clash icon indicating copy to clipboard operation
clash copied to clipboard

Published 20 hours ago verified publisher icon Dreamacro

面板里全是IP而不是域名导致分流不正确

Open hackenfu opened this issue 2 years ago • 4 comments

Verify steps

  • [X] 如果你可以自己 debug 并解决的话,提交 PR 吧 Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
  • [X] 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
  • [X] 我已经使用 dev 分支版本测试过,问题依旧存在 I have tested using the dev branch, and the issue still exists.
  • [X] 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
  • [X] 这是 Clash 核心的问题,并非我所使用的 Clash 衍生版本(如 OpenClash、KoolClash 等)的特定问题 This is an issue of the Clash core per se, not to the derivatives of Clash, like OpenClash or KoolClash.

Clash version

premium 20220707

What OS are you seeing the problem on?

Linux

Clash config

port: 7890
socks-port: 7891
allow-lan: true
bind-address: '*'
mode: rule
log-level: info
ipv6: false
external-controller: 0.0.0.0:9090
external-ui: ui
routing-mark: 6666
hosts:
  'time.android.com': 203.107.6.88

profile:
  store-selected: false
  store-fake-ip: true

dns:
  enable: true
  listen: 0.0.0.0:1053
  ipv6: false # when the false, response to AAAA questions will be empty
  default-nameserver:
    - 114.114.114.114
    - 8.8.8.8
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
  # use-hosts: true # lookup hosts and return IP record

  fake-ip-filter:
    - '*.asuscomm.com'
  #   - '*.lan'
  #   - localhost.ptlogin2.qq.com
  
  nameserver:
    - 114.114.114.114 # default value
    - 8.8.8.8 # default value
    - tls://dns.rubyfish.cn:853 # DNS over TLS
    - https://1.1.1.1/dns-query # DNS over HTTPS
    - dhcp://en0 # dns from dhcp
    # - '8.8.8.8#en0'

tun:
  enable: true
  stack: system # or gvisor
  auto-route: true # auto set global route
  auto-detect-interface: true # conflict with interface-name

proxies:

proxy-groups:

proxy-providers:

rules:
  - RULE-SET,Unbreak,DIRECT
  - RULE-SET,Netflix,Netflix
  - RULE-SET,Streaming,Streaming
  - RULE-SET,StreamingSE,StreamingSE
  - RULE-SET,Global,Final
  - RULE-SET,Apple,DIRECT
  - RULE-SET,China,DIRECT

  # Local Area Network
  - IP-CIDR,192.168.0.0/16,DIRECT
  - IP-CIDR,10.0.0.0/8,DIRECT
  - IP-CIDR,172.16.0.0/12,DIRECT
  - IP-CIDR,127.0.0.0/8,DIRECT
  - IP-CIDR,100.64.0.0/10,DIRECT
  - IP-CIDR,224.0.0.0/4,DIRECT
  - IP-CIDR,fe80::/10,DIRECT

  - GEOIP,CN,DIRECT

  - MATCH,Final

Clash log

No response

Description

之前用过各种第三方工具,今天想试着自己部署,选用了在Ubuntu上通过docker安装 version: '3' services: clash: image: dreamacro/clash-premium container_name: clash volumes: - /root/clash/:/root/.config/clash/ # TUN cap_add: - NET_ADMIN devices: - /dev/net/tun restart: unless-stopped network_mode: "host" 其他使用一切正常,就是面板里面全是IP导致分流都去了Final,以前用的第三方面板里基本都是域名,分流正确 不知道哪里配置有问题?谢谢 除了以上步骤外,就是在sysctl.conf中打开了net.ipv4.ip_forward=1,其余没动

hackenfu avatar Jul 30 '22 03:07 hackenfu

dns 要改成 clash 的 dns server

Dreamacro avatar Jul 30 '22 04:07 Dreamacro

dns 要改成 clash 的 dns server

还请麻烦说得明确点,是哪个条目改成哪个?有点小白。。。

hackenfu avatar Jul 30 '22 05:07 hackenfu

tun里面少了dns-hijack这一条,导致tun没有劫持dns解析 tun: enable: true stack: system dns-hijack: - 198.18.0.2:53 auto-route: true

itKelis avatar Jul 30 '22 07:07 itKelis

@hackenfu 当前系统使用的话系统 dns 要设置成 clash 的 dns server。网关代理的话其他设备要下发网关和 dns 为 clash 的设备地址。当然 dns hijack 也可以

Dreamacro avatar Jul 30 '22 10:07 Dreamacro