[Bug] 已经启动，通过浏览器配置代理的方式可以出去，但是通过配置网关则不行

[huangfeng19820712]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.45.22--beta

Bug on Environment

Official OpenWrt

Bug on Platform

Linux-armv8

To Reproduce

我就是把掉电源后，出现这种情况，openclass已经有重装过一次，也还是这样，是不是防火墙配置有问题？

Describe the Bug

能正常运行，通过浏览器配置代理端口的方式能正常使用，但是通过修改PC的网关与dns为旁路由地址，怎无法访问，是都不能访问。

OpenClash Log

OpenClash 调试日志

生成时间: 2022-06-01 09:42:30 插件版本: v0.38.7-beta

===================== 系统信息 =====================

主机型号: Phicomm N1 固件版本: LuCI版本: git-19.338.43082-9e87e69-1 内核版本: 5.4.13-amlogic-flippy-22+ 处理器架构: aarch64_generic

此项在使用Tun模式时应为ACCEPT

防火墙转发: ACCEPT

此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP

IPV6-DHCP:

此项结果应仅有配置文件的DNS监听地址

Dnsmasq转发设置:

===================== 依赖检查 =====================

dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 jsonfilter: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 iptables-mod-tproxy: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci-19.07): 未安装

===================== 内核检查 =====================

运行状态: 运行中 已选择的架构: linux-armv8

下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限

Tun内核版本: Tun内核文件: 不存在 Tun内核运行权限: 否

Game内核版本: Game内核文件: 不存在 Game内核运行权限: 否

Dev内核版本: v1.10.6-9-g9d2fc97 Dev内核文件: 存在 Dev内核运行权限: 正常

===================== 插件设置 =====================

当前配置文件: /etc/openclash/config/config.yaml 运行模式: redir-host 默认代理模式: Rule UDP流量转发: 启用 DNS劫持: 启用 自定义DNS: 停用 IPV6-DNS解析: 停用 禁用Dnsmasq缓存: 停用 自定义规则: 停用 仅允许内网: 停用 仅代理命中规则流量: 停用

启动异常时建议关闭此项后重试

保留配置: 停用 第三方规则: 停用

===================== 配置文件 =====================

port: 7890 socks-port: 7891 redir-port: 7892 mixed-port: 7893 allow-lan: true bind-address: "*" mode: Rule log-level: silent ipv6: false hosts:

Custom HOSTS

experimental hosts, support wildcard (e.g. .clash.dev Even .foo.*.example.com)

static domain has a higher priority than wildcard domain (foo.example.com > *.example.com)

NOTE: hosts don't work with fake-ip

'*.clash.dev': 127.0.0.1

'alpha.clash.dev': '::1'

Custom HOSTS END

services.googleapis.cn: 216.58.200.67 www.google.cn: 216.58.200.67 external-controller: 0.0.0.0:9090 clash-for-android: append-system-dns: false profile: tracing: true secret: "123456" external-ui: "/usr/share/openclash/dashboard" dns: enable: true listen: 127.0.0.1:8853 default-nameserver:

• 223.5.5.5
• 1.0.0.1 ipv6: false enhanced-mode: redir-host fake-ip-filter:
• "*.lan"
• stun...*
• stun..
• time.windows.com
• time.nist.gov
• time.apple.com
• time.asia.apple.com
• "*.ntp.org.cn"
• "*.openwrt.pool.ntp.org"
• time1.cloud.tencent.com
• time.ustc.edu.cn
• pool.ntp.org
• ntp.ubuntu.com
• ntp.aliyun.com
• ntp1.aliyun.com
• ntp2.aliyun.com
• ntp3.aliyun.com
• ntp4.aliyun.com
• ntp5.aliyun.com
• ntp6.aliyun.com
• ntp7.aliyun.com
• time1.aliyun.com
• time2.aliyun.com
• time3.aliyun.com
• time4.aliyun.com
• time5.aliyun.com
• time6.aliyun.com
• time7.aliyun.com
• "*.time.edu.cn"
• time1.apple.com
• time2.apple.com
• time3.apple.com
• time4.apple.com
• time5.apple.com
• time6.apple.com
• time7.apple.com
• time1.google.com
• time2.google.com
• time3.google.com
• time4.google.com
• music.163.com
• "*.music.163.com"
• "*.126.net"
• musicapi.taihe.com
• music.taihe.com
• songsearch.kugou.com
• trackercdn.kugou.com
• "*.kuwo.cn"
• api-jooxtt.sanook.com
• api.joox.com
• joox.com
• y.qq.com
• "*.y.qq.com"
• streamoc.music.tc.qq.com
• mobileoc.music.tc.qq.com
• isure.stream.qqmusic.qq.com
• dl.stream.qqmusic.qq.com
• aqqmusic.tc.qq.com
• amobile.music.tc.qq.com
• "*.xiami.com"
• "*.music.migu.cn"
• music.migu.cn
• "*.msftconnecttest.com"
• "*.msftncsi.com"
• localhost.ptlogin2.qq.com
• "..*.srv.nintendo.net"
• "..stun.playstation.net"
• xbox...microsoft.com
• "*.ipv6.microsoft.com"
• "..xboxlive.com"
• speedtest.cros.wr.pvp.net nameserver:
• https://223.6.6.6/dns-query
• https://rubyfish.cn/dns-query
• https://dns.pub/dns-query fallback:
• https://dns.rubyfish.cn/dns-query
• https://public.dns.iij.jp/dns-query
• tls://8.8.4.4 fallback-filter: geoip: true ipcidr:
  • 240.0.0.0/4
  • 0.0.0.0/32
  • 127.0.0.1/32 domain:
  • +.google.com
  • +.facebook.com
  • +.twitter.com
  • +.youtube.com
  • +.xn--ngstr-lra8j.com
  • +.google.cn
  • +.googleapis.cn
  • +.googleapis.com
  • +.gvt1.com

===================== 防火墙设置 =====================

NAT chain

Chain PREROUTING (policy ACCEPT) num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 8.8.4.4 redir ports 7892 2 REDIRECT tcp -- 0.0.0.0/0 8.8.8.8 redir ports 7892 3 REDIRECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 redir ports 53 4 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 redir ports 53 5 prerouting_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom prerouting rule chain / 6 zone_lan_prerouting all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 / 7 zone_vpn_prerouting all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 / 8 openclash tcp -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT) num target prot opt source destination

Mangle chain

Chain PREROUTING (policy ACCEPT) num target prot opt source destination
1 openclash udp -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT) num target prot opt source destination

===================== 路由表状态 =====================

route -n

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.5.1 0.0.0.0 UG 0 0 0 br-lan 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan

ip route list

default via 192.168.5.1 dev br-lan proto static 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.5.0/24 dev br-lan proto kernel scope link src 192.168.5.254

ip rule show

0: from all lookup local 32765: from all fwmark 0x162 lookup 354 32766: from all lookup main 32767: from all lookup default

===================== 端口占用状态 =====================

tcp 0 0 :::9090 ::: LISTEN 20733/clash tcp 0 0 :::7890 ::: LISTEN 20733/clash tcp 0 0 :::7891 ::: LISTEN 20733/clash tcp 0 0 :::7892 ::: LISTEN 20733/clash tcp 0 0 :::7893 ::: LISTEN 20733/clash udp 0 0 127.0.0.1:8853 0.0.0.0: 20733/clash udp 0 0 :::7891 ::: 20733/clash udp 0 0 :::7892 ::: 20733/clash udp 0 0 :::7893 :::* 20733/clash

===================== 测试本机DNS查询 =====================

Server: 192.168.5.1 Address: 192.168.5.1#53

Name: www.baidu.com Address 1: 14.215.177.39 Address 2: 14.215.177.38 www.baidu.com canonical name = www.a.shifen.com

===================== resolv.conf.auto =====================

Interface lan

nameserver 192.168.5.1

===================== 测试本机网络连接 =====================

HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Connection: keep-alive Content-Length: 277 Content-Type: text/html Date: Wed, 01 Jun 2022 01:42:32 GMT Etag: "575e1f72-115" Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT Pragma: no-cache Server: bfe/1.0.8.18

===================== 测试本机网络下载 =====================

HTTP/1.1 200 Connection established

HTTP/1.1 200 OK Connection: keep-alive Content-Length: 80 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: text/plain; charset=utf-8 ETag: "7454d24b4da496745bb088bba9f9900d8c0ab5b45c1af1677f49d7262484b70d" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-GitHub-Request-Id: 8C44:3F0D:30F57:C1704:62919ADE Accept-Ranges: bytes Date: Wed, 01 Jun 2022 01:42:32 GMT Via: 1.1 varnish X-Served-By: cache-hkg17933-HKG X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1654047752.354127,VS0,VE1 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: * X-Fastly-Request-ID: 920eb99e44a57dfc3d7f9d9c7799784ac38db0fe Expires: Wed, 01 Jun 2022 01:47:32 GMT Source-Age: 224

===================== 最近运行日志 =====================

2022-06-01 09:12:28 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:13:28 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:14:29 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:15:29 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:16:29 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:17:29 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:18:30 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:19:30 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:20:30 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:21:31 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:22:31 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:23:31 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:24:32 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:25:32 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:26:32 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:27:32 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:28:33 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:29:33 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:30:33 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:31:34 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:32:34 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:33:34 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:34:34 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:35:35 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:36:35 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:37:35 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:38:36 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:39:36 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:40:36 Watchdog: Force Reset DNS Hijack. 2022-06-01 09:41:36 Watchdog: Force Reset DNS Hijack.

OpenClash Config

No response

Expected Behavior

通过修改网关与dns能正常使用

Screenshots

No response

[vernesong]

找个新点的固件吧，插件版本也太老了

[huangfeng19820712]

好的

[huangfeng19820712]

是固件的原因吗？之前是能正常使用的，后面重启后才这样？换最新的openclash版本可以？

[hiyuxiang]

自从clash内核取消Redir-Host 远程解析这是这样了，一定要把dns里的dns远程解析的选项勾上（最新版本的openclash好像找不到这个选项了？），曾经有一段时间把旁路由模式勾上也可以，但之后再也不行了，只有把远程解析勾上，就能做到代理和网关的方式都能用，后面有meta内核，就改用meta内核，就不存在这些问题了，即不用勾旁路由，也不用勾远程解析。

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[Mathes1s]

同样有这个问题，换了meta core也不行，可以请问怎么解决的么