vernesong
commented
1 year ago IP不能登录还是域名,什么模式
Closed zhyhub123 closed 1 year ago
vernesong
commented
1 year ago IP不能登录还是域名,什么模式
zhyhub123
commented
1 year ago openclash的模式是fake-ip,meta内核,版本v0.45.59。 软路由的登录ip是192.168.1.1:80。设置了外网访问和ddns,一样是不能登录,都必须是拔网线。而且,接上网线后,立即登录才行,过一会就又开始转圈了,不能登录。
zhyhub123
commented
1 year ago 在软路由安装了阿里云盘的webdab插件(aliyundrive-webdav),在停用本地dns劫持后,也可以正常访问了。之前,infuse加载的结果是空文件夹。 这里,怎样设置可以例外放行?
vernesong
commented
1 year ago 发调试日志
zhyhub123
commented
1 year ago 怎样生成调试日志?在运行日志那里?看过别人发的日志,不知道在哪获取。请指教,谢谢
zhyhub123
commented
1 year ago OpenClash 调试日志
生成时间: 2023-01-29 18:15:19 插件版本: v0.45.59-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: Intel(R) Celeron(R) CPU 3965U @ 2.20GHz : 2 Core 2 Thread
固件版本: OpenWrt 19.07-SNAPSHOT r11415-e9b50d9376
LuCI版本: git-c7a5ae0-1
内核版本: 4.14.212
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: server
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置:
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 8565
运行权限: 8565: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.01.01.g0ab75c5
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本: v1.3.5-4-g6fedd7e
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本: alpha-g9b89ff9
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/New.yaml
启动配置文件: /etc/openclash/New.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 停用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 启用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 停用
路由本机代理: 停用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 启用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
redir-port: 7892
allow-lan: true
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
dns:
enable: true
ipv6: false
listen: 0.0.0.0:7874
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
nameserver:
- 114.114.114.114
- 119.29.29.29
- 119.28.28.28
- 223.5.5.5
- 202.106.195.68:53
fallback:
- https://cloudflare-dns.com/dns-query
- https://dns.google/dns-query
- tls://dns.google:853
- https://1.1.1.1/dns-query
- tls://1.1.1.1:853
- tls://8.8.8.8:853
fallback-filter:
geoip: true
ipcidr:
- 240.0.0.0/4
fake-ip-filter:
- "*.lan"
- time.windows.com
- time.nist.gov
- time.apple.com
- time.asia.apple.com
- "*.ntp.org.cn"
- "*.openwrt.pool.ntp.org"
- time1.cloud.tencent.com
- time.ustc.edu.cn
- pool.ntp.org
- ntp.ubuntu.com
- ntp.aliyun.com
- ntp1.aliyun.com
- ntp2.aliyun.com
- ntp3.aliyun.com
- ntp4.aliyun.com
- ntp5.aliyun.com
- ntp6.aliyun.com
- ntp7.aliyun.com
- time1.aliyun.com
- time2.aliyun.com
- time3.aliyun.com
- time4.aliyun.com
- time5.aliyun.com
- time6.aliyun.com
- time7.aliyun.com
- "*.time.edu.cn"
- time1.apple.com
- time2.apple.com
- time3.apple.com
- time4.apple.com
- time5.apple.com
- time6.apple.com
- time7.apple.com
- time1.google.com
- time2.google.com
- time3.google.com
- time4.google.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "*.msftconnecttest.com"
- "*.msftncsi.com"
- localhost.ptlogin2.qq.com
- "+.srv.nintendo.net"
- "+.stun.playstation.net"
- xbox.*.microsoft.com
- "+.xboxlive.com"
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- heartbeat.belkin.com
- "*.linksys.com"
- "*.linksyssmartwifi.com"
- fshub.us
- "*.fshub.us"
- www.fshub.us
- 192.168.1.1
- "+.dns.google"
proxy-groups:
- name: "\U0001F4F2 聊天软件"
type: select
use:
- 全部节点8
proxies:
- Vmshell
- Tencent
- Ali
- Vir
- Rak-HK
- name: "\U0001F3AC Google"
type: select
use:
- 全部节点8
proxies:
- Tencent-Ali
- Tencent
- Vmshell-Vir
- Ali
- Rak-HK
- Vir
- name: "\U0001F3AC NowE"
type: select
use:
- 全部节点8
proxies:
- Tencent-Ali
- Tencent
- Vmshell-Vir
- Ali
- Rak-HK
- Vir
- name: "\U0001F3AC YouTube"
type: select
use:
- 全部节点8
proxies:
- Tencent-Ali
- Tencent
- Vmshell-Vir
- Ali
- Rak-HK
- Vir
- name: "\U0001F3AC NETFLIX"
type: select
use:
- 全部节点8
proxies:
- Tencent-Ali
- Tencent
- Ali
- name: "\U0001F3AC Prime"
type: select
use:
- 全部节点8
proxies:
- Vmshell
- Vmshell-Vir
- Rak-HK
- name: "\U0001F3AC Star"
type: select
use:
- 全部节点8
- name: "\U0001F3AC DAZN"
type: select
use:
- 全部节点8
proxies:
- Vmshell-Vir
- Tencent
- Ali
- Rak-HK
- name: "\U0001F3AC NBA"
type: select
use:
- 全部节点8
proxies:
- Vmshell-Vir
- Tencent
- Ali
- Rak-HK
- name: "\U0001F3AC Discovery+ PH"
type: select
use:
- 全部节点8
proxies:
- Rak-HK
- Vmshell-Vir
- Vmshell-Ali
- name: "\U0001F3AC DisneyPlus"
type: select
use:
- 全部节点8
proxies:
- Tencent-Ali
- Tencent
- Ali
- Rak-HK
- name: "\U0001F3AC HBO GO"
type: select
use:
- 全部节点8
- name: "\U0001F3AC HBO MAX"
type: select
use:
- 全部节点8
proxies:
- Vmshell-Vir
- Rak-HK
- name: "\U0001F3AC Paramountplus"
type: select
use:
- 全部节点8
proxies:
- Vmshell-Vir
- Vmshell
- Rak-HK
- name: "\U0001F3AC EMBY"
type: select
use:
- 全部节点8
proxies:
- DIRECT
- name: "\U0001F3AC 巴哈姆特"
type: select
use:
- 全部节点8
proxies:
- DIRECT
- name: "\U0001F3AC 日韩媒体"
type: select
use:
- 全部节点8
proxies:
- Vir
- name: "\U0001F3AC 国外媒体"
type: select
use:
- 全部节点8
- name: "\U0001F3AC 港台媒体"
type: select
use:
- 全部节点8
- name: "\U0001F30F 国外网站"
type: select
use:
- 全部节点8
- name: "\U0001F1E7\U0001F1F9 BT&PT"
type: select
use:
- 全部节点8
proxies:
- DIRECT
- name: "\U0001F3B5 Spotify"
type: select
use:
- 全部节点8
proxies:
- DIRECT
- name: "\U0001F3B5 TikTok"
type: select
use:
- 全部节点8
proxies:
- DIRECT
- name: "\U0001F34E 苹果服务"
type: select
proxies:
- DIRECT
use:
- 全部节点8
- name: "\U0001F34E 苹果新闻"
type: select
use:
- 全部节点8
- name: "\U0001F9E9 微软服务"
type: select
proxies:
- DIRECT
use:
- 全部节点8
- name: "\U0001F3AC 爱奇艺"
type: select
use:
- 全部节点8
-- "IP-CIDR,172.16.0.0/12,\U0001F30F 国内网站,no-resolve"
- "IP-CIDR,192.168.0.0/16,\U0001F30F 国内网站,no-resolve"
- "IP-CIDR6,::1/128,\U0001F30F 国内网站,no-resolve"
- "IP-CIDR6,fc00::/7,\U0001F30F 国内网站,no-resolve"
- "IP-CIDR6,fe80::/10,\U0001F30F 国内网站,no-resolve"
- "IP-CIDR6,fd00::/8,\U0001F30F 国内网站,no-resolve"
- "DOMAIN,router.asus.com,\U0001F30F 国内网站"
- "DOMAIN-SUFFIX,hiwifi.com,\U0001F30F 国内网站"
- "DOMAIN-SUFFIX,leike.cc,\U0001F30F 国内网站"
- "DOMAIN-SUFFIX,miwifi.com,\U0001F30F 国内网站"
- "DOMAIN-SUFFIX,my.router,\U0001F30F 国内网站"
- "DOMAIN-SUFFIX,p.to,\U0001F30F 国内网站"
- "DOMAIN-SUFFIX,peiluyou.com,\U0001F30F 国内网站"
- "DOMAIN-SUFFIX,phicomm.me,\U0001F30F 国内网站"
- "DOMAIN-SUFFIX,routerlogin.com,\U0001F30F 国内网站"
- "DOMAIN-SUFFIX,tendawifi.com,\U0001F30F 国内网站"
- "DOMAIN-SUFFIX,zte.home,\U0001F30F 国内网站"
- "GEOIP,CN,\U0001F30F 国内网站"
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,BitComet,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,transmission-daemon,DIRECT
- PROCESS-NAME,transmission-qt,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,Folx,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,Transmission,DIRECT
- PROCESS-NAME,transmission,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,WebTorrent Helper,DIRECT
- PROCESS-NAME,v2ray,DIRECT
- PROCESS-NAME,ss-local,DIRECT
- PROCESS-NAME,ssr-local,DIRECT
- PROCESS-NAME,ss-redir,DIRECT
- PROCESS-NAME,ssr-redir,DIRECT
- PROCESS-NAME,ss-server,DIRECT
- PROCESS-NAME,trojan-go,DIRECT
- PROCESS-NAME,xray,DIRECT
- PROCESS-NAME,hysteria,DIRECT
- PROCESS-NAME,UUBooster,DIRECT
- PROCESS-NAME,uugamebooster,DIRECT
- "DST-PORT,80,\U0001F3AC Google"
- "DST-PORT,443,\U0001F3AC Google"
- "DST-PORT,22,\U0001F3AC Google"
- MATCH,DIRECT
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
geodata-mode: false
geodata-loader: memconservative
tcp-concurrent: false
profile:
store-selected: true
store-fake-ip: false
authentication:
- Clash:ZMZV3hff
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.3 on Sun Jan 29 18:15:21 2023
*nat
:PREROUTING ACCEPT [4552:434600]
:INPUT ACCEPT [4499:365244]
:OUTPUT ACCEPT [4646:367166]
:POSTROUTING ACCEPT [492:32336]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth5 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth5 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A MINIUPNPD -p tcp -m tcp --dport 8096 -j DNAT --to-destination 192.168.1.194:8096
-A MINIUPNPD -p tcp -m tcp --dport 8920 -j DNAT --to-destination 192.168.1.194:8920
-A MINIUPNPD -p udp -m udp --dport 37034 -j DNAT --to-destination 192.168.1.129:37034
-A MINIUPNPD -p udp -m udp --dport 41029 -j DNAT --to-destination 192.168.1.109:41029
-A MINIUPNPD-POSTROUTING -s 192.168.1.194/32 -p tcp -m tcp --sport 8096 -j MASQUERADE --to-ports 8096
-A MINIUPNPD-POSTROUTING -s 192.168.1.194/32 -p tcp -m tcp --sport 8920 -j MASQUERADE --to-ports 8920
-A MINIUPNPD-POSTROUTING -s 192.168.1.129/32 -p udp -m udp --sport 37034 -j MASQUERADE --to-ports 37034
-A MINIUPNPD-POSTROUTING -s 192.168.1.109/32 -p udp -m udp --sport 41029 -j MASQUERADE --to-ports 41029
-A openclash -p tcp -m tcp --sport 30216 -j RETURN
-A openclash -p tcp -m tcp --sport 30218 -j RETURN
-A openclash -p tcp -m tcp --sport 1688 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892
-A openclash -m set --match-set wan_ac_black_ips dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 30216 -j RETURN
-A openclash_output -p tcp -m tcp --sport 30218 -j RETURN
-A openclash_output -p tcp -m tcp --sport 1688 -j RETURN
-A openclash_output -s 192.168.1.1/32 -p tcp -m tcp --dport 30216 -j RETURN
-A openclash_output -s 192.168.1.1/32 -p tcp -m tcp --sport 30216 -j RETURN
-A openclash_output -s 192.168.1.1/32 -p tcp -m tcp --dport 30218 -j RETURN
-A openclash_output -s 192.168.1.1/32 -p tcp -m tcp --sport 80 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: openwrt (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: openwrt (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 30216 -m comment --comment "!fw3: aliyunpan (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p udp -m udp --dport 30216 -m comment --comment "!fw3: aliyunpan (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.1.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 30218 -m comment --comment "!fw3: openwrt (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d *WAN IP*/32 -p udp -m udp --dport 30218 -m comment --comment "!fw3: openwrt (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 30216 -m comment --comment "!fw3: aliyunpan (reflection)" -j DNAT --to-destination 192.168.1.1:30216
-A zone_lan_prerouting -s 192.168.1.0/24 -d *WAN IP*/32 -p udp -m udp --dport 30216 -m comment --comment "!fw3: aliyunpan (reflection)" -j DNAT --to-destination 192.168.1.1:30216
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 30218 -m comment --comment "!fw3: openwrt" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p udp -m udp --dport 30218 -m comment --comment "!fw3: openwrt" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p tcp -m tcp --dport 30216 -m comment --comment "!fw3: aliyunpan" -j DNAT --to-destination 192.168.1.1:30216
-A zone_wan_prerouting -p udp -m udp --dport 30216 -m comment --comment "!fw3: aliyunpan" -j DNAT --to-destination 192.168.1.1:30216
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -j MINIUPNPD
COMMIT
# Completed on Sun Jan 29 18:15:21 2023
#IPv4 Mangle chain
# Generated by iptables-save v1.8.3 on Sun Jan 29 18:15:21 2023
*mangle
:PREROUTING ACCEPT [542709:477599876]
:INPUT ACCEPT [574563:483162443]
:FORWARD ACCEPT [2530:308730]
:OUTPUT ACCEPT [395026:505037141]
:POSTROUTING ACCEPT [397486:505342876]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A FORWARD -o eth5 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth5 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A openclash -p udp -m udp --sport 30216 -j RETURN
-A openclash -p udp -m udp --sport 30218 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -s 192.168.1.1/32 -p udp -m udp --sport 30216 -j RETURN
-A openclash -s 192.168.1.1/32 -p udp -m udp --dport 30216 -j RETURN
-A openclash -s 192.168.1.1/32 -p udp -m udp --sport 80 -j RETURN
-A openclash -s 192.168.1.1/32 -p udp -m udp --dport 30218 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash -m set --match-set wan_ac_black_ips dst -j RETURN
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Sun Jan 29 18:15:21 2023
#IPv4 Filter chain
# Generated by iptables-save v1.8.3 on Sun Jan 29 18:15:21 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth5 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth5 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth5 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A MINIUPNPD -d 192.168.1.194/32 -p tcp -m tcp --dport 8096 -j ACCEPT
-A MINIUPNPD -d 192.168.1.194/32 -p tcp -m tcp --dport 8920 -j ACCEPT
-A MINIUPNPD -d 192.168.1.129/32 -p udp -m udp --dport 37034 -j ACCEPT
-A MINIUPNPD -d 192.168.1.109/32 -p udp -m udp --dport 41029 -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth5 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth5 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o eth5 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 30218 -m comment --comment "!fw3: openwrt" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 30218 -m comment --comment "!fw3: openwrt" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 30216 -m comment --comment "!fw3: aliyunpan" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 30216 -m comment --comment "!fw3: aliyunpan" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth5 -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sun Jan 29 18:15:21 2023
#IPv6 NAT chain
# Generated by ip6tables-save v1.8.3 on Sun Jan 29 18:15:21 2023
*nat
:PREROUTING ACCEPT [45810:12311227]
:INPUT ACCEPT [10116:896557]
:OUTPUT ACCEPT [3174:337576]
:POSTROUTING ACCEPT [7661:1216639]
COMMIT
# Completed on Sun Jan 29 18:15:21 2023
#IPv6 Mangle chain
# Generated by ip6tables-save v1.8.3 on Sun Jan 29 18:15:21 2023
*mangle
:PREROUTING ACCEPT [33371:18223263]
:INPUT ACCEPT [3058:387616]
:FORWARD ACCEPT [29825:17710152]
:OUTPUT ACCEPT [3420:583855]
:POSTROUTING ACCEPT [33237:18293360]
-A FORWARD -o eth5 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth5 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sun Jan 29 18:15:21 2023
#IPv6 Filter chain
# Generated by ip6tables-save v1.8.3 on Sun Jan 29 18:15:21 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [7:420]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth5 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth5 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth5 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth5 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth5 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o eth5 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 30218 -m comment --comment "!fw3: openwrt" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 30218 -m comment --comment "!fw3: openwrt" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 30216 -m comment --comment "!fw3: aliyunpan" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 30216 -m comment --comment "!fw3: aliyunpan" -j ACCEPT
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth5 -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sun Jan 29 18:15:21 2023
#===================== IPSET状态 =====================#
Name: cn
Name: ct
Name: cnc
Name: cmcc
Name: crtc
Name: cernet
Name: gwbn
Name: othernet
Name: music
Name: mwan3_connected_v4
Name: mwan3_connected_v6
Name: mwan3_source_v6
Name: mwan3_dynamic_v4
Name: mwan3_dynamic_v6
Name: mwan3_custom_v4
Name: mwan3_custom_v6
Name: wan_ac_black_ips
Name: wan_ac_black_ipv6s
Name: localnetwork
Name: mwan3_connected
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 221.219.64.1 0.0.0.0 UG 0 0 0 pppoe-wan
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
221.219.64.1 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-wan
#ip route list
default via 221.219.64.1 dev pppoe-wan proto static
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
221.219.64.1 dev pppoe-wan proto kernel scope link src *WAN IP*
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
tcp 0 0 :::7890 :::* LISTEN 8565/clash
tcp 0 0 :::7891 :::* LISTEN 8565/clash
tcp 0 0 :::7892 :::* LISTEN 8565/clash
tcp 0 0 :::7893 :::* LISTEN 8565/clash
tcp 0 0 :::7895 :::* LISTEN 8565/clash
tcp 0 0 :::9090 :::* LISTEN 8565/clash
udp 0 0 :::33724 :::* 8565/clash
udp 0 0 :::51095 :::* 8565/clash
udp 0 0 :::59469 :::* 8565/clash
udp 0 0 :::59645 :::* 8565/clash
udp 0 0 :::48252 :::* 8565/clash
udp 0 0 :::56486 :::* 8565/clash
udp 0 0 :::7874 :::* 8565/clash
udp 0 0 :::7891 :::* 8565/clash
udp 0 0 :::7892 :::* 8565/clash
udp 0 0 :::7893 :::* 8565/clash
udp 0 0 :::7895 :::* 8565/clash
udp 0 0 :::36658 :::* 8565/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.baidu.com
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address 1: 110.242.68.4
Address 2: 110.242.68.3
www.baidu.com canonical name = www.a.shifen.com
#===================== resolv.conf.auto =====================#
# Interface wan
nameserver 202.106.46.151
nameserver 202.106.195.68
# Interface wan_6
nameserver 2408:8000:1010:1::8
nameserver 2408:8000:1010:2::8
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sun, 29 Jan 2023 10:15:21 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
#===================== 最近运行日志 =====================#
time="2023-01-29T18:15:31+08:00" level=debug msg="[Process] find process 23.12.192.59: dial netlink: protocol not supported"
time="2023-01-29T18:15:31+08:00" level=debug msg="[Process] find process 23.12.192.59: dial netlink: protocol not supported"
time="2023-01-29T18:15:31+08:00" level=info msg="[TCP] 192.168.1.113:56513 --> 42.193.66.237:443 match IPCIDR(42.192.0.0/13) using 🌏 国内网站[DIRECT]"
time="2023-01-29T18:15:31+08:00" level=debug msg="[Process] find process 23.12.192.59: dial netlink: protocol not supported"
time="2023-01-29T18:15:31+08:00" level=info msg="[TCP] 192.168.1.216:4219 --> 23.12.192.59:443 match DstPort(443) using 🎬 Google[🇭🇰 香港高级 IEPL 中继 2]"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=debug msg="[Process] find process 117.18.232.240: dial netlink: protocol not supported"
time="2023-01-29T18:15:32+08:00" level=info msg="[TCP] 192.168.1.216:4221 --> 117.18.232.240:80 match DstPort(80) using 🎬 Google[🇭🇰 香港高级 IEPL 中继 2]"
#===================== 活动连接信息 =====================#
1. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【185.199.109.133】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
2. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【117.18.232.240】 - Network:【tcp】 - RulePayload:【80】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
3. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【104.21.39.212】 - Network:【udp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
4. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【52.184.216.174】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
5. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【8.8.8.8】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
6. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【202.89.233.101】 - Network:【tcp】 - RulePayload:【202.89.232.0/21】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【142.251.42.238】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
8. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【202.89.233.100】 - Network:【tcp】 - RulePayload:【202.89.232.0/21】 - Lastchain:【DIRECT】
9. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【111.206.60.239】 - Network:【udp】 - RulePayload:【111.192.0.0/12】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【119.188.155.89】 - Network:【udp】 - RulePayload:【119.176.0.0/12】 - Lastchain:【DIRECT】
11. SourceIP:【192.168.1.130】 - Host:【Empty】 - DestinationIP:【220.181.39.173】 - Network:【tcp】 - RulePayload:【220.160.0.0/11】 - Lastchain:【DIRECT】
12. SourceIP:【192.168.1.113】 - Host:【Empty】 - DestinationIP:【42.193.66.237】 - Network:【tcp】 - RulePayload:【42.192.0.0/13】 - Lastchain:【DIRECT】
13. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【23.12.192.59】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
14. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【112.64.200.247】 - Network:【tcp】 - RulePayload:【112.64.0.0/14】 - Lastchain:【DIRECT】
15. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【13.107.5.80】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
16. SourceIP:【192.168.1.113】 - Host:【Empty】 - DestinationIP:【221.15.46.147】 - Network:【tcp】 - RulePayload:【221.14.0.0/15】 - Lastchain:【DIRECT】
17. SourceIP:【192.168.1.113】 - Host:【Empty】 - DestinationIP:【42.193.66.237】 - Network:【tcp】 - RulePayload:【42.192.0.0/13】 - Lastchain:【DIRECT】
18. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【110.242.68.4】 - Network:【tcp】 - RulePayload:【110.240.0.0/12】 - Lastchain:【DIRECT】
19. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【23.12.192.59】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
20. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【117.18.237.29】 - Network:【tcp】 - RulePayload:【80】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
21. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【27.221.84.29】 - Network:【tcp】 - RulePayload:【27.192.0.0/11】 - Lastchain:【DIRECT】
22. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【101.199.128.214】 - Network:【tcp】 - RulePayload:【101.199.128.0/17】 - Lastchain:【DIRECT】
23. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【140.82.112.25】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
24. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【142.251.42.238】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
25. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【124.70.117.251】 - Network:【tcp】 - RulePayload:【124.70.0.0/15】 - Lastchain:【DIRECT】
26. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【64.185.227.155】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
27. SourceIP:【192.168.1.109】 - Host:【Empty】 - DestinationIP:【107.148.15.60】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
28. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【185.199.109.133】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
29. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【117.15.237.4】 - Network:【tcp】 - RulePayload:【117.8.0.0/13】 - Lastchain:【DIRECT】
30. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【20.198.162.76】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
31. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【104.21.39.212】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
32. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【49.4.47.71】 - Network:【tcp】 - RulePayload:【49.4.0.0/14】 - Lastchain:【DIRECT】
33. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【185.199.109.133】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
34. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【104.21.39.212】 - Network:【udp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
35. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【47.112.160.50】 - Network:【tcp】 - RulePayload:【47.96.0.0/11】 - Lastchain:【DIRECT】
36. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【8.8.8.8】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
37. SourceIP:【192.168.1.113】 - Host:【Empty】 - DestinationIP:【17.248.170.144】 - Network:【udp】 - RulePayload:【17.0.0.0/8】 - Lastchain:【DIRECT】
38. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【203.208.39.194】 - Network:【tcp】 - RulePayload:【203.208.32.0/19】 - Lastchain:【DIRECT】
39. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【117.15.237.4】 - Network:【tcp】 - RulePayload:【117.8.0.0/13】 - Lastchain:【DIRECT】
40. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【20.197.71.89】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
41. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【49.4.46.174】 - Network:【tcp】 - RulePayload:【49.4.0.0/14】 - Lastchain:【DIRECT】
42. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【23.12.192.59】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
43. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【52.184.216.174】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
44. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【117.78.15.135】 - Network:【tcp】 - RulePayload:【117.76.0.0/14】 - Lastchain:【DIRECT】
45. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【114.115.188.229】 - Network:【tcp】 - RulePayload:【114.114.0.0/15】 - Lastchain:【DIRECT】
46. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【124.132.138.28】 - Network:【tcp】 - RulePayload:【124.128.0.0/13】 - Lastchain:【DIRECT】
47. SourceIP:【192.168.1.113】 - Host:【Empty】 - DestinationIP:【49.4.80.163】 - Network:【tcp】 - RulePayload:【49.4.0.0/14】 - Lastchain:【DIRECT】
48. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【23.12.192.59】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
49. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【52.168.112.67】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
50. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【117.15.237.4】 - Network:【tcp】 - RulePayload:【117.8.0.0/13】 - Lastchain:【DIRECT】
51. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【52.231.20.34】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
52. SourceIP:【192.168.1.113】 - Host:【Empty】 - DestinationIP:【17.248.165.50】 - Network:【tcp】 - RulePayload:【17.0.0.0/8】 - Lastchain:【DIRECT】
53. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【23.12.192.59】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
54. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【60.29.240.17】 - Network:【tcp】 - RulePayload:【60.0.0.0/11】 - Lastchain:【DIRECT】
55. SourceIP:【192.168.1.109】 - Host:【Empty】 - DestinationIP:【107.148.15.60】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
56. SourceIP:【192.168.1.249】 - Host:【Empty】 - DestinationIP:【49.4.34.157】 - Network:【tcp】 - RulePayload:【49.4.0.0/14】 - Lastchain:【DIRECT】
57. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【185.199.111.133】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
58. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【20.44.229.112】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
59. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【20.205.243.168】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
60. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【20.197.71.89】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
61. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【20.205.243.166】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
62. SourceIP:【192.168.1.109】 - Host:【Empty】 - DestinationIP:【107.148.15.60】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
63. SourceIP:【192.168.1.113】 - Host:【Empty】 - DestinationIP:【123.125.16.225】 - Network:【tcp】 - RulePayload:【123.112.0.0/12】 - Lastchain:【DIRECT】
64. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【172.217.163.42】 - Network:【tcp】 - RulePayload:【172.217.160.0/20】 - Lastchain:【🇨🇳 台湾高级 IEPL 中继 3】
65. SourceIP:【192.168.1.194】 - Host:【Empty】 - DestinationIP:【104.26.12.31】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 香港高级 IEPL 中继 2】
66. SourceIP:【192.168.1.216】 - Host:【Empty】 - DestinationIP:【101.199.128.218】 - Network:【tcp】 - RulePayload:【101.199.128.0/17】 - Lastchain:【DIRECT】
现在的日志是在已经停用本地dns的情况生成的
zhyhub123
commented
1 year ago 这种情况下,luci管理界面和外网访问软路由都正常了。但是,不能科学上网了,虽然openclash正常运行。
vernesong
commented
1 year ago 禁用Dnsmasq缓存: 启用
这个关了试试,你的固件版本都太老了,最好升级下
zhyhub123
commented
1 year ago 如果关了“禁用dnsmasq缓存”,启用或者停用本地dns劫持,好像都没有起到作用。 我再找找软路由的厂家,升级固件版本。
vernesong
commented
1 year ago 你先升级插件
vernesong
commented
1 year ago 主题的问题,你换个主题或者设置不要在线获取壁纸
zhyhub123
commented
1 year ago 软路由重新安装固件的时候,发现宽带接在了lan口,换成wan口就正常了。谢谢大佬支持
Verify Steps
Describe the Feature
安装openclash之后,软路由luci管理界面不能正常登陆。现在开启了本地dns劫持,如果停用这个功能,可以正常登录。但是,Google和youtube等需要科学上网的网站都打不开了。
Describe the Solution
如何能在开启dns劫持的同时,正常登录软路由的luci管理界面。怎样设置?谢谢
Describe Alternatives
No response
Additional Context
No response