求助：Fake-IP混合模式，可以访问国内，国外无法访问

可以访问百度。正常返回dns 198.18的地址

; <<>> DiG 9.18.0 <<>> baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50865
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0001, udp: 1232
; COOKIE: 7c8804ebe870be3c (echoed)
;; QUESTION SECTION:
;baidu.com.                     IN      A

;; ANSWER SECTION:
baidu.com.              1       IN      A       198.18.0.60

;; Query time: 3 msec
;; SERVER: 192.168.2.1#53(192.168.2.1) (UDP)
;; WHEN: Sat Mar 12 19:14:44 CST 2022
;; MSG SIZE  rcvd: 66

访问google是，不返回dns

> dig google.com

; <<>> DiG 9.18.0 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached

运行状态里的IPIFY 国外可以显示国外的节点的ip

OpenClash 调试日志

生成时间: 2022-03-12 19:19:10 插件版本: v0.44.25-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息


#===================== 系统信息 =====================#

主机型号: QEMU Standard PC (Q35 + ICH9, 2009)
固件版本: OpenWrt 21.02.2 r16495-bf0c965af0
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.4.179
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 5149
运行权限: 5149: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.01.27
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.9.0-11-gb52d0c1
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/immtel_Clash.yaml
启动配置文件: /etc/openclash/immtel_Clash.yaml
运行模式: fake-ip-mix
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
proxy-groups:
- name: "\U0001F9EDFinal"
  type: select
  proxies:
  - "\U0001F311Proxy"
  - "\U0001F310Direct"
- name: "\U0001F311Proxy"
  type: select
  proxies:
  - "\U0001F9EFFallback"
  - "\U0001F579AutoTest"
  - HKG 01
  - HKG 02
  - HKG 03
  - HKG 04
  - HKG 05
  - HKG 06
  - HKG 07
  - HKG 08
  - HKG 09
  - HKG 10
  - HKG 11
  - HKG 12
  - HKG 13
  - HKG 14
  - HKG 15
  - HKG 16
  - HKG 17
  - HKG 18
  - HKG 19
  - HKG 20
  - TWN 01
  - TWN 02
  - TWN 03
  - TWN 04
  - TWN 05
  - SGP 01
  - SGP 02
  - SGP 03
  - SGP 04
  - SGP 05
  - SGP 06
  - SGP 07
  - SGP 08
  - SGP 09
  - SGP 10
  - SGP 11
  - SGP 12
  - SGP 13
  - SGP 14
  - SGP 15
  - SGP 16
  - SGP 17
  - SGP 18
  - KOR 01
  - KOR 02
  - JPN 01
  - JPN 02
  - JPN 03
  - JPN 04
  - JPN 05
  - JPN 06
  - JPN 07
  - JPN 08
  - JPN 09
  - JPN 10
  - JPN 11
  - JPN 12
  - JPN 13
  - JPN 14
  - JPN 15
  - JPN 16
  - JPN 17
  - JPN 18
  - USA 01
  - USA 02
  - USA 03
  - USA 04
  - USA 05
  - USA 06
  - USA 07
  - USA 08
  - USA 09
  - USA 10
  - USA 11
  - USA 12
  - USA 13
  - USA 14
  - USA 15
  - USA 16
  - IND 01
  - IND 02
  - AUS 01
  - DEU 01
  - DEU 02
  - DEU 03
  - DEU 04
  - DEU 05
  - DEU 06
  - FRA 01
  - POL 01
  - NLD 01
  - NLD 02
  - NLD 03
  - ESP 01
  - RUS 01
  - RUS 02
  - ISL 01
  - DNK 01
  - CAN 01
  - CAN 02
  - GBR 01
  - GBR 02
  - GBR 03
  - GBR 04
  - PHL 01
  - THA 01
  - TUR 01
  - TUR 02
  - IDN 01
  - VNM 01
- name: "\U0001F39EStreaming"
  type: select
  proxies:
  - "\U0001F311Proxy"
  - "\U0001F579AutoTest"
  - HKG 01
  - HKG 02
  - HKG 03
  - HKG 04
  - HKG 05
  - HKG 06
  - HKG 07
  - HKG 08
  - HKG 09
  - HKG 10
  - HKG 11
  - HKG 12
  - HKG 13
  - HKG 14
  - HKG 15
  - HKG 16
  - HKG 17
  - HKG 18
  - HKG 19
  - HKG 20
  - TWN 01
  - TWN 02
  - TWN 03
  - TWN 04
  - TWN 05
  - SGP 01
  - SGP 02
  - SGP 03
  - SGP 04
  - SGP 05
  - SGP 06
  - SGP 07
  - SGP 08
  - SGP 09
  - SGP 10
  - SGP 11
  - SGP 12
  - SGP 13
  - SGP 14
  - SGP 15
  - SGP 16
  - SGP 17
  - SGP 18
  - KOR 01
  - KOR 02
  - JPN 01
  - JPN 02
  - JPN 03
  - JPN 04
  - JPN 05
  - JPN 06
  - JPN 07
  - JPN 08
  - JPN 09
  - JPN 10
  - JPN 11
  - JPN 12
  - JPN 13
  - JPN 14
  - JPN 15
  - JPN 16
  - JPN 17
  - JPN 18
  - USA 01
  - USA 02
  - USA 03
  - USA 04
  - USA 05
  - USA 06
  - USA 07
  - USA 08
  - USA 09
  - USA 10
  - USA 11
  - USA 12
  - USA 13
  - USA 14
  - USA 15
  - USA 16
  - IND 01
  - IND 02
  - AUS 01
  - DEU 01
  - DEU 02
  - DEU 03
  - DEU 04
  - DEU 05
  - DEU 06
  - FRA 01
  - POL 01
  - NLD 01
  - NLD 02
  - NLD 03
  - ESP 01
  - RUS 01
  - RUS 02
  - ISL 01
  - DNK 01
  - CAN 01
  - CAN 02
  - GBR 01
  - GBR 02
  - GBR 03
  - GBR 04
  - PHL 01
  - THA 01
  - TUR 01
  - TUR 02
  - IDN 01
  - VNM 01
- name: "\U0001F39EStreamingSE"
  type: select
  proxies:
  - "\U0001F310Direct"
  - HKG 01
  - HKG 02
  - HKG 03
  - HKG 04
  - HKG 05
  - HKG 06
  - HKG 07
  - HKG 08
  - HKG 09
  - HKG 10
  - HKG 11
  - HKG 12
  - HKG 13
  - HKG 14
  - HKG 15
  - HKG 16
  - HKG 17
  - HKG 18
  - HKG 19
  - HKG 20
  - TWN 01
  - TWN 02
  - TWN 03
  - TWN 04
  - TWN 05
  - SGP 01
  - SGP 02
  - SGP 03
  - SGP 04
  - SGP 05
  - SGP 06
  - SGP 07
  - SGP 08
  - SGP 09
  - SGP 10
  - SGP 11
  - SGP 12
  - SGP 13
  - SGP 14
  - SGP 15
  - SGP 16
  - SGP 17
  - SGP 18
  - KOR 01
  - KOR 02
  - JPN 01
  - JPN 02
  - JPN 03
  - JPN 04
  - JPN 05
  - JPN 06
  - JPN 07
  - JPN 08
  - JPN 09
  - JPN 10
  - JPN 11
  - JPN 12
  - JPN 13
  - JPN 14
  - JPN 15
  - JPN 16
  - JPN 17
  - JPN 18
  - USA 01
  - USA 02
  - USA 03
  - USA 04
  - USA 05
  - USA 06
  - USA 07
  - USA 08
  - USA 09
  - USA 10
  - USA 11
  - USA 12
  - USA 13
  - USA 14
  - USA 15
  - USA 16
  - IND 01
  - IND 02
  - AUS 01
  - DEU 01
  - DEU 02
  - DEU 03
  - DEU 04
  - DEU 05
  - DEU 06
  - FRA 01
  - POL 01
  - NLD 01
  - NLD 02
  - NLD 03
  - ESP 01
  - RUS 01
  - RUS 02
  - ISL 01
  - DNK 01
  - CAN 01
  - CAN 02
  - GBR 01
  - GBR 02
  - GBR 03
  - GBR 04
  - PHL 01
  - THA 01
  - TUR 01
  - TUR 02
  - IDN 01
  - VNM 01
- name: "\U0001F6E1Guard"
  type: select
  proxies:
  - "⛔️Reject"
  - "\U0001F310Direct"
- name: "\U0001F9EFFallback"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 300
  proxies:
  - HKG 01
  - HKG 02
  - HKG 03
  - HKG 04
  - HKG 05
  - HKG 06
  - HKG 07
  - HKG 08
  - HKG 09
  - HKG 10
  - HKG 11
  - HKG 12
  - HKG 13
  - HKG 14
  - HKG 15
  - HKG 16
  - HKG 17
  - HKG 18
  - HKG 19
  - HKG 20
  - TWN 01
  - TWN 02
  - TWN 03
  - TWN 04
  - TWN 05
  - SGP 01
  - SGP 02
  - SGP 03
  - SGP 04
  - SGP 05
  - SGP 06
  - SGP 07
  - SGP 08
  - SGP 09
  - SGP 10
  - SGP 11
  - SGP 12
  - SGP 13
  - SGP 14
  - SGP 15
  - SGP 16
  - SGP 17
  - SGP 18
  - KOR 01
  - KOR 02
  - JPN 01
  - JPN 02
  - JPN 03
  - JPN 04
  - JPN 05
  - JPN 06
  - JPN 07
  - JPN 08
  - JPN 09
  - JPN 10
  - JPN 11
  - JPN 12
  - JPN 13
  - JPN 14
  - JPN 15
  - JPN 16
  - JPN 17
  - JPN 18
  - USA 01
  - USA 02
  - USA 03
  - USA 04
  - USA 05
  - USA 06
  - USA 07
  - USA 08
  - USA 09
  - USA 10
  - USA 11
  - USA 12
  - USA 13
  - USA 14
  - USA 15
  - USA 16
  - IND 01
  - IND 02
  - AUS 01
  - DEU 01
  - DEU 02
  - DEU 03
  - DEU 04
  - DEU 05
  - DEU 06
  - FRA 01
  - POL 01
  - NLD 01
  - NLD 02
  - NLD 03
  - ESP 01
  - RUS 01
  - RUS 02
  - ISL 01
  - DNK 01
  - CAN 01
  - CAN 02
  - GBR 01
  - GBR 02
  - GBR 03
  - GBR 04
  - PHL 01
  - THA 01
  - TUR 01
  - TUR 02
  - IDN 01
  - VNM 01
- name: "\U0001F579AutoTest"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  proxies:
  - HKG 01
  - HKG 02
  - HKG 03
  - HKG 04
  - HKG 05
  - HKG 06
  - HKG 07
  - HKG 08
  - HKG 09
  - HKG 10
  - HKG 11
  - HKG 12
  - HKG 13
  - HKG 14
  - HKG 15
  - HKG 16
  - HKG 17
  - HKG 18
  - HKG 19
  - HKG 20
  - TWN 01
  - TWN 02
  - TWN 03
  - TWN 04
  - TWN 05
  - SGP 01
  - SGP 02
  - SGP 03
  - SGP 04
  - SGP 05
  - SGP 06
  - SGP 07
  - SGP 08
  - SGP 09
  - SGP 10
  - SGP 11
  - SGP 12
  - SGP 13
  - SGP 14
  - SGP 15
  - SGP 16
  - SGP 17
  - SGP 18
  - KOR 01
  - KOR 02
  - JPN 01
  - JPN 02
  - JPN 03
  - JPN 04
  - JPN 05
  - JPN 06
  - JPN 07
  - JPN 08
  - JPN 09
  - JPN 10
  - JPN 11
  - JPN 12
  - JPN 13
  - JPN 14
  - JPN 15
  - JPN 16
  - JPN 17
  - JPN 18
  - USA 01
  - USA 02
  - USA 03
  - USA 04
  - USA 05
  - USA 06
  - USA 07
  - USA 08
  - USA 09
  - USA 10
  - USA 11
  - USA 12
  - USA 13
  - USA 14
  - USA 15
  - USA 16
  - IND 01
  - IND 02
  - AUS 01
  - DEU 01
  - DEU 02
  - DEU 03
  - DEU 04
  - DEU 05
  - DEU 06
  - FRA 01
  - POL 01
  - NLD 01
  - NLD 02
  - NLD 03
  - ESP 01
  - RUS 01
  - RUS 02
  - ISL 01
  - DNK 01
  - CAN 01
  - CAN 02
  - GBR 01
  - GBR 02
  - GBR 03
  - GBR 04
  - PHL 01
  - THA 01
  - TUR 01
  - TUR 02
  - IDN 01
  - VNM 01
- name: "⛔️Reject"
  type: select
  proxies:
  - REJECT
- name: "\U0001F310Direct"
  type: select
  proxies:
  - DIRECT
rules:
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- RULE-SET,connershua_clients,DIRECT
- "RULE-SET,Unbreak,\U0001F310Direct"
- "RULE-SET,Advertising,\U0001F6E1Guard"
- "RULE-SET,Hijacking,\U0001F6E1Guard"
- "RULE-SET,Streaming,\U0001F39EStreaming"
- "RULE-SET,StreamingSE,\U0001F39EStreamingSE"
- "RULE-SET,Global,\U0001F311Proxy"
- "RULE-SET,China,\U0001F310Direct"
- RULE-SET,LocalAreaNetwork,DIRECT
- "RULE-SET,ChinaIP,\U0001F310Direct"
- "MATCH,,\U0001F9EDFinal,dns-failed"
rule-providers:
  connershua_clients:
    type: http
    behavior: classical
    url: https://api.dler.io/getruleset?type=6&url=aHR0cHM6Ly9naXN0LmdpdGh1YnVzZXJjb250ZW50LmNvbS90aW5keTIwMTMvMWZhMDg2NDBhOTA4OGFjODY1MmRiZDQwYzVkMjcxNWIvcmF3L2Nvbm5lcnNodWFfY2xpZW50cy5saXN0
    path: "./rule_provider/rule-provider_connershua_clients.yaml"
    interval: 86400
  Unbreak:
    type: http
    behavior: classical
    url: https://api.dler.io/getruleset?type=6&url=aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0RpdmluZUVuZ2luZS9Qcm9maWxlcy9tYXN0ZXIvU3VyZ2UvUnVsZXNldC9VbmJyZWFrLmxpc3Q
    path: "./rule_provider/rule-provider_Unbreak.yaml"
    interval: 86400
  Advertising:
    type: http
    behavior: classical
    url: https://api.dler.io/getruleset?type=6&url=aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0RpdmluZUVuZ2luZS9Qcm9maWxlcy9tYXN0ZXIvU3VyZ2UvUnVsZXNldC9HdWFyZC9BZHZlcnRpc2luZy5saXN0
    path: "./rule_provider/rule-provider_Advertising.yaml"
    interval: 86400
  Hijacking:
    type: http
    behavior: classical
    url: https://api.dler.io/getruleset?type=6&url=aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0RpdmluZUVuZ2luZS9Qcm9maWxlcy9tYXN0ZXIvU3VyZ2UvUnVsZXNldC9HdWFyZC9IaWphY2tpbmcubGlzdA
    path: "./rule_provider/rule-provider_Hijacking.yaml"
    interval: 86400
  Streaming:
    type: http
    behavior: classical
    url: https://api.dler.io/getruleset?type=6&url=aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0RpdmluZUVuZ2luZS9Qcm9maWxlcy9tYXN0ZXIvU3VyZ2UvUnVsZXNldC9TdHJlYW1pbmdNZWRpYS9TdHJlYW1pbmcubGlzdA
    path: "./rule_provider/rule-provider_Streaming.yaml"
    interval: 86400
  StreamingSE:
    type: http
    behavior: classical
    url: https://api.dler.io/getruleset?type=6&url=aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0RpdmluZUVuZ2luZS9Qcm9maWxlcy9tYXN0ZXIvU3VyZ2UvUnVsZXNldC9TdHJlYW1pbmdNZWRpYS9TdHJlYW1pbmdTRS5saXN0
    path: "./rule_provider/rule-provider_StreamingSE.yaml"
    interval: 86400
  Global:
    type: http
    behavior: classical
    url: https://api.dler.io/getruleset?type=6&url=aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0RpdmluZUVuZ2luZS9Qcm9maWxlcy9tYXN0ZXIvU3VyZ2UvUnVsZXNldC9HbG9iYWwubGlzdA
    path: "./rule_provider/rule-provider_Global.yaml"
    interval: 86400
  China:
    type: http
    behavior: classical
    url: https://api.dler.io/getruleset?type=6&url=aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0RpdmluZUVuZ2luZS9Qcm9maWxlcy9tYXN0ZXIvU3VyZ2UvUnVsZXNldC9DaGluYS5saXN0
    path: "./rule_provider/rule-provider_China.yaml"
    interval: 86400
  LocalAreaNetwork:
    type: http
    behavior: classical
    url: https://api.dler.io/getruleset?type=6&url=aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3RpbmR5MjAxMy9zdWJjb252ZXJ0ZXIvbWFzdGVyL2Jhc2UvcnVsZXMvTG9jYWxBcmVhTmV0d29yay5saXN0
    path: "./rule_provider/rule-provider_LocalAreaNetwork.yaml"
    interval: 86400
  ChinaIP:
    type: http
    behavior: classical
    url: https://api.dler.io/getruleset?type=6&url=aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0RpdmluZUVuZ2luZS9Qcm9maWxlcy9tYXN0ZXIvU3VyZ2UvUnVsZXNldC9FeHRyYS9DaGluYUlQLmxpc3Q
    path: "./rule_provider/rule-provider_ChinaIP.yaml"
    interval: 86400
dns:
  nameserver:
  - 202.96.134.133
  - 202.96.128.166
  - 14.123.236.1
  - 192.168.1.1
  - 114.114.114.114
  - 119.29.29.29
  - https://dns.alidns.com/dns-query
  fallback:
  - https://dns.cloudflare.com/dns-query
  - https://public.dns.iij.jp/dns-query
  - https://jp.tiar.app/dns-query
  - https://jp.tiarap.org/dns-query
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 127.0.0.1:7874
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  - time.*.com
  - time.*.gov
  - time.*.edu.cn
  - time.*.apple.com
  - time1.*.com
  - time2.*.com
  - time3.*.com
  - time4.*.com
  - time5.*.com
  - time6.*.com
  - time7.*.com
  - ntp.*.com
  - ntp1.*.com
  - ntp2.*.com
  - ntp3.*.com
  - ntp4.*.com
  - ntp5.*.com
  - ntp6.*.com
  - ntp7.*.com
  - "*.time.edu.cn"
  - "*.ntp.org.cn"
  - "+.pool.ntp.org"
  - time1.cloud.tencent.com
  - music.163.com
  - "*.music.163.com"
  - "*.126.net"
  - musicapi.taihe.com
  - music.taihe.com
  - songsearch.kugou.com
  - trackercdn.kugou.com
  - "*.kuwo.cn"
  - api-jooxtt.sanook.com
  - api.joox.com
  - joox.com
  - y.qq.com
  - "*.y.qq.com"
  - streamoc.music.tc.qq.com
  - mobileoc.music.tc.qq.com
  - isure.stream.qqmusic.qq.com
  - dl.stream.qqmusic.qq.com
  - aqqmusic.tc.qq.com
  - amobile.music.tc.qq.com
  - "*.xiami.com"
  - "*.music.migu.cn"
  - music.migu.cn
  - "+.msftconnecttest.com"
  - "+.msftncsi.com"
  - msftconnecttest.com
  - msftncsi.com
  - localhost.ptlogin2.qq.com
  - localhost.sec.qq.com
  - "+.srv.nintendo.net"
  - "*.n.n.srv.nintendo.net"
  - "+.stun.playstation.net"
  - xbox.*.*.microsoft.com
  - "*.*.xboxlive.com"
  - xbox.*.microsoft.com
  - xnotify.xboxlive.com
  - "+.battlenet.com.cn"
  - "+.wotgame.cn"
  - "+.wggames.cn"
  - "+.wowsgame.cn"
  - "+.wargaming.net"
  - proxy.golang.org
  - stun.*.*
  - stun.*.*.*
  - "+.stun.*.*"
  - "+.stun.*.*.*"
  - "+.stun.*.*.*.*"
  - "+.stun.*.*.*.*.*"
  - heartbeat.belkin.com
  - "*.linksys.com"
  - "*.linksyssmartwifi.com"
  - "*.router.asus.com"
  - mesu.apple.com
  - swscan.apple.com
  - swquery.apple.com
  - swdownload.apple.com
  - swcdn.apple.com
  - swdist.apple.com
  - lens.l.google.com
  - stun.l.google.com
  - "+.nflxvideo.net"
  - "*.square-enix.com"
  - "*.finalfantasyxiv.com"
  - "*.ffxiv.com"
  - "*.ff14.sdo.com"
  - ff.dorado.sdo.com
  - "*.mcdn.bilivideo.cn"
  - "+.media.dssott.com"
  default-nameserver:
  - 202.96.134.133
  - 202.96.128.166
  - 14.123.236.1
  - 192.168.1.1
  - 114.114.114.114
  - 119.29.29.29
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/dashboard"
ipv6: false
tun:
  enable: true
  stack: system
  dns-hijack:
  - tcp://8.8.8.8:53
  - tcp://8.8.4.4:53
profile:
  store-selected: true
  store-fake-ip: true
interface-name: pppoe-wan

#===================== 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sat Mar 12 19:19:11 2022
*nat
:PREROUTING ACCEPT [110410:12683914]
:INPUT ACCEPT [1794:171853]
:OUTPUT ACCEPT [4998:382023]
:POSTROUTING ACCEPT [1379:149625]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_VPN_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_VPN_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_VPN_postrouting - [0:0]
:zone_VPN_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i WirGuardVPN -m comment --comment "!fw3" -j zone_VPN_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o WirGuardVPN -m comment --comment "!fw3" -j zone_VPN_postrouting
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 35522 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_VPN_postrouting -m comment --comment "!fw3: Custom VPN postrouting rule chain" -j postrouting_VPN_rule
-A zone_VPN_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_VPN_prerouting -m comment --comment "!fw3: Custom VPN prerouting rule chain" -j prerouting_VPN_rule
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.1/32 -p tcp -m tcp --dport 35522 -m comment --comment "!fw3: @redirect[0] (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.1/32 -p udp -m udp --dport 35522 -m comment --comment "!fw3: @redirect[0] (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.2.0/24 -d 192.168.1.2/32 -p tcp -m tcp --dport 35522 -m comment --comment "!fw3: @redirect[0] (reflection)" -j DNAT --to-destination 192.168.2.1:35522
-A zone_lan_prerouting -s 192.168.2.0/24 -d 192.168.1.2/32 -p udp -m udp --dport 35522 -m comment --comment "!fw3: @redirect[0] (reflection)" -j DNAT --to-destination 192.168.2.1:35522
-A zone_lan_prerouting -s 192.168.2.0/24 -d 14.123.236.88/32 -p tcp -m tcp --dport 35522 -m comment --comment "!fw3: @redirect[0] (reflection)" -j DNAT --to-destination 192.168.2.1:35522
-A zone_lan_prerouting -s 192.168.2.0/24 -d 14.123.236.88/32 -p udp -m udp --dport 35522 -m comment --comment "!fw3: @redirect[0] (reflection)" -j DNAT --to-destination 192.168.2.1:35522
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 35522 -m comment --comment "!fw3: @redirect[0]" -j DNAT --to-destination 192.168.2.1:35522
-A zone_wan_prerouting -p udp -m udp --dport 35522 -m comment --comment "!fw3: @redirect[0]" -j DNAT --to-destination 192.168.2.1:35522
-A zone_wan_prerouting -j MINIUPNPD
COMMIT
# Completed on Sat Mar 12 19:19:11 2022

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sat Mar 12 19:19:11 2022
*mangle
:PREROUTING ACCEPT [278552:97278828]
:INPUT ACCEPT [276281:96869322]
:FORWARD ACCEPT [1639:297676]
:OUTPUT ACCEPT [158471:93976004]
:POSTROUTING ACCEPT [159531:94250520]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
-A PREROUTING -p udp -j openclash
-A PREROUTING -p tcp -m tcp --dport 53 -j openclash_dns_hijack
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j openclash_output
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -p udp -m udp --dport 35522 -j RETURN
-A openclash -i utun -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -d 8.8.8.8/32 -m comment --comment "OpenClash Google DNS Hijack" -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -d 8.8.4.4/32 -m comment --comment "OpenClash Google DNS Hijack" -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -p udp -m udp --sport 35522 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Sat Mar 12 19:19:11 2022

#IPv6 NAT chain

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Sat Mar 12 19:19:11 2022
*mangle
:PREROUTING ACCEPT [863:79334]
:INPUT ACCEPT [863:79334]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [868:79806]
:POSTROUTING ACCEPT [868:79806]
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sat Mar 12 19:19:11 2022

#===================== IPSET状态 =====================#

Name: localnetwork

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         14.123.236.1    0.0.0.0         UG    0      0        0 pppoe-wan
14.123.236.1    0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 WirGuardVPN
192.168.10.2    0.0.0.0         255.255.255.255 UH    0      0        0 WirGuardVPN
198.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 utun
#ip route list
default via 14.123.236.1 dev pppoe-wan proto static 
14.123.236.1 dev pppoe-wan proto kernel scope link src 14.123.236.88 
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.2 
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1 
192.168.10.0/24 dev WirGuardVPN proto kernel scope link src 192.168.10.1 
192.168.10.2 dev WirGuardVPN proto static scope link 
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== Tun设备状态 =====================#

utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:7777         0.0.0.0:*               LISTEN      5149/clash
tcp        0      0 :::7890                 :::*                    LISTEN      5149/clash
tcp        0      0 :::7891                 :::*                    LISTEN      5149/clash
tcp        0      0 :::7892                 :::*                    LISTEN      5149/clash
tcp        0      0 :::7893                 :::*                    LISTEN      5149/clash
tcp        0      0 :::7895                 :::*                    LISTEN      5149/clash
tcp        0      0 :::9090                 :::*                    LISTEN      5149/clash
udp        0      0 198.18.0.1:7777         0.0.0.0:*                           5149/clash
udp        0      0 127.0.0.1:7874          0.0.0.0:*                           5149/clash
udp        0      0 :::7891                 :::*                                5149/clash
udp        0      0 :::7892                 :::*                                5149/clash
udp        0      0 :::7893                 :::*                                5149/clash
udp        0      0 :::7895                 :::*                                5149/clash
udp        0      0 :::41917                :::*                                5149/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1#53

Name:   www.baidu.com
Address: 198.18.0.26

#===================== resolv.conf.d =====================#

# Interface wan
nameserver 202.96.134.133
nameserver 202.96.128.166

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 12 Mar 2022 11:19:11 GMT
Etag: "575e1f72-115"
Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

#===================== 最近运行日志 =====================#

2022-03-12 18:22:19 OpenClash Stoping...
2022-03-12 18:22:19 Step 1: Backup The Current Groups State...
2022-03-12 18:22:19 Step 2: Delete OpenClash Firewall Rules...
2022-03-12 18:22:20 Step 3: Close The OpenClash Daemons...
2022-03-12 18:22:20 Step 4: Close The Clash Core Process...
2022-03-12 18:22:20 Step 5: Restart Dnsmasq...
2022-03-12 18:22:24 Step 6: Delete OpenClash Residue File...
2022-03-12 18:22:24 OpenClash Start Running...
2022-03-12 18:22:24 Step 1: Get The Configuration...
2022-03-12 18:22:24 Step 2: Check The Components...
2022-03-12 18:22:24 Setting Fake IP Filter...
2022-03-12 18:22:24 Step 3: Modify The Config File...
2022-03-12 18:22:25 Step 4: Start Running The Clash Core...
2022-03-12 18:22:25 Tip: Detected The Exclusive Function of The TUN Core, Use TUN Core to Start...
2022-03-12 18:22:25 Step 5: Check The Core Status...
time="2022-03-12T10:22:26Z" level=info msg="Start initial compatible provider ⛔️Reject"
time="2022-03-12T10:22:26Z" level=info msg="Start initial compatible provider 🛡Guard"
time="2022-03-12T10:22:26Z" level=info msg="Start initial compatible provider 🎞StreamingSE"
time="2022-03-12T10:22:26Z" level=info msg="Start initial compatible provider 🧯Fallback"
time="2022-03-12T10:22:26Z" level=info msg="Start initial compatible provider 🌐Direct"
time="2022-03-12T10:22:26Z" level=info msg="Start initial compatible provider 🌑Proxy"
time="2022-03-12T10:22:26Z" level=info msg="Start initial compatible provider 🎞Streaming"
time="2022-03-12T10:22:26Z" level=info msg="Start initial compatible provider 🧭Final"
time="2022-03-12T10:22:26Z" level=info msg="Start initial compatible provider 🕹AutoTest"
time="2022-03-12T10:22:26Z" level=info msg="Start initial rule provider LocalAreaNetwork"
time="2022-03-12T10:22:26Z" level=info msg="Start initial rule provider China"
time="2022-03-12T10:22:26Z" level=info msg="Start initial rule provider Advertising"
time="2022-03-12T10:22:26Z" level=info msg="Start initial rule provider Hijacking"
time="2022-03-12T10:22:26Z" level=info msg="Start initial rule provider ChinaIP"
time="2022-03-12T10:22:26Z" level=info msg="Start initial rule provider connershua_clients"
time="2022-03-12T10:22:26Z" level=info msg="Start initial rule provider Unbreak"
time="2022-03-12T10:22:26Z" level=info msg="Start initial rule provider Global"
time="2022-03-12T10:22:26Z" level=info msg="Start initial rule provider Streaming"
time="2022-03-12T10:22:26Z" level=info msg="Start initial rule provider StreamingSE"
time="2022-03-12T10:22:26Z" level=info msg="RESTful API listening at: [::]:9090"
time="2022-03-12T10:22:26Z" level=info msg="DNS server listening at: 127.0.0.1:7874"
2022-03-12 18:22:28 Step 6: Wait For The File Downloading...
2022-03-12 18:22:29 Step 7: Set Control Panel...
2022-03-12 18:22:29 Step 8: Set Firewall Rules...
2022-03-12 18:22:29 Step 9: Restart Dnsmasq...
2022-03-12 18:22:32 Step 10: Add Cron Rules, Start Daemons...
2022-03-12 18:22:32 OpenClash Start Successful!

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.2.139】 - Host:【avatars3.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【Global】 - Lastchain:【HKG 01】

vernesong / OpenClash

求助：Fake-IP混合模式，可以访问国内，国外无法访问 #2137

vernesong / OpenClash

求助：Fake-IP混合模式，可以访问国内， 国外无法访问 #2137

求助：Fake-IP混合模式，可以访问国内，国外无法访问 #2137