版本: ImmortalWrt 18.06-SNAPSHOT r11416-f54382148f
LuCI版本: git-21.335.58574-3117427-1
内核版本: 5.4.158
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 未安装
#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 28547
运行权限: 28547: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.12.07
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本: v1.8.0-10-gee6fc12
Dev内核文件: 存在
Dev内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/Amy.yaml
启动配置文件: /etc/openclash/Amy.yaml
运行模式: redir-host
默认代理模式: global
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 启用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Mon Dec 27 00:55:32 2021
*nat
:PREROUTING ACCEPT [116:17062]
:INPUT ACCEPT [33:1967]
:OUTPUT ACCEPT [273:16720]
:POSTROUTING ACCEPT [237:14458]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpn_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpn_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn_postrouting - [0:0]
:zone_vpn_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting
-A openclash -p tcp -m tcp --sport 1194 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 1194 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
-A zone_vpn_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
-A zone_vpn_prerouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Mon Dec 27 00:55:32 2021
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Mon Dec 27 00:55:32 2021
*mangle
:PREROUTING ACCEPT [9106:1200243]
:INPUT ACCEPT [8820:1173920]
:FORWARD ACCEPT [186:8943]
:OUTPUT ACCEPT [8805:2351333]
:POSTROUTING ACCEPT [8789:2349996]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.31.104/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.31.104/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.31.130/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.31.130/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.31.1/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.31.1/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.31.173/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.31.173/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.31.178/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.31.178/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_INPUT -i br-lan -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A RRDIPT_OUTPUT -o br-lan -j RETURN
-A openclash -p udp -m udp --sport 1194 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Mon Dec 27 00:55:32 2021
#IPv6 NAT chain
#IPv6 Mangle chain
#===================== IPSET状态 =====================#
Name: china_ip_route
Name: localnetwork
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.31.1 0.0.0.0 UG 0 0 0 br-lan
192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route list
default via 192.168.31.1 dev br-lan proto static
192.168.31.0/24 dev br-lan proto kernel scope link src 192.168.31.105
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
tcp 0 0 :::7890 :::* LISTEN 28547/clash
tcp 0 0 :::7891 :::* LISTEN 28547/clash
tcp 0 0 :::7892 :::* LISTEN 28547/clash
tcp 0 0 :::7893 :::* LISTEN 28547/clash
tcp 0 0 :::7895 :::* LISTEN 28547/clash
tcp 0 0 :::9090 :::* LISTEN 28547/clash
udp 0 0 127.0.0.1:7874 0.0.0.0:* 28547/clash
udp 0 0 :::7891 :::* 28547/clash
udp 0 0 :::7892 :::* 28547/clash
udp 0 0 :::7893 :::* 28547/clash
udp 0 0 :::7895 :::* 28547/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.1
Address: 127.0.0.1:53
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 36.152.44.96
Name: www.a.shifen.com
Address: 36.152.44.95
#===================== resolv.conf.auto =====================#
# Interface lan
nameserver 192.168.31.1
#===================== resolv.conf.d =====================#
# Interface lan
nameserver 192.168.31.1
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sun, 26 Dec 2021 16:55:33 GMT
Etag: "575e1f7c-115"
Last-Modified: Mon, 13 Jun 2016 02:50:36 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
#===================== 最近运行日志 =====================#
time="2021-12-26T16:47:28Z" level=info msg="Start initial compatible provider 🎬 myTVSUPER"
2021-12-27 00:47:31 Step 6: Wait For The File Downloading...
2021-12-27 00:47:31 Step 7: Set Control Panel...
2021-12-27 00:47:31 Step 8: Set Firewall Rules...
2021-12-27 00:47:31 Step 9: Restart Dnsmasq...
2021-12-27 00:47:32 Step 10: Add Cron Rules, Start Daemons...
2021-12-27 00:47:32 OpenClash Start Successful!
2021-12-27 00:48:21 OpenClash Stoping...
2021-12-27 00:48:21 Step 1: Backup The Current Groups State...
2021-12-27 00:48:21 Step 2: Delete OpenClash Firewall Rules...
2021-12-27 00:48:22 Step 3: Close The OpenClash Daemons...
2021-12-27 00:48:22 Step 4: Close The Clash Core Process...
2021-12-27 00:48:22 Step 5: Restart Dnsmasq...
2021-12-27 00:48:23 Step 6: Delete OpenClash Residue File...
2021-12-27 00:48:23 OpenClash Start Running...
2021-12-27 00:48:23 Step 1: Get The Configuration...
2021-12-27 00:48:23 Step 2: Check The Components...
2021-12-27 00:48:23 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start...
2021-12-27 00:48:23 Step 3: Modify The Config File...
2021-12-27 00:48:27 Step 4: Start Running The Clash Core...
2021-12-27 00:48:27 Tip: No Special Configuration Detected, Use Dev Core to Start...
2021-12-27 00:48:28 Step 5: Check The Core Status...
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 🌐 Google"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider China-Websites"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 📲 Telegram"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 📺 International-Media"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 🎵 Tiktok"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider China-Media"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider AmyTelecom"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 🍎 Apple"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 🎬 iQiyi"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 📟 Twitter"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 🎬 myTVSUPER"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider Hijacking"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 🎬 Emby"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 🖥 Microsoft"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 🎬 YouTube"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 🎬 Bilibili"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 🖥 Learning"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 📺 Netflix"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider 📲 LineTV"
time="2021-12-26T16:48:28Z" level=info msg="Start initial compatible provider Final"
time="2021-12-26T16:48:28Z" level=info msg="RESTful API listening at: [::]:9090"
2021-12-27 00:48:31 Step 6: Wait For The File Downloading...
2021-12-27 00:48:31 Step 7: Set Control Panel...
2021-12-27 00:48:31 Step 8: Set Firewall Rules...
2021-12-27 00:48:31 Step 9: Restart Dnsmasq...
2021-12-27 00:48:32 Step 10: Add Cron Rules, Start Daemons...
2021-12-27 00:48:32 OpenClash Start Successful!
2021-12-27 00:49:32 Watchdog: Reset Firewall For Enabling Redirect...
没看出啥问题
我用群晖,装了个虚拟机做旁路由,安装配置都成功,直接设置代理也可以访问。 但是如果我将网关和DNS服务器指向旁路由,就什么都访问不了...求解
OpenClash 调试日志
生成时间: 2021-12-25 23:39:52 插件版本: v0.44.04-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息