分流规则无法匹配

[Villxx]

V40.14 分流全部由MATCH主导了，除了geoip cn和Netflix的规则，其他基本都是失效状态。 MATCH选择节点可以正常翻墙，选直连就无法了。 OpenClash 调试日志

生成时间: 2020-10-28 22:17:33 插件版本: v0.40.14-beta

#===================== 系统信息 =====================#
主机型号: Intel(R) Celeron(R) CPU 3965U @ 2.20GHz : 2 Core 2 Thread
固件版本: OpenWrt SNAPSHOT r2929-cf7c3b399
LuCI版本: git-20.256.12360-1a54222-1
内核版本: 5.4.72
处理器架构: x86_64

#此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT

#此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: server

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
jsonfilter: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
iptables-mod-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装

#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 16714
运行权限: 16714: = cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource+eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2020.10.26.gc025a01
Tun内核文件: 存在
Tun内核运行权限: 正常

Game内核版本: v0.17.0-219-g9ac38a4
Game内核文件: 存在
Game内核运行权限: 正常

Dev内核版本: v1.2.0-10-gba060bd
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/ABXYvvv.yaml
运行模式: redir-host-mix
默认代理模式: rule
UDP流量转发: 停用
DNS劫持: 启用
自定义DNS: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 启用
绕过中国大陆IP: 停用

#启动异常时建议关闭此项后重试
保留配置: 停用
第三方规则: 停用

#===================== 配置文件 =====================#
redir-port: 7892
interface-name: pppoe-wan
port: 7890
socks-port: 7891
ipv6: false
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
allow-lan: true
bind-address: "*"
external-ui: "/usr/share/openclash/dashboard"
tun:
  enable: true
  stack: system
  dns-hijack:
    - tcp://8.8.8.8:53
    - tcp://8.8.4.4:53
hosts:
##Custom HOSTS##
#  experimental hosts, support wildcard (e.g. *.clash.dev Even *.foo.*.example.com)
#  static domain has a higher priority than wildcard domain (foo.example.com > *.example.com)
#  NOTE: hosts don't work with `fake-ip`

#  '*.clash.dev': 127.0.0.1
#  'alpha.clash.dev': '::1'
##Custom HOSTS END##
dns:
  use-hosts: true
  listen: 127.0.0.1:7874
  enable: true
  ipv6: false
  enhanced-mode: redir-host
  nameserver:
    - 114.114.114.114
    - 119.29.29.29
  fallback:
    - https://cloudflare-dns.com/dns-query
    - https://dns.google/dns-query
    - https://1.1.1.1/dns-query
    - tls://8.8.8.8:853
  fallback-filter:
    geoip: true
    ipcidr:
      - 0.0.0.0/8
      - 10.0.0.0/8
      - 100.64.0.0/10
      - 127.0.0.0/8
      - 169.254.0.0/16
      - 172.16.0.0/12
      - 192.0.0.0/24
      - 192.0.2.0/24
      - 192.88.99.0/24
      - 192.168.0.0/16
      - 198.18.0.0/15
      - 198.51.100.0/24
      - 203.0.113.0/24
      - 224.0.0.0/4
      - 240.0.0.0/4
      - 255.255.255.255/32

#===================== 防火墙设置 =====================#

#NAT chain

# Generated by iptables-save v1.8.4 on Wed Oct 28 22:17:33 2020
*nat
:PREROUTING ACCEPT [632:220586]
:INPUT ACCEPT [955:158973]
:OUTPUT ACCEPT [1051:73852]
:POSTROUTING ACCEPT [233:23080]
:ADBYBY - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -j ACCEPT
-A PREROUTING -d 8.8.8.8/32 -p tcp -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 80 -j ADBYBY
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A ADBYBY -d 0.0.0.0/8 -j RETURN
-A ADBYBY -d 10.0.0.0/8 -j RETURN
-A ADBYBY -d 127.0.0.0/8 -j RETURN
-A ADBYBY -d 169.254.0.0/16 -j RETURN
-A ADBYBY -d 172.16.0.0/12 -j RETURN
-A ADBYBY -d 192.168.0.0/16 -j RETURN
-A ADBYBY -d 224.0.0.0/4 -j RETURN
-A ADBYBY -d 240.0.0.0/4 -j RETURN
-A ADBYBY -m set --match-set adbyby_esc dst -j RETURN
-A ADBYBY -m set ! --match-set adbyby_wan dst -j RETURN
-A ADBYBY -m set --match-set music dst -j RETURN
-A ADBYBY -p tcp -j REDIRECT --to-ports 8118
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -m multiport --dports 80,443 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Wed Oct 28 22:17:33 2020

#Mangle chain

# Generated by iptables-save v1.8.4 on Wed Oct 28 22:17:33 2020
*mangle
:PREROUTING ACCEPT [49682:36081293]
:INPUT ACCEPT [47406:35501893]
:FORWARD ACCEPT [2062:488797]
:OUTPUT ACCEPT [34249:34926439]
:POSTROUTING ACCEPT [36316:35415784]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
-A PREROUTING -p udp -j openclash
-A PREROUTING -p tcp -m tcp --dport 53 -j openclash_dns_hijack
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.1.154/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.154/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.173/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.173/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.183/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.183/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.176/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.176/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.187/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.187/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_INPUT -i pppoe-wan -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A RRDIPT_OUTPUT -o pppoe-wan -j RETURN
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 546 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -d 8.8.8.8/32 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -d 8.8.4.4/32 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Wed Oct 28 22:17:33 2020

#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         100.64.0.1      0.0.0.0         UG    0      0        0 pppoe-wan
100.64.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
198.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 utun
#ip route list
default via 100.64.0.1 dev pppoe-wan proto static 
100.64.0.1 dev pppoe-wan proto kernel scope link src 100.64.40.90 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== Tun设备状态 =====================#
utun: tun pi filter

#===================== 端口占用状态 =====================#
tcp        0      0 198.18.0.1:7777         0.0.0.0:*               LISTEN      16714/clash
tcp        0      0 :::7890                 :::*                    LISTEN      16714/clash
tcp        0      0 :::7891                 :::*                    LISTEN      16714/clash
tcp        0      0 :::7892                 :::*                    LISTEN      16714/clash
tcp        0      0 :::9090                 :::*                    LISTEN      16714/clash
udp        0      0 198.18.0.1:7777         0.0.0.0:*                           16714/clash
udp        0      0 127.0.0.1:7874          0.0.0.0:*                           16714/clash
udp        0      0 :::56360                :::*                                16714/clash
udp        0      0 :::7891                 :::*                                16714/clash
udp        0      0 :::7892                 :::*                                16714/clash
udp        0      0 :::53871                :::*                                16714/clash
udp        0      0 :::38289                :::*                                16714/clash
udp        0      0 :::34808                :::*                                16714/clash

#===================== 测试本机DNS查询 =====================#
Server:     127.0.0.1
Address:    127.0.0.1#53

Name:      www.baidu.com
www.baidu.com   canonical name = www.a.shifen.com
Name:      www.a.shifen.com
Address 1: 14.215.177.39
Address 2: 14.215.177.38
*** Can't find www.baidu.com: No answer

#===================== resolv.conf.d =====================#
# Interface wan
nameserver 202.96.128.86
nameserver 202.96.134.33

#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Wed, 28 Oct 2020 14:17:33 GMT
Etag: "575e1f72-115"
Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Content-Type: text/plain; charset=utf-8
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
ETag: "b74804a12fab8f8fb1f5f09b0155e6a72aa8ff8c6440e346122b0e45ae33e2fe"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Via: 1.1 varnish (Varnish/6.0)
X-GitHub-Request-Id: CF90:5F95:10A19D:11876C:5F995D85
Accept-Ranges: bytes
Date: Wed, 28 Oct 2020 14:17:34 GMT
Via: 1.1 varnish
X-Served-By: cache-hkg17930-HKG
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
X-Timer: S1603894654.782256,VS0,VE287
Vary: Authorization,Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: e8bbbd9e37ccf6918ffe33c10ae3b30d02828daf
Expires: Wed, 28 Oct 2020 14:22:34 GMT
Source-Age: 206

#===================== 最近运行日志 =====================#
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial compatible provider PayPal"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial compatible provider Netflix"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial compatible provider Speedtest"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial compatible provider PROXY"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial compatible provider TikTok"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial compatible provider Apple"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial rule provider ChinaIPs"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial rule provider Apple"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial rule provider Streaming"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial rule provider China"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial rule provider Global"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial rule provider PayPal"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial rule provider Speedtest"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial rule provider StreamingSE"
time="2020-10-28T22:07:35+08:00" level=info msg="Start initial rule provider Advertising"
time="2020-10-28T22:07:36+08:00" level=info msg="Start initial rule provider Netflix"
time="2020-10-28T22:07:36+08:00" level=info msg="Start initial rule provider TikTok"
time="2020-10-28T22:07:36+08:00" level=info msg="Start initial rule provider Unbreak"
time="2020-10-28T22:07:36+08:00" level=info msg="DNS server listening at: 127.0.0.1:7874"
2020-10-28 22:07:29 Warning: OpenClash Start Successful, Please Note That Network May Abnormal With IPV6's DHCP Server
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial provider HK"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial provider SG"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial provider US"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial provider TW"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial provider JP"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial provider KR"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial provider Other"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial compatible provider TikTok"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial compatible provider PayPal"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial compatible provider Speedtest"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial compatible provider Apple"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial compatible provider StreamingSE"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial compatible provider Streaming"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial compatible provider Guard"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial compatible provider PROXY"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial compatible provider Netflix"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial rule provider StreamingSE"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial rule provider China"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial rule provider PayPal"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial rule provider Streaming"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial rule provider Netflix"
time="2020-10-28T22:10:41+08:00" level=info msg="Start initial rule provider Advertising"
time="2020-10-28T22:10:42+08:00" level=info msg="Start initial rule provider Global"
time="2020-10-28T22:10:42+08:00" level=info msg="Start initial rule provider ChinaIPs"
time="2020-10-28T22:10:42+08:00" level=info msg="Start initial rule provider TikTok"
time="2020-10-28T22:10:42+08:00" level=info msg="Start initial rule provider Apple"
time="2020-10-28T22:10:42+08:00" level=info msg="Start initial rule provider Speedtest"
time="2020-10-28T22:10:42+08:00" level=info msg="Start initial rule provider Unbreak"
time="2020-10-28T22:10:42+08:00" level=info msg="DNS server listening at: 127.0.0.1:7874"
2020-10-28 22:10:34 Warning: OpenClash Start Successful, Please Note That Network May Abnormal With IPV6's DHCP Server

[vernesong]

去广告关了

[vernesong]

仅代理命中规则流量: 启用

[Villxx]

仅代理命中规则流量：启用之后MATCH就强制设置成直连了。 删掉去广告规则依然。。 172.217.6.78:443 TCP Redir MATCH --> PROXY --> US --> [SS] 美国 03 Match ↑ 73 B/s 2.34 KB 3.23 KB 1 分钟内 104.193.88.123:443 TCP Redir MATCH --> PROXY --> US --> [SS] 美国 03 Match

568 B 147 B 1 分钟内 chrome.cloudflare-dns.com:443 TCP Redir MATCH --> PROXY --> US --> [SS] 03 Match

2.47 KB 7.21 KB 几秒内 chrome.cloudflare-dns.com:443 TCP Redir MATCH --> PROXY --> US --> [SS] 03 Match

1.46 KB 2.61 KB 几秒内 151.101.129.21:443 TCP Redir MATCH --> PROXY --> US --> [SS] 美国 03 Match

1.64 KB 38.11 KB 几秒内 151.101.130.133:443 TCP Redir MATCH --> PROXY --> US --> [SS] 美国 03 Match

2.95 KB 4.49 MB 几秒内 151.101.130.133:443 TCP Redir MATCH --> PROXY --> US --> [SS] 美国 03 Match

1.45 KB 23.74 KB 几秒内 151.101.193.35:443 TCP Redir MATCH --> PROXY --> US --> [SS] 美国 03 Match

2.72 KB 5.35 KB 几秒内 23.202.61.22:80 TCP Redir MATCH --> PROXY --> US --> [SS] 美国 03 Match

437 B 556 B 几秒内 23.202.61.22:443 TCP Redir MATCH --> PROXY --> US --> [SS] 美国 03 Match ↓ 3.37 KB/s 6.38 KB 1.05 MB 几秒内 52.88.209.29:443 TCP Redir MATCH --> PROXY --> US --> [SS] 美国 03 Match

1.65 KB 4.28 KB 几秒内 44.238.157.95:443 TCP Redir MATCH --> PROXY --> US --> [SS] 美国 03 Match

2.24 KB 5.39 KB 几秒内

[vernesong]

这不正常吗？

[Villxx]

额，分流无效，所有链接都由MATCH处理了...

[vernesong]

手机有问题吗，你浏览器是不是开DOH了

[Villxx]

手机打开正常，估计是我电脑或者浏览器问题了，浏览器没开DOH。。 浏览器是Edeg

[Villxx]

在Edeg设置里-隐私、搜索和服务-使用安全的 DNS 指定如何查找网站的网络地址 -开关关掉后正常！非常感谢解答，让我找到了解决办法！谢谢！

[barbarossia]

我也是和你相同的问题，不过我是通过手机APP连接的。 通过chrome连接可以走规则，但是手机就不行，唯一不同的是chrome日志里显示的是域名，手机APP显示的是IP地址。

[barbarossia]

我也是和你相同的问题，不过我是通过手机APP连接的。 通过chrome连接可以走规则，但是手机就不行，唯一不同的是chrome日志里显示的是域名，手机APP显示的是IP地址。

使用openclash的服务器作为dns解析服务器，问题解决。

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days