vernesong
commented
4 years ago AdguardHome不要开任何劫持选项
Closed zfh18 closed 3 years ago
vernesong
commented
4 years ago AdguardHome不要开任何劫持选项
zfh18
commented
4 years ago AdguardHome不要开任何劫持选项
AdguardHome没有开任何劫持
vernesong
commented
4 years ago 
这里是有返回fakeip的呀
zfh18
commented
4 years ago Fake-IP域名黑名单中有中的一些域名返回不了真实IP,如y.qq.com
root@OpenWrt:~# nslookup y.qq.com Server: 127.0.0.1 Address: 127.0.0.1#53
Can't find y.qq.com: Parse error Can't find y.qq.com: No answer
vernesong
commented
4 years ago 意思是clash在路由本机的查询受阻,clash自身是工作正常的,但是他向上游查询时得不到结果,具体原因目前无法判断,可能是上游阻止了来自自身发起的DNS查询
环境: 本地DNS支持:启用 自定义上游DNS服务器:启用(127.0.0.1:5553 AdguardHome) 禁止Dnsmasq缓存DNS:启用 高级设置:启用 Fake-IP域名黑名单中有y.qq.com
root@OpenWrt:~# nslookup y.qq.com Server: 127.0.0.1 Address: 127.0.0.1#53
Can't find y.qq.com: Parse error Can't find y.qq.com: No answer
root@OpenWrt:~# nslookup y.qq.com 127.0.0.1#53 Server: 127.0.0.1 Address: 127.0.0.1#53
Can't find y.qq.com: Parse error Can't find y.qq.com: No answer
root@OpenWrt:~# nslookup y.qq.com 127.0.0.1#7874 Server: 127.0.0.1 Address: 127.0.0.1#7874
Can't find y.qq.com: Parse error Can't find y.qq.com: No answer
root@OpenWrt:~# nslookup y.qq.com 127.0.0.1#5553 Server: 127.0.0.1 Address: 127.0.0.1#5553
Name: y.qq.com y.qq.com canonical name = music.qq.com Name: music.qq.com music.qq.com canonical name = ssdv6mid.tcdn.qq.com Name: ssdv6mid.tcdn.qq.com ssdv6mid.tcdn.qq.com canonical name = ssdv6.tcdn.qq.com Name: ssdv6.tcdn.qq.com Address 1: 59.63.237.105 Address 2: 119.147.227.85 Address 3: 58.49.157.229 Address 4: 113.96.156.217 Address 5: 125.94.49.78 Address 6: 122.228.0.223 Address 7: 113.96.83.67 Address 8: 119.147.227.112 y.qq.com canonical name = music.qq.com music.qq.com canonical name = ssdv6mid.tcdn.qq.com ssdv6mid.tcdn.qq.com canonical name = ssdv6.tcdn.qq.com Address 9: 240e:97f:3000:a02:24:: Address 10: 240e:97d:2010:101:31:: Address 11: 240e:97d:5000:110:21:: Address 12: 240e:97d:2010:101:23:: Address 13: 240e:97d:5000:110:1e:: Address 14: 240e:97d:5000:110:1d:: Address 15: 240e:97f:3000:a02:25:: Address 16: 240e:97d:5000:110:19::
路由器下的客户端可以正常得到IP PS C:\Users\zfh73> nslookup y.qq.com 服务器: UnKnown Address: 192.168.50.20
名称: ssdv6.tcdn.qq.com Addresses: 119.147.227.112 122.246.6.51 113.96.156.217 125.94.49.78 59.63.237.105 119.147.227.85 113.96.83.67 122.228.0.223 Aliases: y.qq.com music.qq.com ssdv6mid.tcdn.qq.com
OpenClash 调试日志
生成时间: 2020-05-24 07:49:52 插件版本: v0.38.3-beta
===================== 系统信息 =====================
主机型号: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz : 1 Core 4 Thread 固件版本: OpenWrt SNAPSHOT r0-8ad037a LuCI版本: git-20.117.60969-420c61a-1 内核版本: 4.19.115 处理器架构: x86_64
此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT
此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
===================== 依赖检查 =====================
dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 jsonfilter: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 iptables-mod-tproxy: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci-19.07): 未安装
===================== 内核检查 =====================
运行状态: 运行中 已选择的架构: linux-amd64
下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2020.05.08 Tun内核文件: 存在 Tun内核运行权限: 正常
Game内核版本: 20200510 Game内核文件: 存在 Game内核运行权限: 正常
Dev内核版本: premium-3-g5073c3c Dev内核文件: 存在 Dev内核运行权限: 正常
===================== 插件设置 =====================
当前配置文件: /etc/openclash/config/ConnersHua_Clash.yaml 运行模式: fake-ip-vpn 默认代理模式: Rule UDP流量转发: 停用 DNS劫持: 启用 自定义DNS: 启用 IPV6-DNS解析: 停用 禁用Dnsmasq缓存: 启用 自定义规则: 启用 仅允许内网: 停用 仅代理命中规则流量: 停用
启动异常时建议关闭此项后重试
保留配置: 停用
启动异常时建议关闭此项后重试
第三方规则: ConnersHua 第三方规则策略组设置: GlobalTV: GlobalMedia AsianTV: HKMTMedia Proxy: PROXY Apple: Apple Netflix: Spotify: Steam: AdBlock: Hijacking Netease Music: Speedtest: Telegram: Microsoft: PayPal: Domestic: DIRECT Others: Final
读取的配置文件策略组: UrlTest PROXY Final Apple GlobalMedia HKMTMedia Hijacking DIRECT REJECT
===================== 自定义规则 一 =====================
- DOMAIN-SUFFIX,google.com,Proxy 匹配域名后缀(交由Proxy代理服务器组)
- DOMAIN-KEYWORD,google,Proxy 匹配域名关键字(交由Proxy代理服务器组)
- DOMAIN,google.com,Proxy 匹配域名(交由Proxy代理服务器组)
- DOMAIN-SUFFIX,ad.com,REJECT 匹配域名后缀(拒绝)
- IP-CIDR,127.0.0.0/8,DIRECT 匹配数据目标IP(直连)
- SRC-IP-CIDR,192.168.1.201/32,DIRECT 匹配数据发起IP(直连)
- DST-PORT,80,DIRECT 匹配数据目标端口(直连)
- SRC-PORT,7777,DIRECT 匹配数据源端口(直连)
排序在上的规则优先生效,如添加(去除规则前的#号):
IP段:192.168.1.2-192.168.1.200 直连
- SRC-IP-CIDR,192.168.1.2/31,DIRECT
- SRC-IP-CIDR,192.168.1.4/30,DIRECT
- SRC-IP-CIDR,192.168.1.8/29,DIRECT
- SRC-IP-CIDR,192.168.1.16/28,DIRECT
- SRC-IP-CIDR,192.168.1.32/27,DIRECT
- SRC-IP-CIDR,192.168.1.64/26,DIRECT
- SRC-IP-CIDR,192.168.1.128/26,DIRECT
- SRC-IP-CIDR,192.168.1.192/29,DIRECT
- SRC-IP-CIDR,192.168.1.200/32,DIRECT
IP段:192.168.1.202-192.168.1.255 直连
- SRC-IP-CIDR,192.168.1.202/31,DIRECT
- SRC-IP-CIDR,192.168.1.204/30,DIRECT
- SRC-IP-CIDR,192.168.1.208/28,DIRECT
- SRC-IP-CIDR,192.168.1.224/27,DIRECT
此时IP为192.168.1.1和192.168.1.201的客户端流量走代理(策略),其余客户端不走代理
因为Fake-IP模式下,IP地址为192.168.1.1的路由器自身流量可走代理(策略),所以需要排除
在线IP段转CIDR地址:http://ip2cidr.com
===================== 自定义规则 二 =====================
- DOMAIN-SUFFIX,google.com,Proxy 匹配域名后缀(交由Proxy代理服务器组)
- DOMAIN-KEYWORD,google,Proxy 匹配域名关键字(交由Proxy代理服务器组)
- DOMAIN,google.com,Proxy 匹配域名(交由Proxy代理服务器组)
- DOMAIN-SUFFIX,ad.com,REJECT 匹配域名后缀(拒绝)
- IP-CIDR,127.0.0.0/8,DIRECT 匹配数据目标IP(直连)
- SRC-IP-CIDR,192.168.1.201/32,DIRECT 匹配数据发起IP(直连)
- DST-PORT,80,DIRECT 匹配数据目标端口(直连)
- SRC-PORT,7777,DIRECT 匹配数据源端口(直连)
===================== 配置文件 =====================
port: 7890 socks-port: 7891 allow-lan: true bind-address: "*" mode: Rule log-level: silent external-controller: 0.0.0.0:6170 redir-port: 7892 secret: "" external-ui: "/usr/share/openclash/dashboard" tun: enable: true device-url: dev://clash0 dns-listen: 0.0.0.0:53 dns: enable: true ipv6: false listen: 127.0.0.1:7874 enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 fake-ip-filter:
Custom fake-ip-filter
Custom fake-ip-filter END
Custom DNS
nameserver:
===================== 防火墙设置 =====================
NAT chain
Chain PREROUTING (policy ACCEPT) num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 2 CLOUD_MUSIC tcp -- 0.0.0.0/0 0.0.0.0/0 match-set music dst 3 REDIRECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 redir ports 53 4 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 redir ports 53 5 prerouting_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom prerouting rule chain / 6 zone_lan_prerouting all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 / Chain OUTPUT (policy ACCEPT) num target prot opt source destination
Mangle chain
Chain PREROUTING (policy ACCEPT) num target prot opt source destination
1 MARK all -- 0.0.0.0/0 0.0.0.0/0 ! match-set localnetwork dst MARK set 0x162 Chain OUTPUT (policy ACCEPT) num target prot opt source destination
1 openclash all -- 0.0.0.0/0 0.0.0.0/0
===================== 路由表状态 =====================
route -n
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.50.50 0.0.0.0 UG 0 0 0 br-lan 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
ip route list
default via 192.168.50.50 dev br-lan proto static 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 192.168.50.0/24 dev br-lan proto kernel scope link src 192.168.50.20
ip rule show
0: from all lookup local 32765: from all fwmark 0x162 lookup 354 32766: from all lookup main 32767: from all lookup default
===================== Tun设备状态 =====================
clash0: tun persist user 0
===================== 端口占用状态 =====================
tcp 0 0 :::7892 ::: LISTEN 25608/clash tcp 0 0 :::6170 ::: LISTEN 25608/clash tcp 0 0 :::6060 ::: LISTEN 25608/clash tcp 0 0 :::7890 ::: LISTEN 25608/clash tcp 0 0 :::7891 ::: LISTEN 25608/clash udp 0 0 127.0.0.1:7874 0.0.0.0: 25608/clash udp 0 0 :::50543 ::: 25608/clash udp 0 0 :::7891 ::: 25608/clash udp 0 0 :::7892 ::: 25608/clash udp 0 0 :::58230 ::: 25608/clash
===================== 测试本机DNS查询 =====================
Server: 127.0.0.1 Address: 127.0.0.1#53
Name: www.baidu.com Address 1: 198.18.0.48 *** Can't find www.baidu.com: No answer
===================== resolv.conf.auto =====================
Interface lan
nameserver 119.29.29.29
===================== 测试本机网络连接 =====================
HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Connection: keep-alive Content-Length: 277 Content-Type: text/html Date: Sat, 23 May 2020 23:49:53 GMT Etag: "575e1f72-115" Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT Pragma: no-cache Server: bfe/1.0.8.18
===================== 测试本机网络下载 =====================
HTTP/1.1 200 Connection established
HTTP/1.1 200 OK Connection: keep-alive Content-Length: 78 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: text/plain; charset=utf-8 ETag: W/"5b296a55e9d4d4ced1cbbb8c68eee93eed4101639e22f93e0e330e4a4961fda1" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block Via: 1.1 varnish (Varnish/6.0) X-GitHub-Request-Id: 331C:4075:F248:130D9:5EC964A5 Accept-Ranges: bytes Date: Sat, 23 May 2020 23:49:53 GMT Via: 1.1 varnish X-Served-By: cache-hkg17924-HKG X-Cache: HIT, HIT X-Cache-Hits: 2, 1 X-Timer: S1590277794.597675,VS0,VE0 Vary: Authorization,Accept-Encoding Access-Control-Allow-Origin: * X-Fastly-Request-ID: 69c79487c23db630360d689e316092448dfa5303 Expires: Sat, 23 May 2020 23:54:53 GMT Source-Age: 145
===================== 最近运行日志 =====================
time="2020-05-23T23:35:51Z" level=info msg="Start initial compatible provider Final" time="2020-05-23T23:35:51Z" level=info msg="Start initial compatible provider Hijacking" time="2020-05-23T23:35:51Z" level=info msg="Start initial compatible provider Apple" time="2020-05-23T23:35:51Z" level=info msg="DNS server listening at: 127.0.0.1:7874" 2020-05-24 07:35:49 OpenClash Start Successful time="2020-05-23T23:36:35Z" level=info msg="Start initial compatible provider UrlTest" time="2020-05-23T23:36:35Z" level=info msg="Start initial compatible provider PROXY" time="2020-05-23T23:36:35Z" level=info msg="Start initial compatible provider HKMTMedia" time="2020-05-23T23:36:35Z" level=info msg="Start initial compatible provider Apple" time="2020-05-23T23:36:35Z" level=info msg="Start initial compatible provider Final" time="2020-05-23T23:36:35Z" level=info msg="Start initial compatible provider GlobalMedia" time="2020-05-23T23:36:35Z" level=info msg="Start initial compatible provider Hijacking" 2020-05-24 07:36:33 OpenClash Start Successful time="2020-05-23T23:37:00Z" level=info msg="Start initial compatible provider Hijacking" time="2020-05-23T23:37:00Z" level=info msg="Start initial compatible provider Apple" time="2020-05-23T23:37:00Z" level=info msg="Start initial compatible provider UrlTest" time="2020-05-23T23:37:00Z" level=info msg="Start initial compatible provider PROXY" time="2020-05-23T23:37:00Z" level=info msg="Start initial compatible provider GlobalMedia" time="2020-05-23T23:37:00Z" level=info msg="Start initial compatible provider Final" time="2020-05-23T23:37:00Z" level=info msg="Start initial compatible provider HKMTMedia" 2020-05-24 07:36:58 OpenClash Start Successful time="2020-05-23T23:38:18Z" level=info msg="Start initial compatible provider Apple" time="2020-05-23T23:38:18Z" level=info msg="Start initial compatible provider HKMTMedia" time="2020-05-23T23:38:18Z" level=info msg="Start initial compatible provider GlobalMedia" time="2020-05-23T23:38:18Z" level=info msg="Start initial compatible provider Final" time="2020-05-23T23:38:18Z" level=info msg="Start initial compatible provider UrlTest" time="2020-05-23T23:38:18Z" level=info msg="Start initial compatible provider PROXY" time="2020-05-23T23:38:18Z" level=info msg="Start initial compatible provider Hijacking" time="2020-05-23T23:38:18Z" level=info msg="DNS server listening at: 127.0.0.1:7874" 2020-05-24 07:38:16 OpenClash Start Successful
nslookup不能得到IP的时候,影响DDNS解析