vernesong
commented
4 years ago 仅代理命中规则开启后,不在规则里的连接走的是直连
Closed vincentcn closed 2 years ago
vernesong
commented
4 years ago 仅代理命中规则开启后,不在规则里的连接走的是直连
vincentcn
commented
4 years ago 谢谢这么快的回复。
关闭仅命中规则之后,外网都可以使用了。
但是开启之后,感觉国内的网站打开有点慢了,是不是大部分地址都走代理了,然后一部分通过GeoIP识别为国内IP后又返回了? 还有,淘宝经常被识别到海外。
机场使用的Dler Cloud, 有什么推荐的规则或者配置么。
多谢!
vernesong
commented
4 years ago 你多加几个dns,规则一般没问题
github-actions[bot]
commented
2 years ago This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
升级之后好像路由污染一直无法解决。外网有的网站能上,有的不能。 IPV6-DHCP已经关闭,调试日志如下。麻烦帮看一下。谢谢
OpenClash 调试日志
生成时间: 2020-08-11 00:21:34 插件版本: v0.38.9-beta
===================== 系统信息 =====================
主机型号: NETGEAR R6100 固件版本: OpenWrt 19.07.2 r10947-65030d81f3 LuCI版本: git-20.115.52331-39a8290-1 内核版本: 4.14.171 处理器架构: mips_24kc
此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT
此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
===================== 依赖检查 =====================
dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 jsonfilter: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 iptables-mod-tproxy: 已安装 kmod-tun(TUN模式): 未安装 luci-compat(Luci-19.07): 已安装
===================== 内核检查 =====================
运行状态: 运行中 已选择的架构: linux-mips-softfloat
下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: Tun内核文件: 不存在 Tun内核运行权限: 否
Game内核版本: Game内核文件: 不存在 Game内核运行权限: 否
Dev内核版本: v1.0.0-23-gb1d9dfd Dev内核文件: 存在 Dev内核运行权限: 正常
===================== 插件设置 =====================
当前配置文件: /etc/openclash/config/dler.yaml 运行模式: fake-ip 默认代理模式: Rule UDP流量转发: 启用 DNS劫持: 启用 自定义DNS: 停用 IPV6-DNS解析: 停用 禁用Dnsmasq缓存: 停用 自定义规则: 停用 仅允许内网: 停用 仅代理命中规则流量: 启用
启动异常时建议关闭此项后重试
保留配置: 停用 第三方规则: 停用
===================== 配置文件 =====================
port: 7890 socks-port: 7891 mixed-port: 8899 allow-lan: true bind-address: "*" mode: Rule log-level: silent external-controller: 0.0.0.0:9090 experimental: ignore-resolve-fail: true redir-port: 7892 secret: "123456" external-ui: "/usr/share/openclash/dashboard" dns: enable: true ipv6: false enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 listen: 127.0.0.1:7874 fake-ip-filter:
Custom fake-ip-filter
Custom fake-ip-filter END
nameserver:
===================== 防火墙设置 =====================
NAT chain
Chain PREROUTING (policy ACCEPT) num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 8.8.4.4 redir ports 7892 2 REDIRECT tcp -- 0.0.0.0/0 8.8.8.8 redir ports 7892 3 prerouting_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom prerouting rule chain / 4 zone_lan_prerouting all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 / 5 zone_wan_prerouting all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 / 6 openclash tcp -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT) num target prot opt source destination
1 openclash_output tcp -- 0.0.0.0/0 0.0.0.0/0
Mangle chain
Chain PREROUTING (policy ACCEPT) num target prot opt source destination
1 openclash udp -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT) num target prot opt source destination
===================== 路由表状态 =====================
route -n
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
ip route list
default via 192.168.1.1 dev eth0 proto static src 192.168.1.3 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.3 192.168.10.0/24 dev br-lan proto kernel scope link src 192.168.10.1
ip rule show
0: from all lookup local 32765: from all fwmark 0x162 lookup 354 32766: from all lookup main 32767: from all lookup default
===================== 端口占用状态 =====================
tcp 0 0 :::9090 ::: LISTEN 2335/clash tcp 0 0 :::8899 ::: LISTEN 2335/clash tcp 0 0 :::7890 ::: LISTEN 2335/clash tcp 0 0 :::7891 ::: LISTEN 2335/clash tcp 0 0 :::7892 ::: LISTEN 2335/clash udp 0 0 127.0.0.1:7874 0.0.0.0: 2335/clash udp 0 0 :::8899 ::: 2335/clash udp 0 0 :::60111 ::: 2335/clash udp 0 0 :::7891 ::: 2335/clash udp 0 0 :::48340 ::: 2335/clash udp 0 0 :::7892 ::: 2335/clash udp 0 0 :::35551 ::: 2335/clash udp 0 0 :::56799 ::: 2335/clash udp 0 0 :::50681 ::: 2335/clash udp 0 0 :::53499 ::: 2335/clash udp 0 0 :::41217 ::: 2335/clash udp 0 0 :::44042 ::: 2335/clash udp 0 0 :::59454 ::: 2335/clash udp 0 0 :::59980 ::: 2335/clash udp 0 0 :::52311 ::: 2335/clash udp 0 0 :::50264 ::: 2335/clash udp 0 0 :::58209 ::: 2335/clash udp 0 0 :::47982 ::: 2335/clash udp 0 0 :::42608 ::: 2335/clash udp 0 0 :::43142 ::: 2335/clash udp 0 0 :::43402 ::: 2335/clash udp 0 0 :::33170 ::: 2335/clash udp 0 0 :::39083 ::: 2335/clash udp 0 0 :::53427 :::* 2335/clash
===================== 测试本机DNS查询 =====================
Server: 127.0.0.1 Address: 127.0.0.1#53
Name: www.baidu.com Address 1: 198.18.0.45 *** Can't find www.baidu.com: No answer
===================== resolv.conf.auto =====================
Interface wan
nameserver 192.168.1.1
Interface wan6
nameserver 240e:58:c000:1000:116:228:111:118 nameserver 240e:58:c000:1600:180:168:255:18
===================== 测试本机网络连接 =====================
HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Connection: keep-alive Content-Length: 277 Content-Type: text/html Date: Mon, 10 Aug 2020 16:21:50 GMT Etag: "575e1f60-115" Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT Pragma: no-cache Server: bfe/1.0.8.18
===================== 测试本机网络下载 =====================
HTTP/1.1 200 Connection established
HTTP/1.1 200 OK Connection: keep-alive Content-Length: 78 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: text/plain; charset=utf-8 ETag: "56417554e8a02b424cd394a68a2a5bad09c7fe082354c7ba869cbdf81b0bd750" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block Via: 1.1 varnish (Varnish/6.0) X-GitHub-Request-Id: 1D22:4F41:7AE5E5:91391E:5F316CE6 Accept-Ranges: bytes Date: Mon, 10 Aug 2020 16:21:51 GMT Via: 1.1 varnish X-Served-By: cache-hkg17930-HKG X-Cache: HIT, HIT X-Cache-Hits: 1, 1 X-Timer: S1597076512.662264,VS0,VE1 Vary: Authorization,Accept-Encoding Access-Control-Allow-Origin: * X-Fastly-Request-ID: ecc83a8ef276954136ba20bc6e016b10f304c8f9 Expires: Mon, 10 Aug 2020 16:26:51 GMT Source-Age: 15
===================== 最近运行日志 =====================
time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Domestic" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Telegram" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Microsoft" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider AsianTV" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Spotify" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider GlobalTV" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Netease Music" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Steam" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Netflix" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider AdBlock" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Apple" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Youtube" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Auto - UrlTest" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Proxy" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider PayPal" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Speedtest" time="2020-08-10T16:13:04Z" level=info msg="Start initial compatible provider Others" 2020-08-11 00:11:40 OpenClash Start Successful 2020-08-11 00:20:09 OpenClash Reload After Firewall Restart