xjdrew / kone

Transparent proxy for home/enterprise network
MIT License
705 stars 127 forks source link

配置后,本机能访问,其他机器不能访问,是否需要开启防火墙nat转发? #7

Closed yourchanges closed 8 years ago

yourchanges commented 8 years ago

一台linux服务器,安装代理和kone,修改路由器加静态路由表,

linux本机,配置相关dns可以直接透明上网,局域网其他机器指定linux服务器IP为dns,ping www.google.com 也是返回的10.192.x.x 但是就不能上外网。

kone日志 16-10-10 16:46:42.529 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:32307 > 10.192.80.84:443: shape to 10.192.80.84:10226 > 10.192.0.1:82 16-10-10 16:46:42.539 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:32308 > 10.192.80.84:443: shape to 10.192.80.84:10227 > 10.192.0.1:82 16-10-10 16:46:47.339 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:32309 > 10.192.123.118:443: shape to 10.192.123.118:10228 > 10.192.0.1:82 16-10-10 16:46:47.551 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:32310 > 10.192.54.114:80: shape to 10.192.54.114:10229 > 10.192.0.1:82 16-10-10 16:46:49.899 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:32312 > 10.192.51.191:443: shape to 10.192.51.191:10230 > 10.192.0.1:82 16-10-10 16:46:54.382 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:32313 > 10.192.80.84:443: shape to 10.192.80.84:10231 > 10.192.0.1:82 16-10-10 16:47:01.430 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:32315 > 10.192.80.84:443: shape to 10.192.80.84:10232 > 10.192.0.1:82 16-10-10 16:47:01.530 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:32316 > 10.192.80.84:443: shape to 10.192.80.84:10233 > 10.192.0.1:82 16-10-10 16:47:06.240 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:32317 > 10.192.123.118:443: shape to 10.192.123.118:10234 > 10.192.0.1:82 16-10-10 16:47:08.837 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:37504 > 10.192.51.191:443: shape to 10.192.51.191:10235 > 10.192.0.1:82

192.168.1.42 是局域网其他IP,我发现经过nat到82 端口就断开了

另外PS: 配置文件里: [route]

telegram

v = 91.108.0.0/16 v = 149.154.0.0/16

是干嘛用的,我发现会加入linux本地路由表

xjdrew commented 8 years ago

要在路由器上指定或者本地指定把10.192.0.1/16的路由指向配置了kone的linux。

[route]是用于添加默认路由指向kone创建的虚拟网卡,方便解决直接使用ip的应用的代理。

yourchanges commented 8 years ago

还有一个问题: 我网卡标示是: lee-ThinkPad-E420 ~ # ifconfig enp3s0 Link encap:Ethernet HWaddr f0:de:f1:d6:da:99

我在配置文件里,改 [general] out=enp3s0

就启动不起来,报错: 16-10-10 16:52:38.649 INFO @main.go:37 using config file: conf.ini 16-10-10 16:52:38.658 ERRO @main.go:41 warning: can't store data at section "general", variable "out"

注释掉就能启动起来

xjdrew commented 8 years ago

修改路由器的默认dns服务器为10.192.0.1,让dhcp服务为局域网的每台机器自动配置dns。

out那个选项现在没有生效,暂时不用设置。

yourchanges commented 8 years ago

路由器的静态路由加了: 选择 序号 名称 目的地址 子网掩码 下一跳 出接口 Metric 状态 备注 设置 1 mydns 10.192.0.0 255.255.0.0 192.168.1.43 lan 0 已启用 ---

然后dns也加到路由器上了(或者手工在局域网电脑里指定)

都可以,

yourchanges commented 8 years ago

现在问题是, 请求走到 16-10-10 16:47:06.240 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:32317 > 10.192.123.118:443: shape to 10.192.123.118:10234 > 10.192.0.1:82

感觉没有继续往代理走了,

我想是不是需要在linux 的防火墙上加 除了修改echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 或 iptables -t nat -A POSTROUTING -s 10.192.0.0/16 -j SNAT --to 192.168.1.43

yourchanges commented 8 years ago

kone 自己做了nat转发?

xjdrew commented 8 years ago

kone自己做了nat,不需要配置iptables了。

你ping www.google.com有响应么?

yourchanges commented 8 years ago

在linux本机,和局域网机器都有,都是返回的b类网 10.192.x.x 同一个地址

xjdrew commented 8 years ago

有icmp echo的返回么?

像下面这样:

$ ping google.com
PING google.com (10.16.25.217): 56 data bytes
64 bytes from 10.16.25.217: icmp_seq=0 ttl=62 time=0.446 ms
64 bytes from 10.16.25.217: icmp_seq=1 ttl=62 time=0.431 ms
yourchanges commented 8 years ago

linux和windows 都一样

lee-ThinkPad-E420 ~ # ping www.google.com PING www.google.com (10.192.47.139) 56(84) bytes of data. 64 bytes from 10.192.47.139: icmp_seq=1 ttl=64 time=0.209 ms 64 bytes from 10.192.47.139: icmp_seq=2 ttl=64 time=0.314 ms 64 bytes from 10.192.47.139: icmp_seq=3 ttl=64 time=0.267 ms 64 bytes from 10.192.47.139: icmp_seq=4 ttl=64 time=0.356 ms ^C --- www.google.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.209/0.286/0.356/0.057 ms

windows的ttl是62,上面是linux的 IP地址一样的,路由器也加了静态路由,说明dns是ok的,问题除在局域网nat转发上

yourchanges commented 8 years ago

nat 配置块:

nat config

[tcp] listen-port = 82 nat-port-start = 10000 nat-port-end = 60000

[udp] listen-port = 82 nat-port-start = 10000 nat-port-end = 60000

xjdrew commented 8 years ago

能够ping通,说明路由没有问题。 你能重启一下kone,然后访问失败一次,把完整的日志输出,发给我看看么?

yourchanges commented 8 years ago

lee@lee-ThinkPad-E420 ~/kone $ su -

lee-ThinkPad-E420 ~ # cd /home/lee/kone/ lee-ThinkPad-E420 kone # ./kone -debug ./conf.ini 16-10-10 20:40:10.980 INFO @main.go:37 using config file: ./conf.ini 16-10-10 20:40:10.990 INFO @config.go:132 [check pattern "proxy-website"] scheme: DOMAIN-SUFFIX 16-10-10 20:40:10.990 INFO @config.go:132 [check pattern "proxy-website-keyword"] scheme: DOMAIN-KEYWORD 16-10-10 20:40:10.990 INFO @config.go:132 [check pattern "internal-ip"] scheme: IP-CIDR 16-10-10 20:40:10.990 INFO @config.go:132 [check pattern "direct-country"] scheme: IP-COUNTRY 16-10-10 20:40:10.990 INFO @config.go:132 [check pattern "proxy-country"] scheme: IP-COUNTRY 16-10-10 20:40:10.990 INFO @config.go:132 [check pattern "direct-website"] scheme: DOMAIN-SUFFIX 16-10-10 20:40:10.990 INFO @config.go:132 [check pattern "direct-website-keyword"] scheme: DOMAIN-KEYWORD 16-10-10 20:40:10.990 INFO @config.go:154 [check rule] pattern: direct-website 16-10-10 20:40:10.990 INFO @config.go:154 [check rule] pattern: direct-website-keyword 16-10-10 20:40:10.990 INFO @config.go:154 [check rule] pattern: proxy-website 16-10-10 20:40:10.990 INFO @config.go:154 [check rule] pattern: proxy-website-keyword 16-10-10 20:40:10.990 INFO @config.go:154 [check rule] pattern: internal-ip 16-10-10 20:40:10.990 INFO @config.go:154 [check rule] pattern: direct-country 16-10-10 20:40:10.990 INFO @config.go:163 [check rule] final proxy: "A" 16-10-10 20:40:10.990 INFO @config.go:176 [check dns] nameserver: 119.29.29.29 16-10-10 20:40:10.991 INFO @config.go:176 [check dns] nameserver: 114.114.114.114 16-10-10 20:40:10.991 INFO @one.go:60 [tun] ip:10.192.0.1, subnet: 10.192.0.0/16 16-10-10 20:40:10.991 DEBU @rule.go:14 [rule] add direct domain: 192.168.1.43 16-10-10 20:40:10.991 INFO @proxies.go:68 [proxies] default proxy: "A" 16-10-10 20:40:10.991 INFO @nat.go:152 nat port range [10000, 60000) 16-10-10 20:40:10.991 INFO @nat.go:152 nat port range [10000, 60000) 16-10-10 20:40:10.992 INFO @ifce.go:32 create tun0 16-10-10 20:40:10.993 INFO @ifce.go:22 exec command: ip addr add 10.192.0.1/16 dev tun0 16-10-10 20:40:10.996 INFO @ifce.go:22 exec command: ip link set dev tun0 up mtu 1500 qlen 1000 16-10-10 20:40:11.006 INFO @ifce.go:22 exec command: ip route add 91.108.0.0/16 dev tun0 16-10-10 20:40:11.008 INFO @tun_driver.go:53 add route 91.108.0.0/16 to tun0 16-10-10 20:40:11.008 INFO @ifce.go:22 exec command: ip route add 149.154.0.0/16 dev tun0 16-10-10 20:40:11.011 INFO @tun_driver.go:53 add route 149.154.0.0/16 to tun0 16-10-10 20:40:11.012 INFO @tcp_relay.go:98 [tcp] listen on 10.192.0.1:82 16-10-10 20:40:11.013 INFO @dns.go:192 [dns] listen on 10.192.0.1:53 16-10-10 20:40:11.326 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35210 > 10.192.193.160:443: shape to 10.192.193.160:10000 > 10.192.0.1:82 16-10-10 20:40:11.382 DEBU @dns.go:55 [dns] resolve local. on 114.114.114.114:53, code: 3, rtt: 135056314 16-10-10 20:40:11.763 DEBU @rule.go:24 [rule] hm.baidu.com -> direct-website-keyword: proxy "" 16-10-10 20:40:11.820 DEBU @dns.go:55 [dns] resolve hm.baidu.com. on 119.29.29.29:53, code: 0, rtt: 55919681 16-10-10 20:40:11.820 DEBU @dns_table.go:146 [dns] set non proxy domain: hm.baidu.com, ttl: 7125 16-10-10 20:40:12.007 DEBU @rule.go:28 [rule] etgfasrumy -> final: proxy "A" 16-10-10 20:40:12.008 DEBU @rule.go:28 [rule] kybfxfajpzu -> final: proxy "A" 16-10-10 20:40:12.008 DEBU @rule.go:28 [rule] gzcegrp -> final: proxy "A" 16-10-10 20:40:12.195 DEBU @rule.go:28 [rule] etgfasrumy -> final: proxy "A" 16-10-10 20:40:12.195 DEBU @rule.go:28 [rule] kybfxfajpzu -> final: proxy "A" 16-10-10 20:40:12.195 DEBU @rule.go:28 [rule] gzcegrp -> final: proxy "A" 16-10-10 20:40:12.238 DEBU @dns.go:55 [dns] resolve kybfxfajpzu. on 114.114.114.114:53, code: 3, rtt: 129512161 16-10-10 20:40:12.238 DEBU @dns.go:55 [dns] resolve gzcegrp. on 114.114.114.114:53, code: 3, rtt: 129046918 16-10-10 20:40:12.238 DEBU @dns.go:55 [dns] resolve etgfasrumy. on 114.114.114.114:53, code: 3, rtt: 129736017 16-10-10 20:40:12.266 DEBU @dns.go:55 [dns] resolve local. on 119.29.29.29:53, code: 3, rtt: 1119267052 16-10-10 20:40:12.357 DEBU @rule.go:24 [rule] clients4.google.com -> proxy-website-keyword: proxy "A" 16-10-10 20:40:12.357 DEBU @dns_table.go:131 [dns] hijack clients4.google.com -> 10.192.80.123 16-10-10 20:40:12.376 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:55382 > 10.192.52.168:443: shape to 10.192.52.168:10001 > 10.192.0.1:82 16-10-10 20:40:12.391 DEBU @rule.go:28 [rule] 0.ubuntu.pool.ntp.org -> final: proxy "A" 16-10-10 20:40:12.404 DEBU @dns.go:55 [dns] resolve clients4.google.com. on 119.29.29.29:53, code: 0, rtt: 46732965 16-10-10 20:40:12.404 DEBU @dns_table.go:43 [dns] clients4.google.com real ip: 74.125.23.102 16-10-10 20:40:12.420 DEBU @dns.go:55 [dns] resolve etgfasrumy. on 114.114.114.114:53, code: 3, rtt: 124570333 16-10-10 20:40:12.420 DEBU @dns.go:55 [dns] resolve kybfxfajpzu. on 114.114.114.114:53, code: 3, rtt: 124559229 16-10-10 20:40:12.426 DEBU @dns.go:55 [dns] resolve gzcegrp. on 114.114.114.114:53, code: 3, rtt: 129525836 16-10-10 20:40:12.448 DEBU @dns.go:55 [dns] resolve 0.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 56459179 16-10-10 20:40:12.448 DEBU @rule.go:24 [rule] 115.28.122.198 -> direct-country: proxy "" 16-10-10 20:40:12.448 DEBU @dns_table.go:146 [dns] set non proxy domain: 0.ubuntu.pool.ntp.org, ttl: 15 16-10-10 20:40:12.570 DEBU @rule.go:28 [rule] gzcegrp -> final: proxy "A" 16-10-10 20:40:12.570 DEBU @rule.go:28 [rule] kybfxfajpzu -> final: proxy "A" 16-10-10 20:40:12.570 DEBU @rule.go:28 [rule] etgfasrumy -> final: proxy "A" 16-10-10 20:40:12.614 DEBU @dns.go:55 [dns] resolve 0.ubuntu.pool.ntp.org. on 114.114.114.114:53, code: 0, rtt: 122474555 16-10-10 20:40:12.703 DEBU @dns.go:55 [dns] resolve etgfasrumy. on 119.29.29.29:53, code: 3, rtt: 507864862 16-10-10 20:40:12.798 DEBU @dns.go:55 [dns] resolve gzcegrp. on 114.114.114.114:53, code: 3, rtt: 127086263 16-10-10 20:40:12.798 DEBU @dns.go:55 [dns] resolve etgfasrumy. on 114.114.114.114:53, code: 3, rtt: 127415755 16-10-10 20:40:12.798 DEBU @dns.go:55 [dns] resolve kybfxfajpzu. on 114.114.114.114:53, code: 3, rtt: 127529843 16-10-10 20:40:12.954 DEBU @dns.go:55 [dns] resolve gzcegrp. on 119.29.29.29:53, code: 3, rtt: 945476365 16-10-10 20:40:13.006 DEBU @rule.go:24 [rule] mtalk.google.com -> proxy-website-keyword: proxy "A" 16-10-10 20:40:13.007 DEBU @dns_table.go:131 [dns] hijack mtalk.google.com -> 10.192.59.138 16-10-10 20:40:13.012 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:48028 > 10.192.59.138:443: shape to 10.192.59.138:10002 > 10.192.0.1:82 16-10-10 20:40:13.013 DEBU @tcp_relay.go:59 [tcp] 10.192.0.1:48028 > mtalk.google.com:443 proxy "A" 16-10-10 20:40:13.021 DEBU @rule.go:24 [rule] www.google.com -> proxy-website-keyword: proxy "A" 16-10-10 20:40:13.021 DEBU @dns_table.go:131 [dns] hijack www.google.com -> 10.192.47.139 16-10-10 20:40:13.024 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:59454 > 10.192.47.139:443: shape to 10.192.47.139:10003 > 10.192.0.1:82 16-10-10 20:40:13.024 DEBU @tcp_relay.go:59 [tcp] 10.192.0.1:59454 > www.google.com:443 proxy "A" 16-10-10 20:40:13.024 ERRO @udp_relay.go:177 [udp] 10.192.0.1:53519 > 239.255.255.250:1900: invalid packet 16-10-10 20:40:13.031 DEBU @dns.go:55 [dns] resolve 0.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 639282675 16-10-10 20:40:13.032 DEBU @rule.go:28 [rule] 1.ubuntu.pool.ntp.org -> final: proxy "A" 16-10-10 20:40:13.038 DEBU @dns.go:55 [dns] resolve mtalk.google.com. on 119.29.29.29:53, code: 0, rtt: 30768308 16-10-10 20:40:13.038 DEBU @dns_table.go:43 [dns] mtalk.google.com real ip: 64.233.189.188 16-10-10 20:40:13.058 DEBU @dns.go:55 [dns] resolve www.google.com. on 119.29.29.29:53, code: 0, rtt: 36919160 16-10-10 20:40:13.058 DEBU @dns_table.go:43 [dns] www.google.com real ip: 93.46.8.89 16-10-10 20:40:13.063 DEBU @dns.go:55 [dns] resolve 1.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 30639256 16-10-10 20:40:13.076 DEBU @dns.go:55 [dns] resolve etgfasrumy. on 119.29.29.29:53, code: 3, rtt: 505516846 16-10-10 20:40:13.090 DEBU @dns.go:55 [dns] resolve 1.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 57165031 16-10-10 20:40:13.090 DEBU @rule.go:24 [rule] 115.28.122.198 -> direct-country: proxy "" 16-10-10 20:40:13.090 DEBU @dns_table.go:146 [dns] set non proxy domain: 1.ubuntu.pool.ntp.org, ttl: 20 16-10-10 20:40:13.090 DEBU @rule.go:28 [rule] 2.ubuntu.pool.ntp.org -> final: proxy "A" 16-10-10 20:40:13.136 DEBU @dns.go:55 [dns] resolve 2.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 45172602 16-10-10 20:40:13.136 DEBU @rule.go:24 [rule] 202.118.1.130 -> direct-country: proxy "" 16-10-10 20:40:13.136 DEBU @dns_table.go:146 [dns] set non proxy domain: 2.ubuntu.pool.ntp.org, ttl: 60 16-10-10 20:40:13.146 DEBU @dns.go:55 [dns] resolve 2.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 55199642 16-10-10 20:40:13.146 DEBU @rule.go:28 [rule] 3.ubuntu.pool.ntp.org -> final: proxy "A" 16-10-10 20:40:13.191 DEBU @dns.go:55 [dns] resolve 3.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 44157476 16-10-10 20:40:13.191 DEBU @dns.go:55 [dns] resolve 3.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 44165618 16-10-10 20:40:13.191 DEBU @rule.go:24 [rule] 202.118.1.130 -> direct-country: proxy "" 16-10-10 20:40:13.191 DEBU @dns_table.go:146 [dns] set non proxy domain: 3.ubuntu.pool.ntp.org, ttl: 25 16-10-10 20:40:13.191 DEBU @rule.go:28 [rule] ntp.ubuntu.com -> final: proxy "A" 16-10-10 20:40:13.200 DEBU @dns.go:55 [dns] resolve kybfxfajpzu. on 119.29.29.29:53, code: 3, rtt: 1192281029 16-10-10 20:40:13.247 DEBU @dns.go:55 [dns] resolve ntp.ubuntu.com. on 119.29.29.29:53, code: 0, rtt: 55784839 16-10-10 20:40:13.248 DEBU @rule.go:28 [rule] 91.189.91.157 -> final: proxy "A" 16-10-10 20:40:13.248 DEBU @dns_table.go:131 [dns] hijack ntp.ubuntu.com -> 10.192.47.157 16-10-10 20:40:13.248 DEBU @dns_table.go:43 [dns] ntp.ubuntu.com real ip: 91.189.89.199 16-10-10 20:40:13.317 DEBU @dns.go:55 [dns] resolve gzcegrp. on 119.29.29.29:53, code: 3, rtt: 1121180696 16-10-10 20:40:13.326 DEBU @dns.go:55 [dns] resolve kybfxfajpzu. on 119.29.29.29:53, code: 3, rtt: 1130573824 16-10-10 20:40:13.335 DEBU @dns.go:55 [dns] resolve etgfasrumy. on 119.29.29.29:53, code: 3, rtt: 1327897783 16-10-10 20:40:13.413 DEBU @rule.go:24 [rule] 11.client-channel.google.com -> proxy-website-keyword: proxy "A" 16-10-10 20:40:13.413 DEBU @dns_table.go:131 [dns] hijack 11.client-channel.google.com -> 10.192.151.69 16-10-10 20:40:13.420 DEBU @dns.go:55 [dns] resolve ntp.ubuntu.com. on 114.114.114.114:53, code: 0, rtt: 128634583 16-10-10 20:40:13.457 DEBU @dns.go:55 [dns] resolve 11.client-channel.google.com. on 119.29.29.29:53, code: 0, rtt: 43719954 16-10-10 20:40:13.457 DEBU @dns_table.go:43 [dns] 11.client-channel.google.com real ip: 64.233.188.189 16-10-10 20:40:13.685 DEBU @dns.go:55 [dns] resolve kybfxfajpzu. on 119.29.29.29:53, code: 3, rtt: 1114887760 16-10-10 20:40:13.727 DEBU @dns.go:55 [dns] resolve gzcegrp. on 119.29.29.29:53, code: 3, rtt: 1156761619 16-10-10 20:40:14.025 ERRO @udp_relay.go:177 [udp] 10.192.0.1:53519 > 239.255.255.250:1900: invalid packet 16-10-10 20:40:14.818 DEBU @rule.go:24 [rule] live.github.com -> proxy-website: proxy "A" 16-10-10 20:40:14.818 DEBU @dns_table.go:131 [dns] hijack live.github.com -> 10.192.52.168 16-10-10 20:40:14.820 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:55416 > 10.192.52.168:443: shape to 10.192.52.168:10004 > 10.192.0.1:82 16-10-10 20:40:14.821 DEBU @tcp_relay.go:59 [tcp] 10.192.0.1:55416 > live.github.com:443 proxy "A" 16-10-10 20:40:15.025 ERRO @udp_relay.go:177 [udp] 10.192.0.1:53519 > 239.255.255.250:1900: invalid packet 16-10-10 20:40:15.054 DEBU @dns.go:55 [dns] resolve live.github.com. on 114.114.114.114:53, code: 0, rtt: 134505818 16-10-10 20:40:15.464 DEBU @dns.go:55 [dns] resolve ntp.ubuntu.com. on 119.29.29.29:53, code: 0, rtt: 2272441056 16-10-10 20:40:15.514 DEBU @dns.go:55 [dns] resolve live.github.com. on 119.29.29.29:53, code: 0, rtt: 695473353 16-10-10 20:40:15.515 DEBU @dns_table.go:43 [dns] live.github.com real ip: 192.30.253.125 16-10-10 20:40:15.842 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:53946 > 10.192.151.69:443: shape to 10.192.151.69:10005 > 10.192.0.1:82 16-10-10 20:40:15.843 DEBU @tcp_relay.go:59 [tcp] 10.192.0.1:53946 > 11.client-channel.google.com:443 proxy "A" 16-10-10 20:40:16.011 ERRO @udp_relay.go:177 [udp] 10.192.0.1:5353 > 224.0.0.251:5353: invalid packet 16-10-10 20:40:16.011 ERRO @udp_relay.go:177 [udp] 10.192.0.1:5353 > 224.0.0.251:5353: invalid packet 16-10-10 20:40:16.016 NOTI @tun_driver.go:38 10.192.0.1 > 224.0.0.22 protocol 2 unsupport 16-10-10 20:40:16.025 ERRO @udp_relay.go:177 [udp] 10.192.0.1:53519 > 239.255.255.250:1900: invalid packet 16-10-10 20:40:16.032 NOTI @tun_driver.go:38 10.192.0.1 > 224.0.0.22 protocol 2 unsupport 16-10-10 20:40:17.012 ERRO @udp_relay.go:177 [udp] 10.192.0.1:5353 > 224.0.0.251:5353: invalid packet 16-10-10 20:40:17.012 ERRO @udp_relay.go:177 [udp] 10.192.0.1:5353 > 224.0.0.251:5353: invalid packet 16-10-10 20:40:18.765 DEBU @udp_relay.go:174 [udp] 10.192.0.1:123 > 10.192.47.157:123: shape to 10.192.47.157:10000 > 10.192.0.1:82 16-10-10 20:40:18.766 DEBU @udp_relay.go:92 [udp] 10.192.0.1:123 > 91.189.89.199:123: new tunnel 16-10-10 20:40:19.013 ERRO @udp_relay.go:177 [udp] 10.192.0.1:5353 > 224.0.0.251:5353: invalid packet 16-10-10 20:40:19.013 ERRO @udp_relay.go:177 [udp] 10.192.0.1:5353 > 224.0.0.251:5353: invalid packet 16-10-10 20:40:22.947 DEBU @rule.go:24 [rule] plus.google.com -> proxy-website-keyword: proxy "A" 16-10-10 20:40:22.947 DEBU @dns_table.go:131 [dns] hijack plus.google.com -> 10.192.53.151 16-10-10 20:40:22.947 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:60978 > 10.192.53.151:443: shape to 10.192.53.151:10006 > 10.192.0.1:82 16-10-10 20:40:22.948 DEBU @tcp_relay.go:59 [tcp] 10.192.0.1:60978 > plus.google.com:443 proxy "A" 16-10-10 20:40:22.996 DEBU @dns.go:55 [dns] resolve plus.google.com. on 119.29.29.29:53, code: 0, rtt: 48777402 16-10-10 20:40:22.996 DEBU @dns_table.go:43 [dns] plus.google.com real ip: 93.46.8.89 16-10-10 20:40:27.241 DEBU @rule.go:24 [rule] qurl.f.360.cn -> direct-website: proxy "" 16-10-10 20:40:27.252 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35212 > 10.192.51.191:443: shape to 10.192.51.191:10007 > 10.192.0.1:82 16-10-10 20:40:27.258 DEBU @rule.go:24 [rule] qurl.f.360.cn -> direct-website: proxy "" 16-10-10 20:40:27.284 DEBU @dns.go:55 [dns] resolve qurl.f.360.cn. on 119.29.29.29:53, code: 0, rtt: 42418540 16-10-10 20:40:27.284 DEBU @dns_table.go:146 [dns] set non proxy domain: qurl.f.360.cn, ttl: 272 16-10-10 20:40:27.292 DEBU @dns.go:55 [dns] resolve qurl.f.360.cn. on 119.29.29.29:53, code: 0, rtt: 32689894 16-10-10 20:40:27.292 DEBU @dns_table.go:146 [dns] set non proxy domain: qurl.f.360.cn, ttl: 272 16-10-10 20:40:27.709 DEBU @dns.go:55 [dns] resolve 0.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 45599991 16-10-10 20:40:27.721 DEBU @dns.go:55 [dns] resolve 0.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 57163813 16-10-10 20:40:28.707 DEBU @dns.go:55 [dns] resolve 1.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 44737366 16-10-10 20:40:28.718 DEBU @dns.go:55 [dns] resolve 1.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 56234541 16-10-10 20:40:29.722 DEBU @dns.go:55 [dns] resolve 2.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 45432209 16-10-10 20:40:29.723 DEBU @dns.go:55 [dns] resolve 2.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 45701702 16-10-10 20:40:30.707 DEBU @dns.go:55 [dns] resolve 3.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 43948918 16-10-10 20:40:30.708 DEBU @dns.go:55 [dns] resolve 3.ubuntu.pool.ntp.org. on 119.29.29.29:53, code: 0, rtt: 45765133 16-10-10 20:40:30.785 DEBU @rule.go:24 [rule] qing.wps.cn -> direct-website: proxy "" 16-10-10 20:40:30.830 DEBU @dns.go:55 [dns] resolve qing.wps.cn. on 119.29.29.29:53, code: 0, rtt: 43663718 16-10-10 20:40:30.830 DEBU @dns_table.go:146 [dns] set non proxy domain: qing.wps.cn, ttl: 580 16-10-10 20:40:31.126 DEBU @rule.go:24 [rule] qinfo.wps.cn -> direct-website: proxy "" 16-10-10 20:40:31.170 DEBU @dns.go:55 [dns] resolve qinfo.wps.cn. on 119.29.29.29:53, code: 0, rtt: 43244333 16-10-10 20:40:31.170 DEBU @dns_table.go:146 [dns] set non proxy domain: qinfo.wps.cn, ttl: 315 16-10-10 20:40:31.177 DEBU @dns.go:55 [dns] resolve qing.wps.cn. on 119.29.29.29:53, code: 0, rtt: 43725265 16-10-10 20:40:31.234 DEBU @rule.go:24 [rule] account.wps.cn -> direct-website: proxy "" 16-10-10 20:40:31.275 DEBU @dns.go:55 [dns] resolve account.wps.cn. on 119.29.29.29:53, code: 0, rtt: 41132124 16-10-10 20:40:31.276 DEBU @dns_table.go:146 [dns] set non proxy domain: account.wps.cn, ttl: 600 16-10-10 20:40:31.320 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:35086 > 10.192.80.123:443: shape to 10.192.80.123:10008 > 10.192.0.1:82 16-10-10 20:40:31.320 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:35102 > 10.192.80.123:443: shape to 10.192.80.123:10009 > 10.192.0.1:82 16-10-10 20:40:31.320 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:49228 > 10.192.76.73:443: shape to 10.192.76.73:10010 > 10.192.0.1:82 16-10-10 20:40:31.321 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:53896 > 10.192.151.69:443: shape to 10.192.151.69:10011 > 10.192.0.1:82 16-10-10 20:40:31.576 DEBU @tcp_relay.go:122 [tcp] 10.192.0.1:82 > 10.192.52.168:10095: no session 16-10-10 20:40:31.576 DEBU @tcp_relay.go:122 [tcp] 10.192.0.1:82 > 10.192.52.168:10100: no session 16-10-10 20:40:31.576 DEBU @tcp_relay.go:122 [tcp] 10.192.0.1:82 > 10.192.151.69:10092: no session 16-10-10 20:40:31.711 DEBU @dns.go:55 [dns] resolve account.wps.cn. on 119.29.29.29:53, code: 0, rtt: 32284334 16-10-10 20:40:31.733 DEBU @dns.go:55 [dns] resolve ntp.ubuntu.com. on 119.29.29.29:53, code: 0, rtt: 43089215 16-10-10 20:40:32.344 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:59380 > 10.192.47.139:443: shape to 10.192.47.139:10012 > 10.192.0.1:82 16-10-10 20:40:32.600 DEBU @tcp_relay.go:122 [tcp] 10.192.0.1:82 > 10.192.59.138:10087: no session 16-10-10 20:40:32.600 DEBU @tcp_relay.go:122 [tcp] 10.192.0.1:82 > 10.192.80.123:10089: no session 16-10-10 20:40:33.372 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:47986 > 10.192.59.138:443: shape to 10.192.59.138:10013 > 10.192.0.1:82 16-10-10 20:40:37.254 DEBU @rule.go:24 [rule] android.clients.google.com -> proxy-website-keyword: proxy "A" 16-10-10 20:40:37.254 DEBU @dns_table.go:131 [dns] hijack android.clients.google.com -> 10.192.147.146 16-10-10 20:40:37.256 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35228 > 10.192.147.146:443: shape to 10.192.147.146:10014 > 10.192.0.1:82 16-10-10 20:40:37.459 DEBU @dns.go:55 [dns] resolve android.clients.google.com. on 119.29.29.29:53, code: 0, rtt: 204415420 16-10-10 20:40:37.493 DEBU @dns.go:55 [dns] resolve android.clients.google.com. on 114.114.114.114:53, code: 0, rtt: 137460920 16-10-10 20:40:37.493 DEBU @dns_table.go:43 [dns] android.clients.google.com real ip: 74.125.23.100 16-10-10 20:40:44.260 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35229 > 10.192.80.84:443: shape to 10.192.80.84:10015 > 10.192.0.1:82 16-10-10 20:40:44.525 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35230 > 10.192.80.84:443: shape to 10.192.80.84:10016 > 10.192.0.1:82 16-10-10 20:40:44.884 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35231 > 10.192.80.84:443: shape to 10.192.80.84:10017 > 10.192.0.1:82 16-10-10 20:40:51.353 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35232 > 10.192.193.160:443: shape to 10.192.193.160:10018 > 10.192.0.1:82 ^A16-10-10 20:40:55.384 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:55392 > 10.192.52.168:443: shape to 10.192.52.168:10019 > 10.192.0.1:82 16-10-10 20:40:57.823 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:55442 > 10.192.52.168:443: shape to 10.192.52.168:10020 > 10.192.0.1:82 16-10-10 20:40:57.823 DEBU @tcp_relay.go:59 [tcp] 10.192.0.1:55442 > live.github.com:443 proxy "A" 16-10-10 20:40:58.629 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35233 > 10.192.147.146:443: shape to 10.192.147.146:10021 > 10.192.0.1:82 16-10-10 20:41:05.619 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35235 > 10.192.80.84:443: shape to 10.192.80.84:10022 > 10.192.0.1:82 16-10-10 20:41:05.883 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35236 > 10.192.80.84:443: shape to 10.192.80.84:10023 > 10.192.0.1:82 16-10-10 20:41:06.243 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35237 > 10.192.80.84:443: shape to 10.192.80.84:10024 > 10.192.0.1:82 16-10-10 20:41:10.300 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35238 > 10.192.193.160:443: shape to 10.192.193.160:10025 > 10.192.0.1:82 16-10-10 20:41:11.012 DEBU @dns_table.go:155 [dns] release non proxy domain: 0.ubuntu.pool.ntp.org 16-10-10 20:41:11.012 DEBU @dns_table.go:155 [dns] release non proxy domain: 1.ubuntu.pool.ntp.org 16-10-10 20:41:11.013 DEBU @dns_table.go:155 [dns] release non proxy domain: 3.ubuntu.pool.ntp.org ^C lee-ThinkPad-E420 kone #

yourchanges commented 8 years ago

最后: 16-10-10 20:40:58.629 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35233 > 10.192.147.146:443: shape to 10.192.147.146:10021 > 10.192.0.1:82 16-10-10 20:41:05.619 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35235 > 10.192.80.84:443: shape to 10.192.80.84:10022 > 10.192.0.1:82 16-10-10 20:41:05.883 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35236 > 10.192.80.84:443: shape to 10.192.80.84:10023 > 10.192.0.1:82 16-10-10 20:41:06.243 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35237 > 10.192.80.84:443: shape to 10.192.80.84:10024 > 10.192.0.1:82 16-10-10 20:41:10.300 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:35238 > 10.192.193.160:443: shape to 10.192.193.160:10025 > 10.192.0.1:82

192.168.1.42 是局域网windows 192.168.1.43 是linux服务器 路由器是192.168.1.1 tplink

xjdrew commented 8 years ago

看上去是你的windows那台机器缓存了这个ip:10.192.80.84

这个ip是上次kone解析出来的,这次访问对应不到域名了。

解决方案:

  1. 重启kone后,清空客户端的dns缓存。
  2. 我修改下代码,这种情况迅速重置连接。
yourchanges commented 8 years ago

好,赞,静等更新

yourchanges commented 8 years ago

但是,windows从来就没连成功过

xjdrew commented 8 years ago

你用:

telnet google.com 80

看看google.com是不是去连10.192.0.0/16的ip,有些windows客户端会去连一个ipv6的地址,此种情况你需要设置dns的时候,把备用dns也填成kone。

如果是连的10.192.0.0/16,随便敲几个字符回车,看看错误信息是不是你代理返回的。

yourchanges commented 8 years ago

备用填不了kone,因为windows要求备用dns ip和主的不同

telnet后,连的是10.192.0.0/16 ,输入hhh,等了会 返回 Connection closed by foreign host.

这段时间kone的日志输出: 16-10-12 11:17:00.286 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63820 > 10.192.25.217:23: shape to 10.192.25.217:33469 > 10.192.0.1:82 16-10-12 11:17:04.099 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63822 > 10.192.193.160:443: shape to 10.192.193.160:33470 > 10.192.0.1:82 16-10-12 11:17:05.137 ERRO @dns.go:46 [dns] resolve google.com. on 119.29.29.29:53 failed: read udp 192.168.1.43:56333->119.29.29.29:53: i/o timeout 16-10-12 11:17:09.412 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63824 > 10.192.47.139:443: shape to 10.192.47.139:33471 > 10.192.0.1:82 16-10-12 11:17:11.536 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63825 > 10.192.80.123:443: shape to 10.192.80.123:33472 > 10.192.0.1:82 16-10-12 11:17:12.098 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63826 > 10.192.80.84:443: shape to 10.192.80.84:33473 > 10.192.0.1:82 16-10-12 11:17:12.113 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63827 > 10.192.80.84:443: shape to 10.192.80.84:33474 > 10.192.0.1:82 16-10-12 11:17:12.114 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63828 > 10.192.80.84:443: shape to 10.192.80.84:33475 > 10.192.0.1:82 16-10-12 11:17:22.476 DEBU @tcp_relay.go:141 [tcp] 10.192.0.1:49942 > 10.192.25.255:443: shape to 10.192.25.255:33476 > 10.192.0.1:82 16-10-12 11:17:22.477 DEBU @tcp_relay.go:59 [tcp] 10.192.0.1:49942 > github.com:443 proxy "A" 16-10-12 11:17:23.093 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63833 > 10.192.193.160:443: shape to 10.192.193.160:33477 > 10.192.0.1:82 16-10-12 11:17:25.409 DEBU @dns_table.go:155 [dns] release non proxy domain: master3.teamviewer.com 16-10-12 11:17:25.410 DEBU @dns_table.go:155 [dns] release non proxy domain: server22602.teamviewer.com 16-10-12 11:17:25.410 DEBU @dns_table.go:155 [dns] release non proxy domain: pub.alimama.com 16-10-12 11:17:25.410 DEBU @dns_table.go:155 [dns] release non proxy domain: client.teamviewer.com 16-10-12 11:17:29.145 DEBU @rule.go:28 [rule] CH999_WEB-PC -> final: proxy "A" 16-10-12 11:17:29.290 DEBU @dns.go:55 [dns] resolve CH999_WEB-PC. on 119.29.29.29:53, code: 3, rtt: 144252592 16-10-12 11:17:29.303 DEBU @dns.go:55 [dns] resolve CH999_WEB-PC. on 119.29.29.29:53, code: 3, rtt: 157261498 16-10-12 11:17:29.312 DEBU @dns.go:55 [dns] resolve CH999_WEB-PC. on 114.114.114.114:53, code: 3, rtt: 66471243 16-10-12 11:17:29.317 DEBU @dns.go:55 [dns] resolve CH999_WEB-PC. on 114.114.114.114:53, code: 3, rtt: 70842680 16-10-12 11:17:30.753 DEBU @rule.go:24 [rule] stat.channel.xunlei.com -> direct-website: proxy "" 16-10-12 11:17:30.845 DEBU @dns.go:55 [dns] resolve stat.channel.xunlei.com. on 119.29.29.29:53, code: 0, rtt: 92177026 16-10-12 11:17:30.845 DEBU @dns_table.go:146 [dns] set non proxy domain: stat.channel.xunlei.com, ttl: 1800 16-10-12 11:17:30.847 DEBU @rule.go:24 [rule] msg2.client.xunlei.com -> direct-website: proxy "" 16-10-12 11:17:30.913 DEBU @dns.go:55 [dns] resolve msg2.client.xunlei.com. on 119.29.29.29:53, code: 0, rtt: 65436368 16-10-12 11:17:30.913 DEBU @dns_table.go:146 [dns] set non proxy domain: msg2.client.xunlei.com, ttl: 182 16-10-12 11:17:31.050 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63836 > 10.192.80.84:443: shape to 10.192.80.84:33478 > 10.192.0.1:82 16-10-12 11:17:31.050 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63837 > 10.192.80.84:443: shape to 10.192.80.84:33479 > 10.192.0.1:82 16-10-12 11:17:31.050 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63838 > 10.192.80.84:443: shape to 10.192.80.84:33480 > 10.192.0.1:82 16-10-12 11:17:31.071 DEBU @rule.go:24 [rule] msg.client.xunlei.com -> direct-website: proxy "" 16-10-12 11:17:31.187 DEBU @dns.go:55 [dns] resolve msg.client.xunlei.com. on 119.29.29.29:53, code: 0, rtt: 114853151 16-10-12 11:17:31.187 DEBU @dns_table.go:146 [dns] set non proxy domain: msg.client.xunlei.com, ttl: 1800 16-10-12 11:17:31.246 DEBU @dns.go:55 [dns] resolve msg.client.xunlei.com. on 114.114.114.114:53, code: 0, rtt: 73691322 16-10-12 11:17:32.893 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63841 > 10.192.80.123:443: shape to 10.192.80.123:33481 > 10.192.0.1:82 16-10-12 11:17:46.538 DEBU @udp_relay.go:92 [udp] 10.192.0.1:123 > 91.189.89.199:123: new tunnel 16-10-12 11:17:51.833 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63846 > 10.192.80.123:443: shape to 10.192.80.123:33482 > 10.192.0.1:82 16-10-12 11:17:59.006 DEBU @dns.go:55 [dns] resolve qing.wps.cn. on 119.29.29.29:53, code: 0, rtt: 100807070 16-10-12 11:17:59.075 DEBU @dns.go:55 [dns] resolve qing.wps.cn. on 114.114.114.114:53, code: 0, rtt: 69341723 16-10-12 11:18:20.021 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63849 > 10.192.80.84:443: shape to 10.192.80.84:33483 > 10.192.0.1:82 16-10-12 11:18:20.021 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63850 > 10.192.80.84:443: shape to 10.192.80.84:33484 > 10.192.0.1:82 16-10-12 11:18:20.034 DEBU @tcp_relay.go:141 [tcp] 192.168.1.42:63851 > 10.192.80.84:443: shape to 10.192.80.84:33485 > 10.192.0.1:82

yourchanges commented 8 years ago

会不会ip_forward 未生效 但是我执行 lee-ThinkPad-E420 ~ # cat /proc/sys/net/ipv4/ip_forward 1 lee-ThinkPad-E420 ~ #

只是没有持久化这个配置,没有重启linux,确保这个值是这样才启动的kone

linux是mint 18 64位,linux lee-ThinkPad-E420 ~ # uname -an Linux lee-ThinkPad-E420 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

xjdrew commented 8 years ago

能ping通,说明路由和ip_forward都没问题。

你贴的日志里面并里面有你访问google.com 80端口的相关日志。

通过日志判断,应该是连接proxy没有响应;但你在linux上又可以正常连接proxy,说明proxy是可以正常工作的。

你在windows上,用这个指令:

curl -v google.com

把详细输出贴出来看看。

xjdrew commented 8 years ago

把你使用的配置文件也贴出来看看

yourchanges commented 8 years ago

我把同样的配置,放在centos 6 上,windows是可以直接上网了。

还是说Ubuntu linux作为服务器的问题 curl -v google.com 详细输出:

C:\Users\ch999_web>curl -v google.com
* STATE: INIT => CONNECT handle 0x600070450; line 1103 (connection #-5000)
* Rebuilt URL to: google.com/
* Added connection 0. The cache now contains 1 members
*   Trying 10.192.25.217...
* STATE: CONNECT => WAITCONNECT handle 0x600070450; line 1156 (connection #0)
* Connected to google.com (10.192.25.217) port 80 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600070450; line 1253 (connecti
on #0)
* STATE: SENDPROTOCONNECT => DO handle 0x600070450; line 1271 (connection #0)
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.46.0
> Accept: */*
>
* STATE: DO => DO_DONE handle 0x600070450; line 1350 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x600070450; line 1477 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x600070450; line 1487 (connection #0)
* Recv failure: Connection reset by peer
* Curl_done
* Closing connection 0
* The cache now contains 0 members
curl: (56) Recv failure: Connection reset by peer

C:\Users\ch999_web>

我开始怀疑是代理服务器只监听了本地127ip,我看了也不是,我的windows可以通过代理直接上外 网 然后这个是,用centos跑kone,windows curl的输出

C:\Users\ch999_web>curl -v google.com
* STATE: INIT => CONNECT handle 0x600070450; line 1103 (connection #-5000)
* Rebuilt URL to: google.com/
* Added connection 0. The cache now contains 1 members
*   Trying 10.192.25.217...
* STATE: CONNECT => WAITCONNECT handle 0x600070450; line 1156 (connection #0)
* Connected to google.com (10.192.25.217) port 80 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600070450; line 1253 (connecti
on #0)
* STATE: SENDPROTOCONNECT => DO handle 0x600070450; line 1271 (connection #0)
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.46.0
> Accept: */*
>
* STATE: DO => DO_DONE handle 0x600070450; line 1350 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x600070450; line 1477 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x600070450; line 1487 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=UTF-8
< Location: http://www.google.de/?gfe_rd=cr&ei=DLf9V_j2JMXC8gfP552QBQ
< Content-Length: 258
< Date: Wed, 12 Oct 2016 04:07:40 GMT
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.de/?gfe_rd=cr&amp;ei=DLf9V_j2JMXC8gfP552QBQ">here</A>
.
</BODY></HTML>
* STATE: PERFORM => DONE handle 0x600070450; line 1645 (connection #0)
* Curl_done
* Connection #0 to host google.com left intact

这个是配置文件:

[general]
# outbound network interface
#out = eth0
#out=enp3s0

# virtual network
# tun name, auto allocate if not set
# DEFAULT VALUE: ""
# tun = tun0

# inet addr/mask
# DEFAULT VALUE: 10.192.0.1/16
# if a domain matches a pattern and the pattern uses proxy
# the domain will be hijacked to the virtual network
network = 10.192.0.1/16

# nat config
[tcp]
listen-port = 82
nat-port-start = 10000
nat-port-end = 60000

[udp]
listen-port = 82
nat-port-start = 10000
nat-port-end = 60000

[dns]
# DEFAULT VALUE: 53
# dns-port = 53

# backend dns
# DEFAULT VALUE: 114.114.114.114, 223.5.5.5
nameserver = 119.29.29.29
nameserver = 114.114.114.114

# dns-ttl = 600
# dns-packet-size = 4096
# dns-read-timeout = 5
# dns-write-timeout = 5

# set tun0 as default gate for this ip
[route]
# telegram
v = 91.108.0.0/16
v = 149.154.0.0/16 

# define a proxy named "A"
[proxy "A"]
url = http://192.168.1.43:1080
default = yes

# define a proxy named "B"
# [proxy "B"]
# url = socks5://example.com:2080

# define a pattern and outbound proxy
# if don't set proxy, packets will be sent to target directly
[pattern "direct-website"]
scheme = DOMAIN-SUFFIX
v = cn
v = 126.net
v = 163.com
v = appldnld.apple.com
v = adcdownload.apple.com
v = alicdn.com
v = amap.com
v = bdimg.com
v = bdstatic.com
v = cnbeta.com
v = cnzz.com
v = douban.com
v = gtimg.com
v = hao123.com
v = haosou.com
v = icloud-content.com
v = ifeng.com
v = iqiyi.com
v = jd.com
v = lcdn-registration.apple.com
v = ls.apple.com
v = netease.com
v = phobos.apple.com
v = qhimg.com
v = qq.com
v = sogou.com
v = sohu.com
v = soso.com
v = suning.com
v = swcdn.apple.com
v = tmall.com
v = tudou.com
v = weibo.com
v = xunlei.com
v = youku.com
v = zhihu.com
v = 9ji.com
v = ch999.com
v = 9ji.cn
v = ch999img.com
v = teamviewer.com

[pattern "direct-website-keyword"]
scheme = DOMAIN-KEYWORD
v = 360buy
v = alipay
v = baidu
v = qiyi
v = sohu
v = taobao

[pattern "proxy-website"]
proxy = A
scheme = DOMAIN-SUFFIX
v = appspot.com
v = t.co,Proxy
v = twimg.com
v = amazonaws.com
v = android.com
v = angularjs.org
v = akamaihd.net
v = bit.ly
v = bitbucket.org
v = blog.com
v = blogcdn.com
v = blogger.com
v = blogsmithmedia.com
v = box.net
v = bloomberg.com
v = chromium.org
v = cl.ly
v = cloudfront.net
v = cloudflare.com
v = cocoapods.org
v = crashlytics.com
v = dribbble.com
v = dropbox.com
v = dropboxstatic.com
v = dropboxusercontent.com
v = docker.com
v = duckduckgo.com
v = digicert.com
v = dnsimple.com
v = edgecastcdn.net
v = engadget.com
v = eurekavpt.com
v = fb.me
v = fbcdn.net
v = fc2.com
v = feedburner.com
v = fabric.io
v = flickr.com
v = fastly.net
v = ggpht.com
v = github.com
v = github.io
v = githubusercontent.com
v = golang.org
v = goo.gl
v = gstatic.com
v = godaddy.com
v = gravatar.com
v = imageshack.us
v = imgur.com
v = jshint.com
v = ift.tt
v = itunes.com
v = j.mp
v = kat.cr
v = linode.com
v = linkedin.com
v = licdn.com
v = lithium.com
v = megaupload.com
v = mobile01.com
v = modmyi.com
v = mzstatic.com
v = nytimes.com
v = name.com
v = openvpn.net
v = openwrt.org
v = ow.ly
v = pinboard.in
v = ssl-images-amazon.com
v = sstatic.net
v = stackoverflow.com
v = staticflickr.com
v = squarespace.com
v = symcd.com
v = symcb.com
v = symauth.com
v = ubnt.com
v = thepiratebay.org
v = tumblr.com
v = twitch.tv
v = wikipedia.com
v = wikipedia.org
v = wikimedia.org
v = wordpress.com
v = wsj.com
v = wsj.net
v = wp.com
v = vimeo.com
v = youtu.be
v = ytimg.com

[pattern "proxy-website-keyword"]
proxy = A
scheme = DOMAIN-KEYWORD
v = google
v = gmail
v = facebook
v = instagram
v = twitter
v = youtube
v = blogspot

[pattern "internal-ip"]
scheme = IP-CIDR
v = 10.0.0.0/8
v = 127.0.0.1/8
v = 172.16.0.0/16
v = 192.168.0.0/16

[pattern "direct-country"]
scheme = IP-COUNTRY
v = CN

[pattern "proxy-country"]
proxy = A
scheme = IP-COUNTRY
v = US
v = HK

# rules define the order of checking pattern
[rule]
pattern = direct-website
pattern = direct-website-keyword
pattern = proxy-website
pattern = proxy-website-keyword
pattern = internal-ip
pattern = direct-country
# set to a proxy for domaines that don't match any pattern
# DEFAULT VALUE: ""
final = A
xjdrew commented 8 years ago

proxy监听本地127.0.0.1就可以。

我开发测试都是在ubuntu上面,ubuntu应该是支持最好的。

你这个情况感觉不是kone的问题了。建议你把iptables的规则全部清空看看。

yourchanges commented 8 years ago

kone支持不支持在线reload,不用重启进程?

xjdrew commented 8 years ago

暂时还不支持。 如果没有问题了,请关闭这个issue。