Closed laye0619 closed 2 years ago
laye0619
commented
2 years ago 忘了说了,小米摄像头内网ip:192.168.1.32 可以在日志里面看到关于这个ip的是 time="2022-05-31T08:02:04Z" level=info msg="[UDP] 192.168.1.32:26319 --> xiaomi5.p2psy3.io.mi.com:32100 match RuleSet(direct) using DIRECT" 可以看出来,规则已经将这个分流DIRECT了
vernesong
commented
2 years ago 内核更新下,tun没起来
laye0619
commented
2 years ago 我在版本更新里面看到TUN以及其他内核都已经是最新的了。怎么破?多谢!
vernesong
commented
2 years ago 选一下dev分支
laye0619
commented
2 years ago 
laye0619
commented
2 years ago 已经是啦!还是一样的问题……
vernesong
commented
2 years ago meta更新了?发日志
laye0619
commented
2 years ago OpenClash 调试日志
生成时间: 2022-05-31 19:49:32 插件版本: 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: Apple Inc. MacBookPro151/Mac-937A206F2EE63C01 : 6 Core 12 Thread
固件版本: OpenWrt 22.03.0-rc1 05.18.2022
LuCI版本:
内核版本: 5.17.1-t2
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 14603
运行权限: 14603: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.05.18
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本: v1.10.6-9-g9d2fc97
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本: alpha-g26014cb
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/config_laye.yaml
启动配置文件: /etc/openclash/config_laye.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 停用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
allow-lan: true
bind-address: "*"
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
hosts:
dns:
enable: true
listen: 0.0.0.0:7874
ipv6: false
default-nameserver:
- 223.5.5.5
- 114.114.114.114
- 192.168.1.1
- 119.29.29.29
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
- "*.lan"
- "*.localdomain"
- "*.example"
- "*.invalid"
- "*.localhost"
- "*.test"
- "*.local"
- "*.home.arpa"
- time.*.com
- time.*.gov
- time.*.edu.cn
- time.*.apple.com
- time1.*.com
- time2.*.com
- time3.*.com
- time4.*.com
- time5.*.com
- time6.*.com
- time7.*.com
- ntp.*.com
- ntp1.*.com
- ntp2.*.com
- ntp3.*.com
- ntp4.*.com
- ntp5.*.com
- ntp6.*.com
- ntp7.*.com
- "*.time.edu.cn"
- "*.ntp.org.cn"
- "+.pool.ntp.org"
- time1.cloud.tencent.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "*.msftconnecttest.com"
- "*.msftncsi.com"
- msftconnecttest.com
- msftncsi.com
- localhost.ptlogin2.qq.com
- localhost.sec.qq.com
- "+.srv.nintendo.net"
- "+.stun.playstation.net"
- xbox.*.microsoft.com
- xnotify.xboxlive.com
- "+.battlenet.com.cn"
- "+.wotgame.cn"
- "+.wggames.cn"
- "+.wowsgame.cn"
- "+.wargaming.net"
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- "+.stun.*.*"
- "+.stun.*.*.*"
- "+.stun.*.*.*.*"
- heartbeat.belkin.com
- "*.linksys.com"
- "*.linksyssmartwifi.com"
- "*.router.asus.com"
- mesu.apple.com
- swscan.apple.com
- swquery.apple.com
- swdownload.apple.com
- swcdn.apple.com
- swdist.apple.com
- lens.l.google.com
- stun.l.google.com
- "+.nflxvideo.net"
- "*.square-enix.com"
- "*.finalfantasyxiv.com"
- "*.ffxiv.com"
- "*.mcdn.bilivideo.cn"
- time-ios.apple.com
- "+.msftconnecttest.com"
- "+.msftncsi.com"
- "*.n.n.srv.nintendo.net"
- xbox.*.*.microsoft.com
- "*.*.xboxlive.com"
- "+.stun.*.*.*.*.*"
- "*.ff14.sdo.com"
- ff.dorado.sdo.com
- "+.media.dssott.com"
- shark007.net
- "+.io.mi.com"
nameserver:
- 223.5.5.5
- 114.114.114.114
- 192.168.1.1
- 119.29.29.29
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
fallback-filter:
geoip: false
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
domain:
- "+.google.com"
- "+.facebook.com"
- "+.youtube.com"
- "+.githubusercontent.com"
- "+.googlevideo.com"
fallback:
- https://dns.cloudflare.com/dns-query
- https://public.dns.iij.jp/dns-query
- https://jp.tiar.app/dns-query
- https://jp.tiarap.org/dns-query
- tls://dot.tiar.app
proxy-groups:
- name: PROXY
type: select
proxies:
- ss-aws-lightsail
rule-providers:
reject:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt
path: "./rule_provider/reject.yaml"
interval: 86400
icloud:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt
path: "./rule_provider/icloud.yaml"
interval: 86400
apple:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt
path: "./rule_provider/apple.yaml"
interval: 86400
google:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt
path: "./rule_provider/google.yaml"
interval: 86400
proxy:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt
path: "./rule_provider/proxy.yaml"
interval: 86400
direct:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt
path: "./rule_provider/direct.yaml"
interval: 86400
private:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt
path: "./rule_provider/private.yaml"
interval: 86400
gfw:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt
path: "./rule_provider/gfw.yaml"
interval: 86400
greatfire:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/greatfire.txt
path: "./rule_provider/greatfire.yaml"
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt
path: "./rule_provider/tld-not-cn.yaml"
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt
path: "./rule_provider/telegramcidr.yaml"
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt
path: "./rule_provider/cncidr.yaml"
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt
path: "./rule_provider/lancidr.yaml"
interval: 86400
applications:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt
path: "./rule_provider/applications.yaml"
interval: 86400
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- DOMAIN-SUFFIX,notion.so,PROXY
- DOMAIN-SUFFIX,500px.com,PROXY
- DOMAIN-SUFFIX,laye.wang,DIRECT
- DOMAIN-SUFFIX,speedtest.net,DIRECT
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- RULE-SET,google,DIRECT
- RULE-SET,proxy,PROXY
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,PROXY
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,PROXY
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
external-ui: "/usr/share/openclash/ui"
ipv6: false
geodata-mode: false
geodata-loader: memconservative
tcp-concurrent: true
sniffer:
enable: true
sniffing:
- tls
- http
force-domain:
- "+.netflix.com"
- "+.nflxvideo.net"
- "+.amazonaws.com"
- "+.media.dssott.com"
- "+.google.com"
skip-domain:
- "+.apple.com"
- Mijia Cloud
- "+.jd.com"
profile:
store-selected: true
store-fake-ip: true
#===================== 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Tue May 31 19:49:33 2022
*nat
:PREROUTING ACCEPT [211:59981]
:INPUT ACCEPT [495:42442]
:OUTPUT ACCEPT [800:52481]
:POSTROUTING ACCEPT [825:54470]
:ADBYBY - [0:0]
:DOCKER_OUTPUT - [0:0]
:DOCKER_POSTROUTING - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_rule - [0:0]
:prerouting_rule - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 80 -j ADBYBY
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m comment --comment DNSMASQ -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -d 127.0.0.11/32 -j DOCKER_OUTPUT
-A OUTPUT -j openclash_output
-A POSTROUTING -d 127.0.0.11/32 -j DOCKER_POSTROUTING
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A ADBYBY -d 0.0.0.0/8 -j RETURN
-A ADBYBY -d 10.0.0.0/8 -j RETURN
-A ADBYBY -d 127.0.0.0/8 -j RETURN
-A ADBYBY -d 169.254.0.0/16 -j RETURN
-A ADBYBY -d 172.16.0.0/12 -j RETURN
-A ADBYBY -d 192.168.0.0/16 -j RETURN
-A ADBYBY -d 224.0.0.0/4 -j RETURN
-A ADBYBY -d 240.0.0.0/4 -j RETURN
-A ADBYBY -m set --match-set adbyby_esc dst -j RETURN
-A ADBYBY -m set ! --match-set adbyby_wan dst -j RETURN
-A ADBYBY -p tcp -j REDIRECT --to-ports 8118
-A DOCKER_OUTPUT -d 127.0.0.11/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.11:43049
-A DOCKER_OUTPUT -d 127.0.0.11/32 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.11:33261
-A DOCKER_POSTROUTING -s 127.0.0.11/32 -p tcp -m tcp --sport 43049 -j SNAT --to-source :53
-A DOCKER_POSTROUTING -s 127.0.0.11/32 -p udp -m udp --sport 33261 -j SNAT --to-source :53
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
COMMIT
# Completed on Tue May 31 19:49:33 2022
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Tue May 31 19:49:33 2022
*mangle
:PREROUTING ACCEPT [16251:10694509]
:INPUT ACCEPT [16138:10751925]
:FORWARD ACCEPT [300:24309]
:OUTPUT ACCEPT [15930:10854863]
:POSTROUTING ACCEPT [16213:10877188]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Tue May 31 19:49:33 2022
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Tue May 31 19:49:33 2022
*filter
:INPUT ACCEPT [703:70775]
:FORWARD ACCEPT [300:24309]
:OUTPUT ACCEPT [989:143310]
:MINIUPNPD - [0:0]
:forwarding_rule - [0:0]
:input_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -m set --match-set blockip dst -j DROP
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m set --match-set blockip dst -j DROP
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Tue May 31 19:49:33 2022
#IPv6 NAT chain
# Generated by ip6tables-save v1.8.7 on Tue May 31 19:49:33 2022
*nat
:PREROUTING ACCEPT [69:29044]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m comment --comment DNSMASQ -m tcp --dport 53 -j REDIRECT --to-ports 53
COMMIT
# Completed on Tue May 31 19:49:33 2022
#IPv6 Mangle chain
# Generated by ip6tables-save v1.8.7 on Tue May 31 19:49:33 2022
*mangle
:PREROUTING ACCEPT [133:46031]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Tue May 31 19:49:33 2022
#IPv6 Filter chain
# Generated by ip6tables-save v1.8.7 on Tue May 31 19:49:33 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_rule - [0:0]
:input_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
COMMIT
# Completed on Tue May 31 19:49:33 2022
#===================== IPSET状态 =====================#
Name: adbyby_esc
Name: adbyby_wan
Name: blockip
Name: china_ip_route
Name: localnetwork
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br-lan
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route list
default via 192.168.1.1 dev br-lan proto static
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.2
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
tcp 0 0 :::7892 :::* LISTEN 14603/clash
tcp 0 0 :::7893 :::* LISTEN 14603/clash
tcp 0 0 :::7895 :::* LISTEN 14603/clash
tcp 0 0 :::7890 :::* LISTEN 14603/clash
tcp 0 0 :::7891 :::* LISTEN 14603/clash
tcp 0 0 :::9090 :::* LISTEN 14603/clash
udp 0 0 :::35266 :::* 14603/clash
udp 0 0 :::60072 :::* 14603/clash
udp 0 0 :::36545 :::* 14603/clash
udp 0 0 :::7874 :::* 14603/clash
udp 0 0 :::7891 :::* 14603/clash
udp 0 0 :::7892 :::* 14603/clash
udp 0 0 :::7893 :::* 14603/clash
udp 0 0 :::7895 :::* 14603/clash
udp 0 0 :::42976 :::* 14603/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.11
Address: 127.0.0.11:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 110.242.68.4
Name: www.a.shifen.com
Address: 110.242.68.3
#===================== resolv.conf.d =====================#
# Interface lan
nameserver 223.5.5.5
nameserver 114.114.114.114
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Tue, 31 May 2022 11:49:33 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
HTTP/2 200
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "7454d24b4da496745bb088bba9f9900d8c0ab5b45c1af1677f49d7262484b70d"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: F6CA:783E:9EA89:12F05A:62919A39
accept-ranges: bytes
date: Tue, 31 May 2022 11:49:33 GMT
via: 1.1 varnish
x-served-by: cache-qpg1228-QPG
x-cache: HIT
x-cache-hits: 1
x-timer: S1653997774.841733,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: ce1505d6eca67a0306e8540d88c052fb3f99892f
expires: Tue, 31 May 2022 11:54:33 GMT
source-age: 114
content-length: 80
#===================== 最近运行日志 =====================#
2022-05-31 19:42:54 Reload OpenClash Firewall Rules...
2022-05-31 19:43:33 Watchdog: Reset Firewall For Enabling Redirect...
2022-05-31 19:45:05 【Meta】Core Downloading, Please Try to Download and Upload Manually If Fails
2022-05-31 19:45:06 Reload OpenClash Firewall Rules...
2022-05-31 19:45:08 【Meta】Core Download Successful, Start Update...
2022-05-31 19:45:08 【Meta】Core Update Successful!
2022-05-31 19:45:09 OpenClash Stoping...
2022-05-31 19:45:09 Step 1: Backup The Current Groups State...
2022-05-31 19:45:09 Step 2: Delete OpenClash Firewall Rules...
2022-05-31 19:45:09 Step 3: Close The OpenClash Daemons...
2022-05-31 19:45:09 Step 4: Close The Clash Core Process...
2022-05-31 19:45:09 Step 5: Restart Dnsmasq...
2022-05-31 19:45:09 Step 6: Delete OpenClash Residue File...
2022-05-31 19:45:09 OpenClash Start Running...
2022-05-31 19:45:09 Step 1: Get The Configuration...
2022-05-31 19:45:09 Step 2: Check The Components...
2022-05-31 19:45:09 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start...
2022-05-31 19:45:09 Step 3: Modify The Config File...
2022-05-31 19:45:10 Setting Secondary DNS Server List...
2022-05-31 19:45:10 Step 4: Start Running The Clash Core...
2022-05-31 19:45:10 Tip: Detected The Exclusive Function of The Meta Core, Use Meta Core to Start...
2022-05-31 19:45:11 Step 5: Check The Core Status...
time="2022-05-31T11:45:11Z" level=info msg="Start initial configuration in progress"
time="2022-05-31T11:45:11Z" level=info msg="Geodata Loader mode: memconservative"
time="2022-05-31T11:45:11Z" level=info msg="Initial configuration complete, total time: 1ms"
time="2022-05-31T11:45:11Z" level=info msg="Sniffer is loaded and working"
time="2022-05-31T11:45:11Z" level=info msg="DNS server listening at: [::]:7874"
time="2022-05-31T11:45:11Z" level=info msg="Start initial compatible provider default"
time="2022-05-31T11:45:11Z" level=info msg="Start initial compatible provider PROXY"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider reject"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider direct"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider cncidr"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider applications"
time="2022-05-31T11:45:11Z" level=info msg="RESTful API listening at: [::]:9090"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider telegramcidr"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider lancidr"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider google"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider private"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider greatfire"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider tld-not-cn"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider proxy"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider icloud"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider gfw"
time="2022-05-31T11:45:11Z" level=info msg="Start initial provider apple"
2022-05-31 19:45:14 Step 6: Wait For The File Downloading...
2022-05-31 19:45:14 Step 7: Set Firewall Rules...
2022-05-31 19:45:14 Step 8: Restart Dnsmasq...
2022-05-31 19:45:14 Step 9: Add Cron Rules, Start Daemons...
2022-05-31 19:45:14 OpenClash Start Successful!
2022-05-31 19:46:15 Watchdog: Reset Firewall For Enabling Redirect...
#===================== 活动连接信息 =====================#
1. SourceIP:【192.168.1.101】 - Host:【play.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
2. SourceIP:【192.168.1.25】 - Host:【Empty】 - DestinationIP:【120.92.65.243】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.1.101】 - Host:【api.github.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
4. SourceIP:【192.168.1.101】 - Host:【ogs.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
5. SourceIP:【192.168.1.101】 - Host:【github.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
6. SourceIP:【192.168.1.101】 - Host:【www.instagram.com】 - DestinationIP:【162.125.83.1】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
7. SourceIP:【192.168.1.101】 - Host:【content-autofill.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
8. SourceIP:【192.168.1.97】 - Host:【Empty】 - DestinationIP:【123.125.102.179】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
9. SourceIP:【192.168.1.101】 - Host:【safebrowsing.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.1.46】 - Host:【Empty】 - DestinationIP:【123.125.102.179】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
11. SourceIP:【192.168.1.101】 - Host:【www.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
12. SourceIP:【192.168.1.101】 - Host:【ajax.googleapis.com】 - DestinationIP:【142.251.42.234】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
13. SourceIP:【192.168.1.101】 - Host:【addons-pa.clients6.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
14. SourceIP:【192.168.1.101】 - Host:【clients4.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
15. SourceIP:【192.168.1.101】 - Host:【firestore.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
16. SourceIP:【192.168.1.101】 - Host:【addons-pa.clients6.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
17. SourceIP:【192.168.1.78】 - Host:【Empty】 - DestinationIP:【111.206.203.43】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
18. SourceIP:【192.168.1.158】 - Host:【Empty】 - DestinationIP:【17.57.145.26】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【ss-aws-lightsail】
19. SourceIP:【192.168.1.101】 - Host:【ajax.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
20. SourceIP:【192.168.1.101】 - Host:【fcmconnection.googleapis.com】 - DestinationIP:【172.217.160.106】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
21. SourceIP:【192.168.1.101】 - Host:【eu-v20.events.data.microsoft.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
22. SourceIP:【192.168.1.101】 - Host:【Empty】 - DestinationIP:【35.156.100.7】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【ss-aws-lightsail】
23. SourceIP:【192.168.1.101】 - Host:【firestore.googleapis.com】 - DestinationIP:【172.217.163.42】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
24. SourceIP:【192.168.1.101】 - Host:【www.gstatic.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【DIRECT】
25. SourceIP:【192.168.1.101】 - Host:【signaler-pa.clients6.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
26. SourceIP:【192.168.1.101】 - Host:【app.gitbook.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
27. SourceIP:【192.168.1.101】 - Host:【skydrive.wns.windows.com】 - DestinationIP:【40.119.211.203】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
28. SourceIP:【192.168.1.101】 - Host:【optimizationguide-pa.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
29. SourceIP:【192.168.1.101】 - Host:【www.gstatic.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【DIRECT】
30. SourceIP:【192.168.1.101】 - Host:【camo.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
31. SourceIP:【192.168.1.101】 - Host:【github.githubassets.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
32. SourceIP:【192.168.1.101】 - Host:【o1000929.ingest.sentry.io】 - DestinationIP:【34.120.195.249】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【ss-aws-lightsail】
33. SourceIP:【192.168.1.32】 - Host:【xiaomi5.p2psy3.io.mi.com】 - DestinationIP:【110.43.68.154】 - Network:【udp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
34. SourceIP:【192.168.1.101】 - Host:【safebrowsing.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
35. SourceIP:【192.168.1.101】 - Host:【raw.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
36. SourceIP:【192.168.1.101】 - Host:【www.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
37. SourceIP:【192.168.1.101】 - Host:【www.youtube.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
38. SourceIP:【192.168.1.101】 - Host:【encrypted-tbn0.gstatic.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
39. SourceIP:【192.168.1.78】 - Host:【mtalk.google.com】 - DestinationIP:【64.233.189.188】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
40. SourceIP:【192.168.1.101】 - Host:【alive.github.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
41. SourceIP:【192.168.1.101】 - Host:【0.client-channel.google.com】 - DestinationIP:【108.177.125.189】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
42. SourceIP:【192.168.1.101】 - Host:【nexus-websocket-a.intercom.io】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
43. SourceIP:【192.168.1.101】 - Host:【api-ipv4.ip.sb】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
44. SourceIP:【192.168.1.13】 - Host:【developers.google.cn】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
45. SourceIP:【192.168.1.101】 - Host:【www.notion.so】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【notion.so】 - Lastchain:【ss-aws-lightsail】
46. SourceIP:【192.168.1.32】 - Host:【xiaomi5.p2psy2.io.mi.com】 - DestinationIP:【110.43.39.53】 - Network:【udp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
47. SourceIP:【192.168.1.101】 - Host:【o1000929.ingest.sentry.io】 - DestinationIP:【34.120.195.249】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【ss-aws-lightsail】
48. SourceIP:【192.168.1.101】 - Host:【ssl.gstatic.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【DIRECT】
49. SourceIP:【192.168.1.29】 - Host:【Empty】 - DestinationIP:【111.206.210.100】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
50. SourceIP:【192.168.1.101】 - Host:【mail.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
51. SourceIP:【192.168.1.101】 - Host:【signaler-pa.clients6.google.com】 - DestinationIP:【172.217.160.74】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
52. SourceIP:【192.168.1.102】 - Host:【Empty】 - DestinationIP:【120.52.181.242】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
53. SourceIP:【192.168.1.101】 - Host:【collector.github.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
54. SourceIP:【192.168.1.110】 - Host:【ots.io.mi.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
混合模式
laye0619
commented
2 years ago OpenClash 调试日志
生成时间: 2022-05-31 19:53:40 插件版本: 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: Apple Inc. MacBookPro151/Mac-937A206F2EE63C01 : 6 Core 12 Thread
固件版本: OpenWrt 22.03.0-rc1 05.18.2022
LuCI版本:
内核版本: 5.17.1-t2
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 38692
运行权限: 38692: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.05.18
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本: v1.10.6-9-g9d2fc97
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本: alpha-g26014cb
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/config_laye.yaml
启动配置文件: /etc/openclash/config_laye.yaml
运行模式: fake-ip-mix
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 停用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
allow-lan: true
bind-address: "*"
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
hosts:
dns:
enable: true
listen: 0.0.0.0:7874
ipv6: false
default-nameserver:
- 223.5.5.5
- 114.114.114.114
- 192.168.1.1
- 119.29.29.29
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
- "*.lan"
- "*.localdomain"
- "*.example"
- "*.invalid"
- "*.localhost"
- "*.test"
- "*.local"
- "*.home.arpa"
- time.*.com
- time.*.gov
- time.*.edu.cn
- time.*.apple.com
- time1.*.com
- time2.*.com
- time3.*.com
- time4.*.com
- time5.*.com
- time6.*.com
- time7.*.com
- ntp.*.com
- ntp1.*.com
- ntp2.*.com
- ntp3.*.com
- ntp4.*.com
- ntp5.*.com
- ntp6.*.com
- ntp7.*.com
- "*.time.edu.cn"
- "*.ntp.org.cn"
- "+.pool.ntp.org"
- time1.cloud.tencent.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "*.msftconnecttest.com"
- "*.msftncsi.com"
- msftconnecttest.com
- msftncsi.com
- localhost.ptlogin2.qq.com
- localhost.sec.qq.com
- "+.srv.nintendo.net"
- "+.stun.playstation.net"
- xbox.*.microsoft.com
- xnotify.xboxlive.com
- "+.battlenet.com.cn"
- "+.wotgame.cn"
- "+.wggames.cn"
- "+.wowsgame.cn"
- "+.wargaming.net"
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- "+.stun.*.*"
- "+.stun.*.*.*"
- "+.stun.*.*.*.*"
- heartbeat.belkin.com
- "*.linksys.com"
- "*.linksyssmartwifi.com"
- "*.router.asus.com"
- mesu.apple.com
- swscan.apple.com
- swquery.apple.com
- swdownload.apple.com
- swcdn.apple.com
- swdist.apple.com
- lens.l.google.com
- stun.l.google.com
- "+.nflxvideo.net"
- "*.square-enix.com"
- "*.finalfantasyxiv.com"
- "*.ffxiv.com"
- "*.mcdn.bilivideo.cn"
- time-ios.apple.com
- "+.msftconnecttest.com"
- "+.msftncsi.com"
- "*.n.n.srv.nintendo.net"
- xbox.*.*.microsoft.com
- "*.*.xboxlive.com"
- "+.stun.*.*.*.*.*"
- "*.ff14.sdo.com"
- ff.dorado.sdo.com
- "+.media.dssott.com"
- shark007.net
- "+.io.mi.com"
nameserver:
- 223.5.5.5
- 114.114.114.114
- 192.168.1.1
- 119.29.29.29
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
fallback-filter:
geoip: false
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
domain:
- "+.google.com"
- "+.facebook.com"
- "+.youtube.com"
- "+.githubusercontent.com"
- "+.googlevideo.com"
fallback:
- https://dns.cloudflare.com/dns-query
- https://public.dns.iij.jp/dns-query
- https://jp.tiar.app/dns-query
- https://jp.tiarap.org/dns-query
- tls://dot.tiar.app
tun:
enable: true
stack: system
device: utun
auto-route: false
auto-detect-interface: false
dns-hijack:
- tcp://any:53
proxy-groups:
- name: PROXY
type: select
proxies:
- ss-aws-lightsail
rule-providers:
reject:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt
path: "./rule_provider/reject.yaml"
interval: 86400
icloud:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt
path: "./rule_provider/icloud.yaml"
interval: 86400
apple:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt
path: "./rule_provider/apple.yaml"
interval: 86400
google:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt
path: "./rule_provider/google.yaml"
interval: 86400
proxy:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt
path: "./rule_provider/proxy.yaml"
interval: 86400
direct:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt
path: "./rule_provider/direct.yaml"
interval: 86400
private:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt
path: "./rule_provider/private.yaml"
interval: 86400
gfw:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt
path: "./rule_provider/gfw.yaml"
interval: 86400
greatfire:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/greatfire.txt
path: "./rule_provider/greatfire.yaml"
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt
path: "./rule_provider/tld-not-cn.yaml"
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt
path: "./rule_provider/telegramcidr.yaml"
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt
path: "./rule_provider/cncidr.yaml"
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt
path: "./rule_provider/lancidr.yaml"
interval: 86400
applications:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt
path: "./rule_provider/applications.yaml"
interval: 86400
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- DOMAIN-SUFFIX,notion.so,PROXY
- DOMAIN-SUFFIX,500px.com,PROXY
- DOMAIN-SUFFIX,laye.wang,DIRECT
- DOMAIN-SUFFIX,speedtest.net,DIRECT
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- RULE-SET,google,DIRECT
- RULE-SET,proxy,PROXY
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,PROXY
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,PROXY
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
external-ui: "/usr/share/openclash/ui"
ipv6: false
geodata-mode: false
geodata-loader: memconservative
tcp-concurrent: true
sniffer:
enable: true
sniffing:
- tls
- http
force-domain:
- "+.netflix.com"
- "+.nflxvideo.net"
- "+.amazonaws.com"
- "+.media.dssott.com"
- "+.google.com"
skip-domain:
- "+.apple.com"
- Mijia Cloud
- "+.jd.com"
profile:
store-selected: true
store-fake-ip: true
#===================== 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Tue May 31 19:53:41 2022
*nat
:PREROUTING ACCEPT [3:532]
:INPUT ACCEPT [45:2862]
:OUTPUT ACCEPT [78:4962]
:POSTROUTING ACCEPT [84:5355]
:ADBYBY - [0:0]
:DOCKER_OUTPUT - [0:0]
:DOCKER_POSTROUTING - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_rule - [0:0]
:prerouting_rule - [0:0]
-A PREROUTING -p tcp -m comment --comment "OpenClash TCP DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 80 -j ADBYBY
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -p tcp -j openclash
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m comment --comment DNSMASQ -m tcp --dport 53 -j REDIRECT --to-ports 53
-A OUTPUT -d 127.0.0.11/32 -j DOCKER_OUTPUT
-A OUTPUT -j openclash_output
-A POSTROUTING -d 127.0.0.11/32 -j DOCKER_POSTROUTING
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A ADBYBY -d 0.0.0.0/8 -j RETURN
-A ADBYBY -d 10.0.0.0/8 -j RETURN
-A ADBYBY -d 127.0.0.0/8 -j RETURN
-A ADBYBY -d 169.254.0.0/16 -j RETURN
-A ADBYBY -d 172.16.0.0/12 -j RETURN
-A ADBYBY -d 192.168.0.0/16 -j RETURN
-A ADBYBY -d 224.0.0.0/4 -j RETURN
-A ADBYBY -d 240.0.0.0/4 -j RETURN
-A ADBYBY -m set --match-set adbyby_esc dst -j RETURN
-A ADBYBY -m set ! --match-set adbyby_wan dst -j RETURN
-A ADBYBY -p tcp -j REDIRECT --to-ports 8118
-A DOCKER_OUTPUT -d 127.0.0.11/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.11:43049
-A DOCKER_OUTPUT -d 127.0.0.11/32 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.11:33261
-A DOCKER_POSTROUTING -s 127.0.0.11/32 -p tcp -m tcp --sport 43049 -j SNAT --to-source :53
-A DOCKER_POSTROUTING -s 127.0.0.11/32 -p udp -m udp --sport 33261 -j SNAT --to-source :53
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
COMMIT
# Completed on Tue May 31 19:53:41 2022
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Tue May 31 19:53:41 2022
*mangle
:PREROUTING ACCEPT [950:213789]
:INPUT ACCEPT [865:202914]
:FORWARD ACCEPT [85:10875]
:OUTPUT ACCEPT [845:218766]
:POSTROUTING ACCEPT [928:229193]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
-A PREROUTING -p udp -j openclash
-A PREROUTING -p tcp -m tcp --dport 53 -j openclash_dns_hijack
-A OUTPUT -j openclash_output
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -p tcp -m comment --comment "OpenClash TCP DNS Hijack" -m tcp --dport 53 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Tue May 31 19:53:41 2022
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Tue May 31 19:53:41 2022
*filter
:INPUT ACCEPT [47:3000]
:FORWARD ACCEPT [12:1302]
:OUTPUT ACCEPT [63:3844]
:MINIUPNPD - [0:0]
:forwarding_rule - [0:0]
:input_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -o utun -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -m set --match-set blockip dst -j DROP
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m set --match-set blockip dst -j DROP
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Tue May 31 19:53:41 2022
#IPv6 NAT chain
# Generated by ip6tables-save v1.8.7 on Tue May 31 19:53:41 2022
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m comment --comment DNSMASQ -m tcp --dport 53 -j REDIRECT --to-ports 53
COMMIT
# Completed on Tue May 31 19:53:41 2022
#IPv6 Mangle chain
# Generated by ip6tables-save v1.8.7 on Tue May 31 19:53:41 2022
*mangle
:PREROUTING ACCEPT [210:72042]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Tue May 31 19:53:41 2022
#IPv6 Filter chain
# Generated by ip6tables-save v1.8.7 on Tue May 31 19:53:41 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_rule - [0:0]
:input_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
COMMIT
# Completed on Tue May 31 19:53:41 2022
#===================== IPSET状态 =====================#
Name: adbyby_esc
Name: adbyby_wan
Name: blockip
Name: china_ip_route
Name: localnetwork
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br-lan
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
198.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 utun
#ip route list
default via 192.168.1.1 dev br-lan proto static
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.2
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== Tun设备状态 =====================#
utun: tun
#===================== 端口占用状态 =====================#
tcp 0 0 0.0.0.0:42455 0.0.0.0:* LISTEN 38692/clash
tcp 0 0 :::7892 :::* LISTEN 38692/clash
tcp 0 0 :::7893 :::* LISTEN 38692/clash
tcp 0 0 :::7895 :::* LISTEN 38692/clash
tcp 0 0 :::7890 :::* LISTEN 38692/clash
tcp 0 0 :::7891 :::* LISTEN 38692/clash
tcp 0 0 :::9090 :::* LISTEN 38692/clash
udp 0 0 :::36663 :::* 38692/clash
udp 0 0 :::46212 :::* 38692/clash
udp 0 0 :::7874 :::* 38692/clash
udp 0 0 :::7891 :::* 38692/clash
udp 0 0 :::7892 :::* 38692/clash
udp 0 0 :::7893 :::* 38692/clash
udp 0 0 :::7895 :::* 38692/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.11
Address: 127.0.0.11:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 110.242.68.3
Name: www.a.shifen.com
Address: 110.242.68.4
#===================== resolv.conf.d =====================#
# Interface lan
nameserver 223.5.5.5
nameserver 114.114.114.114
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Tue, 31 May 2022 11:53:41 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
HTTP/2 200
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "7454d24b4da496745bb088bba9f9900d8c0ab5b45c1af1677f49d7262484b70d"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: F6CA:783E:9EA89:12F05A:62919A39
accept-ranges: bytes
date: Tue, 31 May 2022 11:53:41 GMT
via: 1.1 varnish
x-served-by: cache-qpg1222-QPG
x-cache: HIT
x-cache-hits: 1
x-timer: S1653998022.501649,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: 41445d6494681e185fda81940a7b9a91ec6d85b8
expires: Tue, 31 May 2022 11:58:41 GMT
source-age: 60
content-length: 80
#===================== 最近运行日志 =====================#
2022-05-31 19:52:27 Step 6: Wait For The File Downloading...
2022-05-31 19:52:27 Step 7: Set Firewall Rules...
2022-05-31 19:52:27 Step 8: Restart Dnsmasq...
2022-05-31 19:52:28 Step 9: Add Cron Rules, Start Daemons...
2022-05-31 19:52:28 OpenClash Start Successful!
2022-05-31 19:52:32 Reload OpenClash Firewall Rules...
2022-05-31 19:53:17 OpenClash Stoping...
2022-05-31 19:53:17 Step 1: Backup The Current Groups State...
2022-05-31 19:53:17 Step 2: Delete OpenClash Firewall Rules...
2022-05-31 19:53:18 Step 3: Close The OpenClash Daemons...
2022-05-31 19:53:18 Step 4: Close The Clash Core Process...
2022-05-31 19:53:18 Step 5: Restart Dnsmasq...
2022-05-31 19:53:18 Step 6: Delete OpenClash Residue File...
2022-05-31 19:53:18 OpenClash Start Running...
2022-05-31 19:53:18 Step 1: Get The Configuration...
2022-05-31 19:53:18 Step 2: Check The Components...
2022-05-31 19:53:18 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start...
2022-05-31 19:53:18 Step 3: Modify The Config File...
2022-05-31 19:53:19 Setting Secondary DNS Server List...
2022-05-31 19:53:19 Step 4: Start Running The Clash Core...
2022-05-31 19:53:19 Tip: Detected The Exclusive Function of The Meta Core, Use Meta Core to Start...
2022-05-31 19:53:20 Step 5: Check The Core Status...
time="2022-05-31T11:53:20Z" level=info msg="Start initial configuration in progress"
time="2022-05-31T11:53:20Z" level=info msg="Geodata Loader mode: memconservative"
time="2022-05-31T11:53:20Z" level=info msg="Initial configuration complete, total time: 1ms"
time="2022-05-31T11:53:20Z" level=info msg="Sniffer is loaded and working"
time="2022-05-31T11:53:20Z" level=info msg="DNS server listening at: [::]:7874"
time="2022-05-31T11:53:20Z" level=info msg="Start initial compatible provider default"
time="2022-05-31T11:53:20Z" level=info msg="RESTful API listening at: [::]:9090"
time="2022-05-31T11:53:20Z" level=info msg="Start initial compatible provider PROXY"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider proxy"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider lancidr"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider apple"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider google"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider private"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider gfw"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider telegramcidr"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider direct"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider reject"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider applications"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider icloud"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider cncidr"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider tld-not-cn"
time="2022-05-31T11:53:20Z" level=info msg="Start initial provider greatfire"
2022-05-31 19:53:23 Step 6: Wait For The File Downloading...
2022-05-31 19:53:23 Step 7: Set Firewall Rules...
2022-05-31 19:53:23 Step 8: Restart Dnsmasq...
2022-05-31 19:53:23 Step 9: Add Cron Rules, Start Daemons...
2022-05-31 19:53:23 OpenClash Start Successful!
2022-05-31 19:53:28 Reload OpenClash Firewall Rules...
#===================== 活动连接信息 =====================#
1. SourceIP:【192.168.1.101】 - Host:【nexus-websocket-a.intercom.io】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
2. SourceIP:【192.168.1.101】 - Host:【mtalk.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
3. SourceIP:【192.168.1.101】 - Host:【0.client-channel.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
4. SourceIP:【192.168.1.25】 - Host:【Empty】 - DestinationIP:【120.92.65.243】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
5. SourceIP:【198.18.0.2】 - Host:【api-ipv4.ip.sb】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
6. SourceIP:【192.168.1.101】 - Host:【fcmconnection.googleapis.com】 - DestinationIP:【172.217.163.42】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
7. SourceIP:【192.168.1.101】 - Host:【firestore.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
8. SourceIP:【192.168.1.101】 - Host:【chat-pa.clients6.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
9. SourceIP:【192.168.1.101】 - Host:【whois.pconline.com.cn】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.1.101】 - Host:【hangouts.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
11. SourceIP:【192.168.1.101】 - Host:【signaler-pa.clients6.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
12. SourceIP:【192.168.1.97】 - Host:【Empty】 - DestinationIP:【120.52.181.242】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
13. SourceIP:【192.168.1.101】 - Host:【0.client-channel.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
14. SourceIP:【192.168.1.101】 - Host:【www.instagram.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
15. SourceIP:【192.168.1.101】 - Host:【signaler-pa.clients6.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
16. SourceIP:【192.168.1.101】 - Host:【ocsp.pki.goog】 - DestinationIP:【203.208.43.66】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【DIRECT】
17. SourceIP:【198.18.0.2】 - Host:【api.ipify.org】 - DestinationIP:【3.220.57.224】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【ss-aws-lightsail】
18. SourceIP:【192.168.1.32】 - Host:【Empty】 - DestinationIP:【42.157.165.251】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
19. SourceIP:【192.168.1.101】 - Host:【play.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
20. SourceIP:【192.168.1.102】 - Host:【Empty】 - DestinationIP:【111.202.1.243】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
21. SourceIP:【192.168.1.101】 - Host:【clients4.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
22. SourceIP:【192.168.1.101】 - Host:【0.client-channel.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
23. SourceIP:【192.168.1.101】 - Host:【alive.github.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
24. SourceIP:【192.168.1.101】 - Host:【chat-pa.clients6.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【ss-aws-lightsail】
不行?
laye0619
commented
2 years ago 不行的 如果可以我肯定说啦
laye0619
commented
2 years ago 现在就是这个混合模式不行 当然单独tun也不行 就是fakeip增强可以的
laye0619
commented
2 years ago 大神可有workaround?比如想个办法直接把这个摄像机192.168.1.32排除在openclash之外
vernesong
commented
2 years ago redir模式有访问控制
laye0619
commented
2 years ago 我是在docker里面运行的openwrt容器,linux环境开启网卡混杂模式,这个会不会对于tun有影响?
vernesong
commented
2 years ago 你先测udp通不通吧
laye0619
commented
2 years ago udp 是通的:192.168.1.2是openwrt docker容器地址
然后从本地局域网客户段,经过192.168.1.2网关(openclash已经启动混合模式),nc 120.92.65.243 8053也是好的
可以看到连接
laye0619
commented
2 years ago fake-ip 混合模式下,开启视频会议测试了一下,看起来也是流量正常的
vernesong
commented
2 years ago 搞不懂了,增强模式是正常的吗,tun有问题就是?
vernesong
commented
2 years ago 你看看流量是不是代理了
laye0619
commented
2 years ago 流量没有代理,我也很奇怪;这个138就是小米摄像机的ip,可以看到连接是建立出来了的了,但是就是没有啥流量,对应手机端也显示连接失败
laye0619
commented
2 years ago 不管怎样,您考虑把这个‘+.io.mi.com’加到默认的dns高级设置里面吧
laye0619
commented
2 years ago 是的,就是混合模式,或者TUN模式都是又问题的,FAKE-IP增强模式没问题
vernesong
commented
2 years ago docker的缘故吧,原因未知
laye0619
commented
2 years ago 我找到原因了,但是还是不会设置,应该是防火墙的问题,我目前openwrt是作为旁路网关(192.168.1.2)来的,openwrt默认网关设置的是主路由192.168.1.1 openwrt打开了dhcp最为网络内唯一dhcp服务器(主路由关闭了dhcp) 如果我openwrt防火墙关闭了转发,那么就小米摄像机就可以访问了,但是如果开启了转发,就不能访问了。
请问如果作为旁路网关,防火墙应该是怎么设置的?多谢!
feng1992
commented
2 years ago 不是docker的缘故,我也有个小米智能家居,防火墙也是转发的使用meta内核就不能外网访问。不使用meta内核就正常,更新meta内核最新还是不行
laye0619
commented
2 years ago 但是不用meta内核就不能订阅rule set了
feng1992
commented
2 years ago meta支持sniffer,跳过嗅探,你知道摄像头相关域名吗?
laye0619
commented
2 years ago meta支持sniffer,跳过嗅探,你知道摄像头相关域名吗?
已经加上了跳过嗅探:- ’+.io.mi.com' 不行的
vernesong
commented
2 years ago @Skyxim
github-actions[bot]
commented
2 years ago This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
Toylee2019
commented
1 year ago 最终如何解决的 2022-11-29 15:58:47 level=warning msg="[TCP] dial 🎯 全球直连 (match GeoIP(CN)) to Mijia Cloud:443 error: couldn't find ip" 2022-11-29 15:58:47 level=debug msg="[Process] find process Mijia Cloud: netlink message: NLMSG_ERROR" 2022-11-29 15:58:47 level=debug msg="[Process] find process Mijia Cloud: netlink message: NLMSG_ERROR" 2022-11-29 15:58:47 level=debug msg="[Process] find process Mijia Cloud: netlink message: NLMSG_ERROR" 2022-11-29 15:58:47 level=debug msg="[Process] find process Mijia Cloud: netlink message: NLMSG_ERROR" 2022-11-29 15:58:47 level=debug msg="[Process] find process Mijia Cloud: netlink message: NLMSG_ERROR"
Verify Steps
OpenClash Version
v0.45.22-beta
Bug on Environment
Docker
Bug on Platform
Linux-amd64(x86-64)
To Reproduce
在redir-host模式下,正常连接 在fake-ip增强模式下,通过修改dns高级设置,加入xiaomi5.p2psy3.io.mi.com(通过观察连接得出),正常 在fake-ip混合模式下,即使修改了dns高级设置,也不能访问
这里说的‘不能访问’,指的是外网不能访问小米摄像机(通过米家);内网访问一切正常(通过米家) 如果关闭openclash,内外网访问小米摄像机一切正常
Describe the Bug
在redir-host模式下,正常连接 在fake-ip增强模式下,通过修改dns高级设置,加入xiaomi5.p2psy3.io.mi.com(通过观察连接得出),正常 在fake-ip混合模式下,即使修改了dns高级设置,也不能访问
这里说的‘不能访问’,指的是外网不能访问小米摄像机(通过米家);内网访问一切正常(通过米家) 如果关闭openclash,内外网访问小米摄像机一切正常
OpenClash Log
OpenClash 调试日志
生成时间: 2022-05-31 16:02:05 插件版本: 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息