Closed slyang40 closed 1 year ago
调试日志,DNS劫持失败了
@vernesong 是需要发调试日志? 上一个版本一切正常, DNS我没有做任何变更. 怎么判断的DNS劫持失败的?
日志里全是直接访问IP的连接
各种尝试还是搞不定, 先恢复到上一个版本用着吧
加一,快被这bug搞疯了。。。。
调试日志
[2023-03-07 08:45:12][DEBUG] [Rule] use default rules [2023-03-07 08:45:12][INFO] [TCP] 192.168.1.251:55421 --> play.google.com:443 match DomainKeyword(google) using Proxy[Lv1 香港 AZ负载S A1] [2023-03-07 08:45:13][DEBUG] [Rule] use default rules [2023-03-07 08:45:13][DEBUG] [Rule] use default rules [2023-03-07 08:45:13][DEBUG] [DNS] resolve nanshui.cn4.quickconnect.cn from udp://127.0.0.1:6153 [2023-03-07 08:45:13][DEBUG] [Rule] use default rules [2023-03-07 08:45:13][DEBUG] [Rule] use default rules [2023-03-07 08:45:13][DEBUG] [Rule] use default rules [2023-03-07 08:45:13][INFO] [TCP] 192.168.1.252:38734 --> 223.5.5.5:443 match GeoIP(CN) using Domestic[DIRECT] [2023-03-07 08:45:13][INFO] [TCP] 192.168.1.252:45950 --> 123.125.81.6:443 match GeoIP(CN) using Domestic[DIRECT] [2023-03-07 08:45:13][INFO] [TCP] 192.168.1.252:43910 --> 120.53.53.53:443 match GeoIP(CN) using Domestic[DIRECT] [2023-03-07 08:45:13][INFO] [TCP] 192.168.1.251:55423 --> 204.80.128.1:443 match DstPort(443) using Others[Lv1 香港 AZ负载S A1]
怀疑是Rule这个地方有问题,升级之后总是显示use default rules. 老版本没看见这个。 @vernesong
配置文件是不是用的第三方规则,重新生成一下
无用,没有效果。各种检查和尝试无解。不知道咋回事。
所以你发调试日志啊
@vernesong 调试日志已添加
插件设置里面的调试日志
@vernesong 谢谢提醒,通过对比升级前后版本的调试日志,发现了问题点。
如上图,当打开自定义sniffer嗅探时,问题解决。不知道是否我这边是作为旁路由使用,还是Bug,还麻烦老大判断一下。在老版本中我印象没有在页面打开,可能是作为默认开启吧。
我也遇到同样问题,可是升级完打开sniff还是不行,链接里面除了网飞能走规则,其他都变成了纯ip。降级的话就能解决问题,应该如何设置
调试日志,要我说几次?
主机型号: FriendlyElec NanoPi R2S 固件版本: OpenWrt SNAPSHOT r4631-4e0fd7678 LuCI版本: 内核版本: 5.15.52 处理器架构: aarch64_generic
IPV6-DHCP:
Dnsmasq转发设置: 127.0.0.1#7874
dnsmasq-full: 未安装 coreutils: 未安装 coreutils-nohup: 未安装 bash: 已安装 curl: 未安装 ca-certificates: 未安装 ipset: 未安装 ip-full: 未安装 libcap: 未安装 libcap-bin: 未安装 ruby: 未安装 ruby-yaml: 未安装 ruby-psych: 未安装 ruby-pstore: 未安装 kmod-tun(TUN模式): 未安装 luci-compat(Luci >= 19.07): 未安装 kmod-inet-diag(PROCESS-NAME): 未安装 unzip: 未安装 iptables-mod-tproxy: 未安装 kmod-ipt-tproxy: 未安装 iptables-mod-extra: 未安装 kmod-ipt-extra: 未安装 kmod-ipt-nat: 未安装
运行状态: 运行中 进程pid: 20571 运行权限: 20571: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip 运行用户: nobody 已选择的架构: linux-arm64
Tun内核版本: 2022.11.25-8-g25028e7 Tun内核文件: 存在 Tun内核运行权限: 正常
Dev内核版本: v1.12.0-8-ga5d5488 Dev内核文件: 存在 Dev内核运行权限: 正常
Meta内核版本: alpha-g7a64c432 Meta内核文件: 存在 Meta内核运行权限: 正常
当前配置文件: /etc/openclash/config/TAG.yaml 启动配置文件: /etc/openclash/TAG.yaml 运行模式: redir-host 默认代理模式: rule UDP流量转发(tproxy): 启用 DNS劫持: Dnsmasq 转发 自定义DNS: 启用 IPV6代理: 停用 IPV6-DNS解析: 停用 禁用Dnsmasq缓存: 启用 自定义规则: 停用 仅允许内网: 停用 仅代理命中规则流量: 停用 仅允许常用端口流量: 停用 绕过中国大陆IP: 启用 路由本机代理: 启用
混合节点: 停用 保留配置: 停用
第三方规则: 停用
port: 7890 socks-port: 7891 redir-port: 7892 mixed-port: 7893 allow-lan: true mode: rule log-level: silent external-controller: 0.0.0.0:9090 clash-for-android: append-system-dns: false dns: enabled: true ipv6: false listen: 0.0.0.0:7874 enhanced-mode: redir-host nameserver-policy: ".tw": 1.1.1.1 testflight.apple.com: 8.8.8.8 ".tmall.com": 223.5.5.5 ".taobao.com": 223.5.5.5 ".alicdn.com": 223.5.5.5 ".aliyun.com": 223.5.5.5 ".alipay.com": 223.5.5.5 ".alibaba.com": 223.5.5.5 ".alimama.com": 223.5.5.5 ".qq.com": 114.114.114.114 ".tencent.com": 114.114.114.114 ".weixin.com": 114.114.114.114 ".qpic.cn": 114.114.114.114 ".jd.com": 114.114.114.114 ".bilibili.com": 114.114.114.114 hdslb.com: 114.114.114.114 ".163.com": 119.29.29.29 ".126.com": 119.29.29.29 ".126.net": 114.114.114.114 ".127.net": 114.114.114.114 ".netease.com": 114.114.114.114 ".10010.com": 114.114.114.114 ".unicompayment.com": 114.114.114.114 ".ximalaya.com": 114.114.114.114 ".baidu.com": 114.114.114.114 "*.bdstatic.com": 114.114.114.114 nameserver:
tproxy-port: 7895 bind-address: "*" external-ui: "/usr/share/openclash/ui" ipv6: false interface-name: eth1 geodata-loader: memconservative tcp-concurrent: true sniffer: enable: true force-dns-mapping: true force-domain:
Name: china_ip_route Name: china_ip_route_pass Name: localnetwork
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192. 0.0.0.0 UG 0 0 0 eth1 192. 0.0.0.0 255.255.255.0 U 0 0 0 eth1
default via 192. dev eth1 proto static 192./24 dev eth1 proto kernel scope link src 192.***
0: from all lookup local 32765: from all fwmark 0x162 lookup 354 32766: from all lookup main 32767: from all lookup default
tcp 0 0 :::7891 ::: LISTEN 20571/clash tcp 0 0 :::7890 ::: LISTEN 20571/clash tcp 0 0 :::7893 ::: LISTEN 20571/clash tcp 0 0 :::7892 ::: LISTEN 20571/clash tcp 0 0 :::7895 ::: LISTEN 20571/clash tcp 0 0 :::9090 ::: LISTEN 20571/clash udp 0 0 :::7874 ::: 20571/clash udp 0 0 :::7891 ::: 20571/clash udp 0 0 :::7892 ::: 20571/clash udp 0 0 :::7893 ::: 20571/clash udp 0 0 :::7895 :::* 20571/clash
Server: 127.0.0.1 Address: 127.0.0.1:53
www.baidu.com canonical name = www.a.shifen.com Name: www.a.shifen.com Address: 14.119.104.189 Name: www.a.shifen.com Address: 14.215.177.38
nameserver 192.***
HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Connection: keep-alive Content-Length: 277 Content-Type: text/html Date: Fri, 10 Mar 2023 01:40:45 GMT Etag: "575e1f6d-115" Last-Modified: Mon, 13 Jun 2016 02:50:21 GMT Pragma: no-cache Server: bfe/1.0.8.18
HTTP/1.1 200 OK Connection: keep-alive Content-Length: 83 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: text/plain; charset=utf-8 ETag: "3a6a3f4801d2f1cee981166bbdd7ee6b22c2b105a2420823cec7142f5713d4ba" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-GitHub-Request-Id: * Accept-Ranges: bytes Date: Fri, 10 Mar 2023 01:40:46 GMT Via: 1.1 varnish X-Served-By: cache-qpg1226-QPG X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1678412446.411766,VS0,VE1 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: X-Fastly-Request-ID: ** Expires: Fri, 10 Mar 2023 01:45:46 GMT Source-Age: 45
time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 韩国媒体" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 B站东南亚" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎶 TikTok" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🔖 OneDrive" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🗺 Speedtest" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 DisneyPlus" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 PrimeVideo" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎮 游戏下载" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎵 AppleMusic" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎵 Spotify" time="2023-03-10T01:35:19Z" level=info msg="RESTful API listening at: [::]:9090" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 📲 聊天软件" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 YouTube" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🌏 国外流媒体" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 爱奇艺" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🌏 国内网站" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🍎 苹果服务" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🌏 ChatGpt" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 AppleTV+" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 EMBY" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 HBOGO Asia" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎵 Qobuz" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🌏 国内流媒体" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 viu" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 Dazn" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🧩 微软服务" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider default" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🐟 漏网之鱼" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 KKTV" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎙 Discord" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎮 游戏平台" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 巴哈姆特" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 日本媒体" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 📪 邮件服务" time="2023-03-10T01:35:19Z" level=info msg="Start initial compatible provider 🎬 HBOMAX" time="2023-03-10T01:35:19Z" level=info msg="Use tcp concurrent" time="2023-03-10T01:35:19Z" level=info msg="Use interface name: eth1" time="2023-03-10T01:35:19Z" level=info msg="HTTP proxy listening at: [::]:7890" time="2023-03-10T01:35:19Z" level=info msg="SOCKS proxy listening at: [::]:7891" time="2023-03-10T01:35:19Z" level=info msg="Redirect proxy listening at: [::]:7892" time="2023-03-10T01:35:19Z" level=info msg="TProxy server listening at: [::]:7895" time="2023-03-10T01:35:19Z" level=info msg="Mixed(http+socks) proxy listening at: [::]:7893" 2023-03-10 09:35:20 Step 6: Wait For The File Downloading... 2023-03-10 09:35:20 Step 7: Set Firewall Rules... 2023-03-10 09:35:20 Tip: DNS Hijacking Mode is Dnsmasq Redirect... 2023-03-10 09:35:21 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules... 2023-03-10 09:35:21 Tip: Start Add Custom Firewall Rules... 2023-03-10 09:35:21 Step 8: Restart Dnsmasq... 2023-03-10 09:35:21 Step 9: Add Cron Rules, Start Daemons... 2023-03-10 09:35:21 OpenClash Start Successful!
同样的问题。。退回到78版本没有问题,我是启动后连网上不了,只能停了 openClash 调试日志
生成时间: 2023-03-11 12:29:00 插件版本: v0.45.100-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: ASRock Z390M Pro4
固件版本: OpenWrt 22.03.2 r19803-9a599fee93
LuCI版本:
内核版本: 5.15.83-1-pve
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: hybrid
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
kmod-nft-tproxy: 未安装
#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 45489
运行权限: 45489: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.03.04
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本:
Dev内核文件: 不存在
Dev内核运行权限: 否
Meta内核版本: alpha-07f3cd2
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/config (1).yaml
启动配置文件: /etc/openclash/config (1).yaml
运行模式: fake-ip-tun
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: Dnsmasq 转发
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
mixed-port: 7893
tproxy-port: 7895
redir-port: 7892
external-controller: 0.0.0.0:9090
external-ui: "/usr/share/openclash/ui"
tun:
enable: true
stack: system
device: utun
auto-route: false
auto-detect-interface: false
dns-hijack:
- tcp://any:53
fake-ip-range: 198.18.0.1/16
allow-lan: true
bind-address: "*"
interface-name: eth0
mode: rule
log-level: silent
proxy-groups:
- name: PROXY
type: select
proxies:
- hysteria
- trojan-ws
- trojan
dns:
enable: true
default-nameserver:
- 114.114.114.114
- 8.8.8.8
- 10.8.0.1
- "[fe80::72c7:f2ff:fe7d:f1eb]:53"
- 116.116.116.116
- 221.5.88.88
- "[2408:8888::8]:53"
- "[2408:8899::8]:53"
- 119.29.29.29
nameserver:
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
- 114.114.114.114
- dhcp://"pppoe-wan"
- 10.8.0.1
- "[fe80::72c7:f2ff:fe7d:f1eb]:53"
- 116.116.116.116
- 221.5.88.88
- "[2408:8888::8]:53"
- "[2408:8899::8]:53"
- 119.29.29.29
fallback-filter:
geoip: true
enhanced-mode: fake-ip
listen: 0.0.0.0:7874
hosts:
cc.ieva.top: 192.168.60.10
fake-ip-filter:
- "*.lan"
- "*.futurespeed.cn"
- "*.linksys.com"
- "*.linksyssmartwifi.com"
- swscan.apple.com
- mesu.apple.com
- "*.msftconnecttest.com"
- "*.msftncsi.com"
- time.*.com
- time.*.gov
- time.*.edu.cn
- time.*.apple.com
- time1.*.com
- time2.*.com
- time3.*.com
- time4.*.com
- time5.*.com
- time6.*.com
- time7.*.com
- ntp.*.com
- ntp.*.com
- ntp1.*.com
- ntp2.*.com
- ntp3.*.com
- ntp4.*.com
- ntp5.*.com
- ntp6.*.com
- ntp7.*.com
- "*.time.edu.cn"
- "*.ntp.org.cn"
- "+.pool.ntp.org"
- time1.cloud.tencent.com
- "+.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- "+.y.qq.com"
- "+.music.tc.qq.com"
- aqqmusic.tc.qq.com
- "+.stream.qqmusic.qq.com"
- "*.xiami.com"
- "+.music.migu.cn"
- "+.srv.nintendo.net"
- "+.stun.playstation.net"
- xbox.*.microsoft.com
- "+.xboxlive.com"
- localhost.ptlogin2.qq.com
- proxy.golang.org
- stun.*.*
- stun.*.*.*
ipv6: true
fake-ip-range: 198.18.0.1/16
rule-providers:
reject:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt
path: "./rule_provider/reject.yaml"
interval: 86400
icloud:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt
path: "./rule_provider/icloud.yaml"
interval: 86400
apple:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt
path: "./rule_provider/apple.yaml"
interval: 86400
google:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt
path: "./rule_provider/google.yaml"
interval: 86400
proxy:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt
path: "./rule_provider/proxy.yaml"
interval: 86400
direct:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt
path: "./rule_provider/direct.yaml"
interval: 86400
private:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt
path: "./rule_provider/private.yaml"
interval: 86400
gfw:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt
path: "./rule_provider/gfw.yaml"
interval: 86400
greatfire:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/greatfire.txt
path: "./rule_provider/greatfire.yaml"
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt
path: "./rule_provider/tld-not-cn.yaml"
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt
path: "./rule_provider/telegramcidr.yaml"
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt
path: "./rule_provider/cncidr.yaml"
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt
path: "./rule_provider/lancidr.yaml"
interval: 86400
applications:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt
path: "./rule_provider/applications.yaml"
interval: 86400
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- DOMAIN-SUFFIX,ieva.top,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- RULE-SET,google,DIRECT
- RULE-SET,proxy,PROXY
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,PROXY
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,PROXY
port: 7890
socks-port: 7891
ipv6: true
geodata-loader: memconservative
tcp-concurrent: true
find-process-mode: 'off'
sniffer:
enable: true
parse-pure-ip: true
profile:
store-selected: true
store-fake-ip: true
authentication:
- Clash:ZhxTS4Cp
#===================== 自定义防火墙设置 =====================#
#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
exit 0
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Sat Mar 11 12:29:01 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Mar 11 12:29:01 2023
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Sat Mar 11 12:29:01 2023
*mangle
:PREROUTING ACCEPT [1132565:562766543]
:INPUT ACCEPT [449919:127280199]
:FORWARD ACCEPT [680955:435104662]
:OUTPUT ACCEPT [580683:458150995]
:POSTROUTING ACCEPT [1261638:893255657]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.60.11/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.11/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.100/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.100/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.22/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.22/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.110/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.110/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.102/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.102/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.112/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.112/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.114/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.114/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.202/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.202/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.221/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.221/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.133/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.133/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.222/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.222/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.118/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.118/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.223/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.223/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.119/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.119/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.152/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.152/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.225/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.225/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.242/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.242/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.234/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.234/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.163/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.163/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.243/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.243/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.164/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.164/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.158/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.158/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.239/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.239/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.184/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.184/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.179/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.179/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.187/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.187/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.195/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.195/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.196/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.196/32 -j RETURN
-A RRDIPT_FORWARD -s 172.17.0.1/32 -j RETURN
-A RRDIPT_FORWARD -d 172.17.0.1/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.108/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.108/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.198/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.198/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.215/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.215/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.150/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.150/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.20/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.20/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.210/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.210/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.60.124/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.60.124/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_INPUT -i pppoe-wan -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A RRDIPT_OUTPUT -o pppoe-wan -j RETURN
COMMIT
# Completed on Sat Mar 11 12:29:01 2023
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Sat Mar 11 12:29:01 2023
*filter
:INPUT ACCEPT [441527:126366998]
:FORWARD ACCEPT [680923:435101744]
:OUTPUT ACCEPT [580681:458150105]
-A FORWARD -o ztuze33iip -j ACCEPT
-A FORWARD -i ztuze33iip -j ACCEPT
-A FORWARD -o ztuze33iip -j ACCEPT
-A FORWARD -i ztuze33iip -j ACCEPT
-A FORWARD -o ztuze33iip -j ACCEPT
-A FORWARD -i ztuze33iip -j ACCEPT
-A FORWARD -o ztuze33iip -j ACCEPT
-A FORWARD -i ztuze33iip -j ACCEPT
-A FORWARD -o ztuze33iip -j ACCEPT
-A FORWARD -i ztuze33iip -j ACCEPT
COMMIT
# Completed on Sat Mar 11 12:29:01 2023
#IPv6 NAT chain
#IPv6 Mangle chain
#IPv6 Filter chain
#===================== NFTABLES 防火墙设置 =====================#
table inet fw4 {
chain input {
type filter hook input priority filter; policy accept;
iifname "lo" accept comment "!fw4: Accept traffic from loopback"
ct state established,related accept comment "!fw4: Allow inbound established and related flows"
tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
iifname "eth0" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
meta nfproto ipv4 iifname { "eno1", "pppoe-wan" } jump input_wan comment "!fw4: Handle wan IPv4 input traffic"
}
}
table inet fw4 {
chain forward {
type filter hook forward priority filter; policy accept;
meta l4proto { tcp, udp } oifname "utun" counter packets 10422 bytes 1773818 accept comment "OpenClash TUN Forward"
ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
iifname "eth0" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
meta nfproto ipv4 iifname { "eno1", "pppoe-wan" } jump forward_wan comment "!fw4: Handle wan IPv4 forward traffic"
jump upnp_forward comment "Hook into miniupnpd forwarding chain"
}
}
table inet fw4 {
chain dstnat {
type nat hook prerouting priority dstnat; policy accept;
meta nfproto ipv4 tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash TCP DNS Hijack"
udp dport 53 counter packets 1362 bytes 91733 redirect to :53 comment "OpenClash DNS Hijack"
tcp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack"
iifname "eth0" jump dstnat_lan comment "!fw4: Handle lan IPv4/IPv6 dstnat traffic"
meta nfproto ipv4 iifname { "eno1", "pppoe-wan" } jump dstnat_wan comment "!fw4: Handle wan IPv4 dstnat traffic"
jump upnp_prerouting comment "Hook into miniupnpd prerouting chain"
}
}
table inet fw4 {
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
oifname "eth0" jump srcnat_lan comment "!fw4: Handle lan IPv4/IPv6 srcnat traffic"
meta nfproto ipv4 oifname { "eno1", "pppoe-wan" } jump srcnat_wan comment "!fw4: Handle wan IPv4 srcnat traffic"
jump upnp_postrouting comment "Hook into miniupnpd postrouting chain"
}
}
table inet fw4 {
chain mangle_prerouting {
type filter hook prerouting priority mangle; policy accept;
meta l4proto { tcp, udp } counter packets 50559 bytes 15725384 jump openclash_mangle
}
}
table inet fw4 {
chain mangle_output {
type route hook output priority mangle; policy accept;
meta l4proto { tcp, udp } counter packets 22251 bytes 2655388 jump openclash_mangle_output
}
}
table inet fw4 {
chain openclash_mangle {
meta nfproto ipv4 tcp sport 1688 counter packets 0 bytes 0 return
meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
meta nfproto ipv4 udp sport 68 counter packets 2 bytes 672 return
ip saddr 192.168.60.11 udp sport 6881 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 6881 counter packets 0 bytes 0 return
ip saddr 192.168.60.110 udp sport 500 counter packets 0 bytes 0 return
ip saddr 192.168.60.110 udp sport 4500 counter packets 0 bytes 0 return
ip saddr 192.168.60.10 udp sport 9050 counter packets 0 bytes 0 return
ip saddr 192.168.60.10 tcp sport 9050 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 udp sport 8283 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 8283 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 udp sport 8283 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 8283 counter packets 0 bytes 0 return
ip saddr 192.168.60.9 tcp sport 443 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 9000 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 6690 counter packets 0 bytes 0 return
ip saddr 192.168.60.12 tcp sport 3389 counter packets 0 bytes 0 return
ip saddr 192.168.60.100 tcp sport 22 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 9200 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 8989 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 3001 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 6880 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 6880 counter packets 0 bytes 0 return
ip saddr 192.168.60.164 tcp sport 8096 counter packets 0 bytes 0 return
ip saddr 192.168.60.164 tcp sport 8096 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 udp sport 6888 counter packets 433 bytes 56895 return
ip saddr 192.168.60.11 tcp sport 6888 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 9117 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 9000 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 6800 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 6800 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 5001 counter packets 0 bytes 0 return
ip saddr 192.168.60.10 tcp sport 22 counter packets 0 bytes 0 return
ip saddr 192.168.60.100 tcp sport 8006 counter packets 204 bytes 107867 return
ip saddr 192.168.60.10 tcp sport 443 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 6690 counter packets 0 bytes 0 return
ip saddr 192.168.60.10 tcp sport 443 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 5001 counter packets 0 bytes 0 return
ip saddr 192.168.60.100 tcp sport 8006 counter packets 0 bytes 0 return
meta l4proto { tcp, udp } iifname "utun" counter packets 16067 bytes 1486723 return
ip daddr @localnetwork counter packets 7065 bytes 766550 return
ip protocol udp counter packets 2450 bytes 712798 jump openclash_upnp
meta l4proto { tcp, udp } th dport 0-65535 meta mark set 0x00000162
}
}
table inet fw4 {
chain openclash_mangle_output {
meta nfproto ipv4 tcp sport 1688 counter packets 0 bytes 0 return
meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 udp sport 6881 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 6881 counter packets 0 bytes 0 return
ip saddr 192.168.60.110 udp sport 500 counter packets 0 bytes 0 return
ip saddr 192.168.60.110 udp sport 4500 counter packets 0 bytes 0 return
ip saddr 192.168.60.10 udp sport 9050 counter packets 0 bytes 0 return
ip saddr 192.168.60.10 tcp sport 9050 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 udp sport 8283 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 8283 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 udp sport 8283 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 8283 counter packets 0 bytes 0 return
ip saddr 192.168.60.9 tcp sport 443 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 9000 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 6690 counter packets 0 bytes 0 return
ip saddr 192.168.60.12 tcp sport 3389 counter packets 0 bytes 0 return
ip saddr 192.168.60.100 tcp sport 22 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 9200 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 8989 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 3001 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 6880 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 6880 counter packets 0 bytes 0 return
ip saddr 192.168.60.164 tcp sport 8096 counter packets 0 bytes 0 return
ip saddr 192.168.60.164 tcp sport 8096 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 udp sport 6888 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 6888 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 9117 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 9000 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 6800 counter packets 0 bytes 0 return
ip saddr 192.168.60.11 tcp sport 6800 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 5001 counter packets 0 bytes 0 return
ip saddr 192.168.60.10 tcp sport 22 counter packets 0 bytes 0 return
ip saddr 192.168.60.100 tcp sport 8006 counter packets 0 bytes 0 return
ip saddr 192.168.60.10 tcp sport 443 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 6690 counter packets 0 bytes 0 return
ip saddr 192.168.60.10 tcp sport 443 counter packets 0 bytes 0 return
ip saddr 192.168.60.20 tcp sport 5001 counter packets 0 bytes 0 return
ip saddr 192.168.60.100 tcp sport 8006 counter packets 0 bytes 0 return
ip daddr @localnetwork counter packets 6199 bytes 1480044 return
meta l4proto { tcp, udp } th dport 0-65535 ip daddr 198.18.0.0/16 meta mark set 0x00000162
tcp dport 0-65535 meta skuid != 65534 meta mark set 0x00000162
}
}
table inet fw4 {
chain openclash_wan_input {
udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
}
}
table inet fw4 {
chain openclash_dns_hijack {
}
}
#===================== IPSET状态 =====================#
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.8.0.1 0.0.0.0 UG 0 0 0 pppoe-wan
10.8.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-wan
10.10.10.0 192.168.191.168 255.255.255.0 UG 5000 0 0 ztuze33iip
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno1
192.168.31.0 192.168.191.216 255.255.255.0 UG 5000 0 0 ztuze33iip
192.168.60.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.191.0 0.0.0.0 255.255.255.0 U 0 0 0 ztuze33iip
198.18.0.0 0.0.0.0 255.255.255.252 U 0 0 0 utun
#ip route list
default via 10.8.0.1 dev pppoe-wan proto static
10.8.0.1 dev pppoe-wan proto kernel scope link src *WAN IP*.237
10.10.10.0/24 via 192.168.191.168 dev ztuze33iip proto static metric 5000
192.168.1.0/24 dev eno1 proto static scope link metric 100
192.168.31.0/24 via 192.168.191.216 dev ztuze33iip proto static metric 5000
192.168.60.0/24 dev eth0 proto kernel scope link src 192.168.60.10
192.168.191.0/24 dev ztuze33iip proto kernel scope link src 192.168.191.33
198.18.0.0/30 dev utun proto kernel scope link src 198.18.0.1
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== Tun设备状态 =====================#
ztuze33iip: tap
utun: tun
#===================== 端口占用状态 =====================#
tcp 0 0 198.18.0.1:41261 0.0.0.0:* LISTEN 45489/clash
tcp 0 0 fdfe:dcba:9876::1:34065 :::* LISTEN 45489/clash
tcp 0 0 :::9090 :::* LISTEN 45489/clash
tcp 0 0 :::7895 :::* LISTEN 45489/clash
tcp 0 0 :::7893 :::* LISTEN 45489/clash
tcp 0 0 :::7892 :::* LISTEN 45489/clash
tcp 0 0 :::7891 :::* LISTEN 45489/clash
tcp 0 0 :::7890 :::* LISTEN 45489/clash
udp 0 0 :::36420 :::* 45489/clash
udp 0 0 :::7874 :::* 45489/clash
udp 0 0 :::7891 :::* 45489/clash
udp 0 0 :::7892 :::* 45489/clash
udp 0 0 :::7893 :::* 45489/clash
udp 0 0 :::7895 :::* 45489/clash
udp 0 0 :::46212 :::* 45489/clash
udp 0 0 :::50803 :::* 45489/clash
udp 0 0 :::55911 :::* 45489/clash
udp 0 0 :::60202 :::* 45489/clash
udp 0 0 :::60614 :::* 45489/clash
#===================== 测试本机DNS查询(www.baidu.com) =====================#
Server: 127.0.0.1
Address: 127.0.0.1:53
Name: www.baidu.com
Address: 198.18.0.129
#===================== 测试内核DNS查询(www.instagram.com) =====================#
#===================== resolv.conf.d =====================#
# Interface lan
nameserver 192.168.60.110
# Interface wan
nameserver 116.116.116.116
nameserver 221.5.88.88
# Interface wan_6
nameserver 2408:8888::8
nameserver 2408:8899::8
#===================== 测试本机网络连接(www.baidu.com) =====================#
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
#===================== 最近运行日志 =====================#
2023-03-11 12:27:36 OpenClash Start Running...
2023-03-11 12:27:36 Step 1: Get The Configuration...
2023-03-11 12:27:36 Step 2: Check The Components...
2023-03-11 12:27:36 Step 3: Modify The Config File...
2023-03-11 12:27:36 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:ZhxTS4Cp】
2023-03-11 12:27:37 Tip: Start Running Custom Overwrite Scripts...
2023-03-11 12:27:37 Step 4: Start Running The Clash Core...
2023-03-11 12:27:37 Tip: Detected The Exclusive Function of The Meta Core, Use Meta Core to Start...
2023-03-11 12:27:38 Step 5: Check The Core Status...
time="2023-03-11T04:27:38.307931055Z" level=info msg="Start initial configuration in progress"
time="2023-03-11T04:27:38.308507541Z" level=info msg="Geodata Loader mode: memconservative"
time="2023-03-11T04:27:38.310790839Z" level=warning msg="Deprecated: Use Sniff instead"
time="2023-03-11T04:27:38.310822677Z" level=info msg="Initial configuration complete, total time: 2ms"
time="2023-03-11T04:27:38.310902982Z" level=info msg="Authentication of local server updated"
time="2023-03-11T04:27:38.310933547Z" level=info msg="Sniffer is loaded and working"
time="2023-03-11T04:27:38.310956599Z" level=info msg="Use tcp concurrent"
time="2023-03-11T04:27:38.311251659Z" level=info msg="DNS server listening at: [::]:7874"
time="2023-03-11T04:27:38.311427464Z" level=info msg="Start initial compatible provider PROXY"
time="2023-03-11T04:27:38.31150854Z" level=info msg="RESTful API listening at: [::]:9090"
time="2023-03-11T04:27:38.31166998Z" level=info msg="Start initial compatible provider default"
time="2023-03-11T04:27:38.311790748Z" level=info msg="Start initial provider proxy"
time="2023-03-11T04:27:38.311857609Z" level=info msg="Start initial provider gfw"
time="2023-03-11T04:27:38.311887124Z" level=info msg="Start initial provider reject"
time="2023-03-11T04:27:38.317869486Z" level=info msg="Start initial provider private"
time="2023-03-11T04:27:38.311859089Z" level=info msg="Start initial provider cncidr"
time="2023-03-11T04:27:38.318627275Z" level=info msg="Start initial provider direct"
time="2023-03-11T04:27:38.311873559Z" level=info msg="Start initial provider lancidr"
time="2023-03-11T04:27:38.318631525Z" level=info msg="Start initial provider greatfire"
time="2023-03-11T04:27:38.31864355Z" level=info msg="Start initial provider google"
time="2023-03-11T04:27:38.318649504Z" level=info msg="Start initial provider applications"
time="2023-03-11T04:27:38.311877471Z" level=info msg="Start initial provider tld-not-cn"
time="2023-03-11T04:27:38.311881359Z" level=info msg="Start initial provider telegramcidr"
time="2023-03-11T04:27:38.318658Z" level=info msg="Start initial provider apple"
time="2023-03-11T04:27:38.318654003Z" level=info msg="Start initial provider icloud"
time="2023-03-11T04:27:38.540648874Z" level=info msg="HTTP proxy listening at: [::]:7890"
time="2023-03-11T04:27:38.540987264Z" level=info msg="SOCKS proxy listening at: [::]:7891"
time="2023-03-11T04:27:38.541091716Z" level=info msg="Redirect proxy listening at: [::]:7892"
time="2023-03-11T04:27:38.541281493Z" level=info msg="TProxy server listening at: [::]:7895"
time="2023-03-11T04:27:38.541376548Z" level=info msg="Mixed(http+socks) proxy listening at: [::]:7893"
time="2023-03-11T04:27:38.544856888Z" level=info msg="[TUN] Tun adapter listening at: utun([198.18.0.1/30],[fdfe:dcba:9876::1/126]), mtu: 9000, auto route: false, ip stack: System"
2023-03-11 12:27:41 Step 6: Wait For The File Downloading...
2023-03-11 12:27:41 Step 7: Set Firewall Rules...
2023-03-11 12:27:41 Tip: DNS Hijacking Mode is Dnsmasq Redirect...
2023-03-11 12:27:41 Tip: Firewall4 was Detected, Use NFTABLE Rules...
2023-03-11 12:27:41 Tip: Waiting for TUN Interface Start...
2023-03-11 12:27:41 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-03-11 12:27:41 Tip: Start Add Custom Firewall Rules...
2023-03-11 12:27:41 Step 8: Restart Dnsmasq...
2023-03-11 12:27:42 Step 9: Add Cron Rules, Start Daemons...
2023-03-11 12:27:42 Warning: OpenClash Start Successful, Please Note That Network May Abnormal With IPv6's DHCP Server
#===================== 活动连接信息 =====================#
1. SourceIP:【192.168.60.196】 - Host:【Empty】 - DestinationIP:【123.125.102.215】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.60.168】 - Host:【Empty】 - DestinationIP:【58.254.154.6】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.60.202】 - Host:【Empty】 - DestinationIP:【111.199.184.103】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
4. SourceIP:【192.168.60.202】 - Host:【Empty】 - DestinationIP:【223.82.41.16】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
5. SourceIP:【192.168.60.242】 - Host:【Empty】 - DestinationIP:【111.202.1.237】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
6. SourceIP:【192.168.60.124】 - Host:【Empty】 - DestinationIP:【123.125.102.215】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.60.20】 - Host:【Empty】 - DestinationIP:【36.110.233.85】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
8. SourceIP:【192.168.60.223】 - Host:【Empty】 - DestinationIP:【42.157.165.184】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
9. SourceIP:【192.168.60.202】 - Host:【Empty】 - DestinationIP:【175.153.161.61】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.60.223】 - Host:【Empty】 - DestinationIP:【42.157.165.184】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
我也是,刚才更新完,出现无法联网,最后关掉Meta可以正常上网了,应该还是Meta的问题
开debug去控制面板看看
今天刚刚又升级了一次,发现问题解决了。可以正常使用了,感谢。 升级前 升级后
@vernesong 我有点崩溃,我也是什么都没有改动,升级上来就dns不行,我把dns修改了。也不行。
检查你的DNS劫持是否正常啊,设备为啥会去访问8.8.8.8获取DNS呢
检查你的DNS劫持是否正常啊,设备为啥会去访问8.8.8.8获取DNS呢
正常的,我升级到新的版本,连网都上不了,baidu都不行,因为dns访问不了,我修改的是8.8.8.8.之前是https的dns的也不行,后面我修改成了114.114.114.114和8.8.8.8
最后试出来,我是猫棒,eth1是整了一个pppoe wan口一个猫棒的gm口用于访问光猫,在插件设置绑定pppoe wan就可以正常上网了
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
Verify Steps
OpenClash Version
v0.45.97-beta
Bug on Environment
Official OpenWrt
Bug on Platform
Linux-amd64(x86-64)
To Reproduce
在v0.45.87-beta上升级客户端,然后再升级内核。不做任何配置上的改变。
Describe the Bug
不做任何配置变更,更新到v0.45.97-beta后,youtube, twitter, google等都无法访问,github可以。状态页中的Youtube也是显示Access Timeout or Access Denied
OpenClash Log
OpenClash Log: ... Core Log: 2023-03-06 11:05:53 level=info msg="[TCP] 10.1.0.2:50983 --> 108.160.165.211:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:53 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:52 level=info msg="[TCP] 10.1.0.2:50979 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:52 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:50 level=info msg="[TCP] 10.1.0.2:50962 --> 108.160.165.211:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:50 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:48 level=info msg="[TCP] 10.1.0.2:50953 --> 44.240.236.177:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:48 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:47 level=info msg="[TCP] 10.1.0.2:50951 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:47 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:46 level=info msg="[TCP] 10.1.0.2:50946 --> 44.240.236.177:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:46 level=info msg="[TCP] 10.1.0.2:50945 --> 104.244.46.52:443 match IPCIDR(104.244.42.0/21) using Proxy[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:46 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:46 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:46 level=info msg="[TCP] 10.1.0.2:50940 --> 108.160.165.211:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:46 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:43 level=info msg="[TCP] 10.1.0.2:50926 --> 104.244.46.52:443 match IPCIDR(104.244.42.0/21) using Proxy[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:43 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:43 level=info msg="[TCP] 10.1.0.2:50921 --> 108.160.165.211:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:42 level=info msg="[TCP] 10.1.0.2:50922 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:42 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:42 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:40 level=info msg="[TCP] 10.1.0.2:50906 --> 31.13.91.33:443 match IPCIDR(31.13.64.0/18) using Proxy[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:40 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:37 level=info msg="[TCP] 10.1.0.2:50894 --> 125.39.104.15:443 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:37 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:37 level=info msg="[TCP] 10.1.0.2:50893 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:37 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:36 level=info msg="[TCP] 10.1.0.2:50888 --> 31.13.91.33:443 match IPCIDR(31.13.64.0/18) using Proxy[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:36 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:36 level=info msg="[TCP] 10.1.0.2:50885 --> 108.160.165.211:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:36 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:35 level=info msg="[TCP] 10.1.0.2:50875 --> 108.160.165.211:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:34 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:33 level=info msg="[TCP] 10.1.0.2:50865 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:33 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:32 level=info msg="[TCP] 10.1.0.2:50863 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:32 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:31 level=info msg="[TCP] 10.1.0.2:50856 --> 108.160.165.211:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:31 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:28 level=info msg="[TCP] 10.1.0.2:50836 --> 108.160.165.211:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:28 level=info msg="[TCP] 10.1.0.2:50837 --> 42.59.1.229:443 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:28 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:28 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:28 level=info msg="[TCP] 10.1.0.2:50834 --> 20.205.243.166:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:28 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:28 level=info msg="[TCP] 10.1.0.2:50831 --> 110.242.68.3:443 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:28 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:28 level=info msg="[TCP] 10.1.0.2:50829 --> 104.237.62.211:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:28 level=info msg="[TCP] 10.1.0.2:50827 --> 104.237.62.211:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:28 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:28 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:28 level=info msg="[TCP] 10.1.0.2:50826 --> 104.21.39.212:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:27 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:27 level=info msg="[TCP] 10.1.0.2:50819 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:27 level=info msg="[TCP] 10.1.0.2:50821 --> 42.59.16.167:443 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:27 level=info msg="[TCP] 10.1.0.2:50820 --> 175.174.56.220:443 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:27 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:27 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:27 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:25 level=warning msg="[TCP] dial DIRECT (match Match/) 10.1.0.2:50775 --> 193.11.166.194:27020 error: i/o timeout" 2023-03-06 11:05:22 level=info msg="[TCP] 10.1.0.2:50791 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:22 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:20 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:17 level=info msg="[TCP] 10.1.0.2:50763 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:17 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:12 level=info msg="[TCP] 10.1.0.2:50738 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:12 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:10 level=info msg="[TCP] 10.1.0.2:50727 --> 44.240.236.177:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:10 level=debug msg="[DNS] zzcm06.cacbce.com --> [120.240.50.243], from https://223.5.5.5:443/dns-query" 2023-03-06 11:05:10 level=debug msg="[DNS] resolve zzcm06.cacbce.com from https://223.5.5.5:443/dns-query" 2023-03-06 11:05:10 level=debug msg="[DNS] resolve zzcm06.cacbce.com from https://120.53.53.53:443/dns-query" 2023-03-06 11:05:10 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:09 level=info msg="[TCP] 10.1.0.2:50720 --> 112.65.193.155:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:09 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:07 level=info msg="[TCP] 10.1.0.2:50710 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:07 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:07 level=info msg="[TCP] 10.1.0.2:50709 --> 52.200.238.225:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:07 level=debug msg="[DNS] zzcm06.cacbce.com --> [120.240.50.243], from https://223.5.5.5:443/dns-query" 2023-03-06 11:05:07 level=debug msg="[DNS] resolve zzcm06.cacbce.com from https://223.5.5.5:443/dns-query" 2023-03-06 11:05:07 level=debug msg="[DNS] resolve zzcm06.cacbce.com from https://120.53.53.53:443/dns-query" 2023-03-06 11:05:07 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:03 level=info msg="[TCP] 10.1.0.2:50683 --> 123.125.109.246:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:03 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:03 level=info msg="[TCP] 10.1.0.2:50682 --> 13.33.211.209:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:02 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:02 level=info msg="[TCP] 10.1.0.2:50680 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:05:02 level=debug msg="[Rule] use default rules" 2023-03-06 11:05:00 level=info msg="[TCP] 10.1.0.2:50663 --> 54.68.209.158:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:05:00 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:59 level=info msg="[TCP] 10.1.0.2:50658 --> 54.68.209.158:443 match DstPort(443) using Others[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:04:59 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:57 level=info msg="[TCP] 10.1.0.2:50651 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:04:57 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:53 level=info msg="[TCP] 10.1.0.2:50630 --> 112.65.193.155:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:04:53 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:52 level=info msg="[TCP] 10.1.0.2:50625 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:04:52 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:50 level=info msg="[TCP] 10.1.0.2:50614 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:04:50 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:47 level=info msg="[TCP] 10.1.0.2:50598 --> 112.65.193.155:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:04:47 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:47 level=info msg="[TCP] 10.1.0.2:50594 --> 104.244.46.52:443 match IPCIDR(104.244.42.0/21) using Proxy[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:04:47 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:43 level=info msg="[TCP] 10.1.0.2:50576 --> 104.244.46.52:443 match IPCIDR(104.244.42.0/21) using Proxy[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:04:43 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:42 level=info msg="[TCP] 10.1.0.2:50571 --> 140.207.122.197:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:04:42 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:41 level=info msg="[TCP] 10.1.0.2:50562 --> 112.65.193.155:80 match GeoIP(CN) using Domestic[DIRECT]" 2023-03-06 11:04:41 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:40 level=info msg="[TCP] 10.1.0.2:50555 --> 31.13.91.33:443 match IPCIDR(31.13.64.0/18) using Proxy[AA-香港HKT-05c 语音游戏]" 2023-03-06 11:04:40 level=debug msg="[Rule] use default rules" 2023-03-06 11:04:39 level=warning msg="[TCP] dial DIRECT (match Match/) 10.1.0.2:50520 --> 193.11.166.194:27025 error: i/o timeout"
OpenClash Config
No response
Expected Behavior
期待可以正常访问。
Screenshots