OpenClash
OpenClash copied to clipboard
vernesong
[Bug] 开启「自定义上游 DNS 服务器」翻墙失效
Verify Steps
- [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
- [X] Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中,或者我会手动下载并安装 Dev 分支的 OpenClash
- [X] Latest 我已经使用最新 Dev 版本测试过,问题依旧存在
- [X] Relevant 我知道 OpenClash 与 内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系,仅相互调用
- [X] Definite 这确实是 OpenClash 出现的问题
- [ ] Contributors 我有能力协助 OpenClash 开发并解决此问题
- [ ] Meaningless 我提交的是无意义的催促更新或修复请求
OpenClash Version
v0.46.003-beta
Bug on Environment
Istoreos
OpenWrt Version
iStoreOS 22.03.6 2024030112
Bug on Platform
Linux-amd64-v3(x86-64)
Describe the Bug
开启「自定义上游 DNS 服务器」翻墙失效;
To Reproduce
OpenClash使用Fake-IP模式,TUN模式; adg(53)>mosdns(5335); OpenClashDNS中三个都填写127.0.0.1:53 UDP
OpenClash Log
OpenClash 调试日志
生成时间: 2024-04-30 23:08:47
插件版本: v0.46.003-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: QEMU Standard PC (Q35 + ICH9, 2009)
固件版本: iStoreOS 22.03.6 2024030112
LuCI版本: git-23.093.42303-d58cd69
内核版本: 5.10.201
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: relay
DNS劫持: 停用
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置:
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
运行内核:TUN
进程pid: 15665
运行权限: 15665: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17-13-gdcc8d87
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本: v1.18.0-13-gd034a40
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本: alpha-gfeedc9e
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/fnf.yaml
启动配置文件: /etc/openclash/fnf.yaml
运行模式: fake-ip-tun
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 启用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
redir-port: 7892
allow-lan: true
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
proxy-groups:
- name: Proxy
type: select
disable-udp: false
proxies:
- 自动切换
- 乌克兰[x0.5|V2Ray]@240Mbps
- 以色列[x0.75|NF|V2Ray]@80Mbps
- 卢森堡[x0.5|V2Ray]@240Mbps
- 印度Linode1[x0.75|V2Ray]@1Gbps
- 印度尼西亚PT[x0.5|NF|V2Ray]@80Mbps
- 台湾HiNet1[x0.75|NF|V2Ray]@600Mbps
- 台湾HiNet2[x0.75|NF|V2Ray]@600Mbps
- 台湾HiNet3[x0.75|NF|V2Ray]@600Mbps
- 台湾HiNet4[x0.75|NF|V2Ray]@600Mbps
- 台湾HiNet5[x0.75|NF|V2Ray]@600Mbps
- 土耳其[x1|V2Ray]@80Mbps
- 巴西[x1|V2Ray]@80Mbps
- 德国[x0.75|V2Ray]@1Gbps
- 新加坡Linode1[x0.75|NF|V2Ray]@2Gbps
- 新加坡Linode2[x0.75|NF|V2Ray]@2Gbps
- 新加坡VQ1[x0.75|NF|V2Ray]@1Gbps
- 日本Linode1[x0.75|NF|V2Ray]@4Gbps
- 日本Linode2[x0.75|NF|V2Ray]@4Gbps
- 日本Linode3[x0.75|NF|V2Ray]@4Gbps
- 泰国[x0.5|NF|V2Ray]@240Mbps
- 澳大利亚Mel[x0.75|NF|V2Ray]@480Mbps
- 澳大利亚NP[x1|NF|V2Ray]@240Mbps
- 瑞典[x1|NF|V2Ray]@240Mbps
- 美国HE1[x0.75|NF|V2Ray]@1Gbps
- 美国HE2[x0.75|NF|V2Ray]@1Gbps
- 美国HE3[x0.75|NF|V2Ray]@1Gbps
- 美国OVH1[x0.5|NF|V2Ray]@1Gbps
- 美国OVH2[x0.5|NF|V2Ray]@1Gbps
- 英国[x0.75|V2Ray]@1Gbps
- 菲律宾[x1|NF|V2Ray]@240Mbps
- 西班牙[x0.5|V2Ray]@240Mbps
- 阿根廷[x1|NF|V2Ray]@80Mbps
- 香港BGP1[x0.75|NF|V2Ray]@2Gbps
- 香港BGP2[x0.75|NF|V2Ray]@2Gbps
- 香港BGP3[x0.75|NF|V2Ray]@2Gbps
- 香港HKT1[x0.75|NF|V2Ray]@2Gbps
- 香港HKT2[x0.75|NF|V2Ray]@2Gbps
- 香港HKT3[x0.75|NF|V2Ray]@1Gbps
- 马来西亚TM1[x0.75|NF|V2Ray]@1Gbps
- name: Domestic
type: select
proxies:
- DIRECT
- Proxy
- name: AsianTV
type: select
proxies:
- Domestic
- Proxy
- name: GlobalTV
type: select
proxies:
- Proxy
- name: Others
type: select
proxies:
- Proxy
- Domestic
- name: 自动切换
type: url-test
disable-udp: false
proxies:
- 香港1
- 香港2
url: http://www.gstatic.com/generate_204
interval: '20'
tolerance: '200'
- name: 香港1
type: fallback
disable-udp: false
proxies:
- 香港BGP1[x0.75|NF|V2Ray]@2Gbps
- 香港BGP2[x0.75|NF|V2Ray]@2Gbps
- 香港BGP3[x0.75|NF|V2Ray]@2Gbps
url: http://www.gstatic.com/generate_204
interval: '10'
- name: 香港2
type: fallback
disable-udp: false
proxies:
- 香港HKT1[x0.75|NF|V2Ray]@2Gbps
- 香港HKT2[x0.75|NF|V2Ray]@2Gbps
- 香港HKT3[x0.75|NF|V2Ray]@1Gbps
url: http://www.gstatic.com/generate_204
interval: '10'
rule-providers:
reject:
type: http
behavior: domain
url: https://fnf.foo/ruleset/reject.txt
path: "./rule_provider/reject.yaml"
interval: 86400
icloud:
type: http
behavior: domain
url: https://fnf.foo/ruleset/icloud.txt
path: "./rule_provider/icloud.yaml"
interval: 86400
apple:
type: http
behavior: domain
url: https://fnf.foo/ruleset/apple.txt
path: "./rule_provider/apple.yaml"
interval: 86400
google:
type: http
behavior: domain
url: https://fnf.foo/ruleset/google.txt
path: "./rule_provider/google.yaml"
interval: 86400
proxy:
type: http
behavior: domain
url: https://fnf.foo/ruleset/proxy.txt
path: "./rule_provider/proxy.yaml"
interval: 86400
direct:
type: http
behavior: domain
url: https://fnf.foo/ruleset/direct.txt
path: "./rule_provider/direct.yaml"
interval: 86400
private:
type: http
behavior: domain
url: https://fnf.foo/ruleset/private.txt
path: "./rule_provider/private.yaml"
interval: 86400
gfw:
type: http
behavior: domain
url: https://fnf.foo/ruleset/gfw.txt
path: "./rule_provider/gfw.yaml"
interval: 86400
greatfire:
type: http
behavior: domain
url: https://fnf.foo/ruleset/greatfire.txt
path: "./rule_provider/greatfire.yaml"
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: https://fnf.foo/ruleset/tld-not-cn.txt
path: "./rule_provider/tld-not-cn.yaml"
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: https://fnf.foo/ruleset/telegramcidr.txt
path: "./rule_provider/telegramcidr.yaml"
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: https://fnf.foo/ruleset/cncidr.txt
path: "./rule_provider/cncidr.yaml"
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: https://fnf.foo/ruleset/lancidr.txt
path: "./rule_provider/lancidr.yaml"
interval: 86400
applications:
type: http
behavior: classical
url: https://fnf.foo/ruleset/applications.txt
path: "./rule_provider/applications.yaml"
interval: 86400
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- DOMAIN-SUFFIX,googleapis.cn,Proxy
- DOMAIN,xn--ngstr-lra8j.com,Proxy
- DOMAIN-SUFFIX,growingio.com,DIRECT
- DOMAIN-SUFFIX,adjust.com,DIRECT
- DOMAIN-SUFFIX,applovin.com,DIRECT
- DOMAIN-SUFFIX,sensorsdata.cn,DIRECT
- DOMAIN-SUFFIX,appsflyer.com,DIRECT
- DOMAIN-SUFFIX,shimo.im,DIRECT
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- RULE-SET,google,Proxy
- RULE-SET,proxy,Proxy
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,Proxy
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,Proxy
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
dns:
enable: true
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
listen: 0.0.0.0:7874
nameserver:
- 192.168.100.1:5335
fallback:
- 192.168.100.1:5335
default-nameserver:
- 192.168.100.1:5335
experimental:
sniff-tls-sni: true
tun:
enable: true
stack: system
auto-route: false
auto-detect-interface: false
dns-hijack:
- tcp://any:53
profile:
store-selected: true
authentication:
- Clash:ppokNS1J
#===================== 自定义覆写设置 =====================#
#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts
LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path
#Simple Demo:
#General Demo
#1--config path
#2--key name
#3--value
#ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
#ruby_edit "$CONFIG_FILE" "['secret']" "123456"
#ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"
#Hash Demo
#1--config path
#2--key name
#3--hash type value
#ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
#ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"
#Array Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value
#ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"
#Array Add From Yaml File Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value file path
#5--value key name in #4 file
#ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"
#Ruby Script Demo:
#ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
# begin
# Value = YAML.load_file('$CONFIG_FILE');
# rescue Exception => e
# puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
# end;
#General
# begin
# Thread.new{
# Value['redir-port']=7892;
# Value['tproxy-port']=7895;
# Value['port']=7890;
# Value['socks-port']=7891;
# Value['mixed-port']=7893;
# }.join;
# rescue Exception => e
# puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
# ensure
# File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
# end" 2>/dev/null >> $LOG_FILE
exit 0
#===================== 自定义防火墙设置 =====================#
#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
exit 0
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Tue Apr 30 23:08:48 2024
*nat
:PREROUTING ACCEPT [12452:2372855]
:INPUT ACCEPT [4629:343589]
:OUTPUT ACCEPT [10430:741506]
:POSTROUTING ACCEPT [9501:567261]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i utun -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o utun -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A MINIUPNPD -p tcp -m tcp --dport 22223 -j DNAT --to-destination 192.168.100.243:22223
-A MINIUPNPD -p udp -m udp --dport 22223 -j DNAT --to-destination 192.168.100.243:22223
-A MINIUPNPD -p tcp -m tcp --dport 1443 -j DNAT --to-destination 192.168.100.221:1443
-A MINIUPNPD-POSTROUTING -s 192.168.100.243/32 -p tcp -m tcp --sport 22223 -j MASQUERADE --to-ports 22223
-A MINIUPNPD-POSTROUTING -s 192.168.100.243/32 -p udp -m udp --sport 22223 -j MASQUERADE --to-ports 22223
-A MINIUPNPD-POSTROUTING -s 192.168.100.221/32 -p tcp -m tcp --sport 1443 -j MASQUERADE --to-ports 1443
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -i docker0 -m comment --comment "!fw3: DockerNAT" -j MASQUERADE
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -j MINIUPNPD
COMMIT
# Completed on Tue Apr 30 23:08:48 2024
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Tue Apr 30 23:08:48 2024
*mangle
:PREROUTING ACCEPT [4898:901420]
:INPUT ACCEPT [3022:554985]
:FORWARD ACCEPT [1869:345445]
:OUTPUT ACCEPT [2996:938944]
:POSTROUTING ACCEPT [4809:1283159]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -j openclash
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j openclash_output
-A openclash -p tcp -m tcp --sport 8897 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -i utun -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -j openclash_upnp
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p tcp -m tcp --sport 8897 -j RETURN
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_upnp -s 192.168.100.243/32 -p tcp -m tcp --sport 22223 -j RETURN
-A openclash_upnp -s 192.168.100.221/32 -p tcp -m tcp --sport 1443 -j RETURN
COMMIT
# Completed on Tue Apr 30 23:08:48 2024
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Tue Apr 30 23:08:48 2024
*filter
:INPUT ACCEPT [46:1852]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:openclash_wan_input - [0:0]
:output_docker_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i eth0 -m set ! --match-set localnetwork src -j openclash_wan_input
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -o utun -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A MINIUPNPD -d 192.168.100.243/32 -p tcp -m tcp --dport 22223 -j ACCEPT
-A MINIUPNPD -d 192.168.100.243/32 -p udp -m udp --dport 22223 -j ACCEPT
-A MINIUPNPD -d 192.168.100.221/32 -p tcp -m tcp --dport 1443 -j ACCEPT
-A openclash_wan_input -p udp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable
-A openclash_wan_input -p tcp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to docker forwarding policy" -j zone_docker_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o eth0 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth0 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Tue Apr 30 23:08:48 2024
#IPv6 NAT chain
# Generated by ip6tables-save v1.8.7 on Tue Apr 30 23:08:48 2024
*nat
:PREROUTING ACCEPT [32591:3312908]
:INPUT ACCEPT [1629:184338]
:OUTPUT ACCEPT [2771:244897]
:POSTROUTING ACCEPT [32490:3163232]
COMMIT
# Completed on Tue Apr 30 23:08:48 2024
#IPv6 Mangle chain
# Generated by ip6tables-save v1.8.7 on Tue Apr 30 23:08:48 2024
*mangle
:PREROUTING ACCEPT [212759:23279056]
:INPUT ACCEPT [51451:6941346]
:FORWARD ACCEPT [125564:13706566]
:OUTPUT ACCEPT [180712:16208343]
:POSTROUTING ACCEPT [300229:29236601]
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Tue Apr 30 23:08:48 2024
#IPv6 Filter chain
# Generated by ip6tables-save v1.8.7 on Tue Apr 30 23:08:48 2024
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to docker forwarding policy" -j zone_docker_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o eth0 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth0 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Tue Apr 30 23:08:48 2024
#===================== IPSET状态 =====================#
Name: localnetwork
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 1024
References: 3
Number of entries: 9
Name: china_ip_route
Type: hash:net
Revision: 6
Header: family inet hashsize 4096 maxelem 1000000
Size in memory: 245640
References: 1
Number of entries: 8616
Name: china_ip_route_pass
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1000000
Size in memory: 448
References: 0
Number of entries: 0
#===================== 路由表状态 =====================#
#IPv4
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.9.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
198.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 utun
#ip route list
default via 192.168.9.1 dev eth0 proto static src 192.168.9.10
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.9.0/24 dev eth0 proto kernel scope link src 192.168.9.10
192.168.100.0/24 dev br-lan proto kernel scope link src 192.168.100.1
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#IPv6
#route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::/0 fe80::be24:11ff:fe63:3d3e UG 512 1 0 eth0
::/0 fe80::be24:11ff:fe63:3d3e UG 512 5 0 eth0
::/0 fe80::be24:11ff:fe63:3d3e UG 512 2 0 eth0
*WAN IP*:/64 :: U 256 5 0 eth0
*WAN IP*:/64 :: !n 2147483647 1 0 lo
2409:8a50:4e20:5a98::/64 :: U 1024 1 0 br-lan
2409:8a50:4e20:5a98::/62 :: !n 2147483647 1 0 lo
fd77:abc2:a413::/64 :: U 1024 5 0 br-lan
fd77:abc2:a413::/48 :: !n 2147483647 2 0 lo
fe80::/64 :: U 256 5 0 eth0
fe80::/64 :: U 256 2 0 br-lan
fe80::/64 :: U 256 1 0 utun
::/0 :: !n -1 2 0 lo
::1/128 :: Un 0 7 0 lo
*WAN IP*:/128 :: Un 0 4 0 eth0
*WAN IP*:f32/128 :: Un 0 6 0 eth0
*WAN IP*be24:11ff:fee4:c28f/128 :: Un 0 8 0 eth0
2409:8a50:4e20:5a98::/128 :: Un 0 3 0 br-lan
2409:8a50:4e20:5a98::1/128 :: Un 0 7 0 br-lan
fd77:abc2:a413::/128 :: Un 0 3 0 br-lan
fd77:abc2:a413::1/128 :: Un 0 8 0 br-lan
fe80::/128 :: Un 0 5 0 eth0
fe80::/128 :: Un 0 3 0 br-lan
fe80::/128 :: Un 0 3 0 utun
fe80::be24:11ff:fe9e:a001/128 :: Un 0 3 0 br-lan
fe80::be24:11ff:fee4:c28f/128 :: Un 0 5 0 eth0
fe80::c9ab:8407:e7c8:210c/128 :: Un 0 2 0 utun
ff00::/8 :: U 256 5 0 eth0
ff00::/8 :: U 256 5 0 br-lan
ff00::/8 :: U 256 2 0 utun
::/0 :: !n -1 2 0 lo
#ip -6 route list
default from *WAN IP*:f32 via fe80::be24:11ff:fe63:3d3e dev eth0 proto static metric 512 pref medium
default from *WAN IP*:/64 via fe80::be24:11ff:fe63:3d3e dev eth0 proto static metric 512 pref medium
default from 2409:8a50:4e20:5a98::/62 via fe80::be24:11ff:fe63:3d3e dev eth0 proto static metric 512 pref medium
*WAN IP*:/64 dev eth0 proto static metric 256 pref medium
unreachable *WAN IP*:/64 dev lo proto static metric 2147483647 pref medium
2409:8a50:4e20:5a98::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2409:8a50:4e20:5a98::/62 dev lo proto static metric 2147483647 pref medium
fd77:abc2:a413::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd77:abc2:a413::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev utun proto kernel metric 256 pref medium
#ip -6 rule show
0: from all lookup local
32766: from all lookup main
4200000000: from 2409:8a50:4e20:5a98::1/64 iif br-lan unreachable
#===================== Tun设备状态 =====================#
utun: tun multi_queue vnet_hdr
#===================== 端口占用状态 =====================#
tcp 0 0 198.18.0.1:7777 0.0.0.0:* LISTEN 15665/clash
tcp 0 0 :::7890 :::* LISTEN 15665/clash
tcp 0 0 :::7891 :::* LISTEN 15665/clash
tcp 0 0 :::7892 :::* LISTEN 15665/clash
tcp 0 0 :::7893 :::* LISTEN 15665/clash
tcp 0 0 :::7895 :::* LISTEN 15665/clash
tcp 0 0 :::9090 :::* LISTEN 15665/clash
udp 0 0 :::41137 :::* 15665/clash
udp 0 0 :::58552 :::* 15665/clash
udp 0 0 :::35022 :::* 15665/clash
udp 0 0 :::60641 :::* 15665/clash
udp 0 0 :::35057 :::* 15665/clash
udp 0 0 :::47377 :::* 15665/clash
udp 0 0 :::58675 :::* 15665/clash
udp 0 0 :::58697 :::* 15665/clash
udp 0 0 :::40292 :::* 15665/clash
udp 0 0 :::58787 :::* 15665/clash
udp 0 0 :::55756 :::* 15665/clash
udp 0 0 :::57809 :::* 15665/clash
udp 0 0 :::46564 :::* 15665/clash
udp 0 0 :::55786 :::* 15665/clash
udp 0 0 :::59922 :::* 15665/clash
udp 0 0 :::59934 :::* 15665/clash
udp 0 0 :::55868 :::* 15665/clash
udp 0 0 :::36437 :::* 15665/clash
udp 0 0 :::42611 :::* 15665/clash
udp 0 0 :::35466 :::* 15665/clash
udp 0 0 :::53912 :::* 15665/clash
udp 0 0 :::7874 :::* 15665/clash
udp 0 0 :::7891 :::* 15665/clash
udp 0 0 :::7892 :::* 15665/clash
udp 0 0 :::7893 :::* 15665/clash
udp 0 0 :::7895 :::* 15665/clash
udp 0 0 :::49008 :::* 15665/clash
udp 0 0 :::49041 :::* 15665/clash
udp 0 0 :::35749 :::* 15665/clash
udp 0 0 :::47138 :::* 15665/clash
udp 0 0 :::32805 :::* 15665/clash
udp 0 0 :::32829 :::* 15665/clash
udp 0 0 :::39059 :::* 15665/clash
udp 0 0 :::48283 :::* 15665/clash
#===================== 测试本机DNS查询(www.baidu.com) =====================#
Server: 127.0.0.1
Address: 127.0.0.1:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 120.232.145.185
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 2409:8c54:870:67:0:ff:b0c2:ad75
Name: www.a.shifen.com
Address: 2409:8c54:870:34e:0:ff:b024:1916
#===================== 测试内核DNS查询(www.instagram.com) =====================#
Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto
#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#
# Interface wan
nameserver 114.114.114.114
nameserver 223.5.5.5
#===================== 测试本机网络连接(www.baidu.com) =====================#
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 405191
Content-Security-Policy: frame-ancestors 'self' https://chat.baidu.com http://mirror-chat.baidu.com https://fj-chat.baidu.com https://hba-chat.baidu.com https://hbe-chat.baidu.com https://njjs-chat.baidu.com https://nj-chat.baidu.com https://hna-chat.baidu.com https://hnb-chat.baidu.com http://debug.baidu-int.com;
Content-Type: text/html; charset=utf-8
Date: Tue, 30 Apr 2024 15:08:49 GMT
Server: BWS/1.1
Set-Cookie: BIDUPSID=0869AD481895FCADA16177F1419EBB51; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1714489729; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BAIDUID=0869AD481895FCADA16177F1419EBB51:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000
Set-Cookie: BAIDUID_BFESS=0869AD481895FCADA16177F1419EBB51:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000; Secure; SameSite=None
Traceid: 1714489729046453351417618552393383867472
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1
X-Xss-Protection: 1;mode=block
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
#===================== 最近运行日志(自动切换为Debug模式) =====================#
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:45602 rAddr=1.1.1.1:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:33716 rAddr=8.8.8.8:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:45770 rAddr=1.1.1.1:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:45786 rAddr=1.1.1.1:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.100.243:10738 rAddr=149.154.175.54:443 rule=RuleSet rulePayload=telegramcidr
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:40072 rAddr=9.9.9.9:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:45580 rAddr=1.1.1.1:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:60850 rAddr=1.1.1.1:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:45558 rAddr=1.1.1.1:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:45798 rAddr=1.1.1.1:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:33976 rAddr=8.8.8.8:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:39974 rAddr=9.9.9.9:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:38248 rAddr=9.9.9.9:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:34012 rAddr=8.8.8.8:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:38228 rAddr=9.9.9.9:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:38238 rAddr=9.9.9.9:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:33732 rAddr=8.8.8.8:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:33722 rAddr=8.8.8.8:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:40100 rAddr=9.9.9.9:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:45692 rAddr=1.1.1.1:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:40104 rAddr=9.9.9.9:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:45698 rAddr=1.1.1.1:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:40184 rAddr=9.9.9.9:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:33730 rAddr=8.8.8.8:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:40164 rAddr=9.9.9.9:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:45654 rAddr=1.1.1.1:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:33742 rAddr=8.8.8.8:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:40048 rAddr=9.9.9.9:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:33746 rAddr=8.8.8.8:853 rule=Match rulePayload=
16:53:51 WRN [TCP] dial failed error=csm-a01.stream.fnode.top:10132 connect error: all DNS requests failed, first error: read udp4 192.168.100.1:35412->192.168.100.1:53: i/o timeout proxy=Proxy lAddr=192.168.9.10:45650 rAddr=1.1.1.1:853 rule=Match rulePayload=
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:33860 rAddr=8.8.8.8:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:40286 rAddr=9.9.9.9:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:33866 rAddr=8.8.8.8:853 inbound=TUN
16:53:51 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=9.9.9.9 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:51 DBG [TCP] accept connection lAddr=192.168.100.238:60057 rAddr=ml.cdn-apple.com:443 inbound=TUN
16:53:51 DBG [Matcher] find process failed error=process not found addr=ml.cdn-apple.com
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:33926 rAddr=8.8.8.8:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:33912 rAddr=8.8.8.8:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:45842 rAddr=1.1.1.1:853 inbound=TUN
16:53:51 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=1.1.1.1 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:33772 rAddr=8.8.8.8:853 inbound=TUN
16:53:51 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:51 DBG [UDP] accept session lAddr=192.168.100.105:57972 rAddr=17.253.114.125:123 inbound=TUN
16:53:51 DBG [Matcher] find process failed error=process not found addr=17.253.114.125
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:33810 rAddr=8.8.8.8:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:40252 rAddr=9.9.9.9:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:45742 rAddr=1.1.1.1:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:40240 rAddr=9.9.9.9:853 inbound=TUN
16:53:51 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:33798 rAddr=8.8.8.8:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:33782 rAddr=8.8.8.8:853 inbound=TUN
16:53:51 DBG [Matcher] find process success addr=1.1.1.1 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=9.9.9.9 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=9.9.9.9 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:33946 rAddr=8.8.8.8:853 inbound=TUN
16:53:51 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:33830 rAddr=8.8.8.8:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:33846 rAddr=8.8.8.8:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:40274 rAddr=9.9.9.9:853 inbound=TUN
16:53:51 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=9.9.9.9 path=/usr/bin/mosdns
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:40386 rAddr=9.9.9.9:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:40422 rAddr=9.9.9.9:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:40384 rAddr=9.9.9.9:853 inbound=TUN
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:45886 rAddr=1.1.1.1:853 inbound=TUN
16:53:51 DBG [Matcher] find process success addr=9.9.9.9 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=9.9.9.9 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=9.9.9.9 path=/usr/bin/mosdns
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:45864 rAddr=1.1.1.1:853 inbound=TUN
16:53:51 DBG [Matcher] find process success addr=1.1.1.1 path=/usr/bin/mosdns
16:53:51 DBG [Matcher] find process success addr=1.1.1.1 path=/usr/bin/mosdns
16:53:51 DBG [TCP] accept connection lAddr=192.168.9.10:45862 rAddr=1.1.1.1:853 inbound=TUN
16:53:51 DBG [Matcher] find process success addr=1.1.1.1 path=/usr/bin/mosdns
16:53:52 DBG [TCP] accept connection lAddr=192.168.100.243:10742 rAddr=149.154.175.54:80 inbound=TUN
16:53:52 DBG [Matcher] find process failed error=process not found addr=149.154.175.54
16:53:52 DBG [TCP] accept connection lAddr=192.168.9.10:40312 rAddr=9.9.9.9:853 inbound=TUN
16:53:52 DBG [TCP] accept connection lAddr=192.168.9.10:40334 rAddr=9.9.9.9:853 inbound=TUN
16:53:52 DBG [TCP] accept connection lAddr=192.168.9.10:45824 rAddr=1.1.1.1:853 inbound=TUN
16:53:52 DBG [TCP] accept connection lAddr=192.168.9.10:45828 rAddr=1.1.1.1:853 inbound=TUN
16:53:52 DBG [Matcher] find process success addr=1.1.1.1 path=/usr/bin/mosdns
16:53:52 DBG [Matcher] find process success addr=9.9.9.9 path=/usr/bin/mosdns
16:53:52 DBG [Matcher] find process success addr=9.9.9.9 path=/usr/bin/mosdns
16:53:52 DBG [TCP] accept connection lAddr=192.168.9.10:33878 rAddr=8.8.8.8:853 inbound=TUN
16:53:52 DBG [Matcher] find process success addr=1.1.1.1 path=/usr/bin/mosdns
16:53:52 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:52 DBG [TCP] accept connection lAddr=192.168.9.10:45888 rAddr=1.1.1.1:853 inbound=TUN
16:53:52 DBG [TCP] accept connection lAddr=192.168.9.10:34010 rAddr=8.8.8.8:853 inbound=TUN
16:53:52 DBG [Matcher] find process success addr=1.1.1.1 path=/usr/bin/mosdns
16:53:52 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
16:53:52 DBG [TCP] accept connection lAddr=192.168.9.10:40352 rAddr=9.9.9.9:853 inbound=TUN
16:53:52 DBG [TCP] accept connection lAddr=192.168.9.10:33934 rAddr=8.8.8.8:853 inbound=TUN
16:53:52 DBG [Matcher] find process success addr=9.9.9.9 path=/usr/bin/mosdns
16:53:52 DBG [Matcher] find process success addr=8.8.8.8 path=/usr/bin/mosdns
#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#
#===================== 活动连接信息 =====================#
1. SourceIP:【192.168.100.243】 - Host:【Empty】 - DestinationIP:【139.199.218.122】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.100.239】 - Host:【Empty】 - DestinationIP:【39.156.44.27】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【114.114.114.114】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
4. SourceIP:【192.168.100.139】 - Host:【Empty】 - DestinationIP:【120.92.96.155】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
5. SourceIP:【192.168.100.157】 - Host:【Empty】 - DestinationIP:【58.83.177.137】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
6. SourceIP:【192.168.100.107】 - Host:【Empty】 - DestinationIP:【120.92.65.254】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.100.238】 - Host:【gspe19-cn-ssl.ls.apple.com】 - DestinationIP:【183.246.189.168】 - Network:【tcp】 - RulePayload:【apple】 - Lastchain:【DIRECT】
8. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【114.114.114.114】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
9. SourceIP:【192.168.100.243】 - Host:【Empty】 - DestinationIP:【36.155.187.225】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.100.238】 - Host:【p31-buy.itunes.apple.com】 - DestinationIP:【17.23.112.10】 - Network:【tcp】 - RulePayload:【apple】 - Lastchain:【DIRECT】
11. SourceIP:【192.168.100.243】 - Host:【www.taobao.com】 - DestinationIP:【183.214.3.190】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
12. SourceIP:【192.168.100.224】 - Host:【Empty】 - DestinationIP:【111.13.142.234】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
13. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【223.5.5.5】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
14. SourceIP:【192.168.100.238】 - Host:【gateway.icloud.com】 - DestinationIP:【17.248.216.68】 - Network:【tcp】 - RulePayload:【icloud】 - Lastchain:【DIRECT】
15. SourceIP:【192.168.100.237】 - Host:【Empty】 - DestinationIP:【183.84.7.209】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
16. SourceIP:【192.168.9.10】 - Host:【Empty】 - DestinationIP:【223.5.5.5】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
17. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【114.114.114.114】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
18. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【124.251.34.183】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
19. SourceIP:【192.168.9.10】 - Host:【Empty】 - DestinationIP:【1.12.12.12】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
20. SourceIP:【192.168.100.194】 - Host:【Empty】 - DestinationIP:【39.156.81.176】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
21. SourceIP:【192.168.100.224】 - Host:【Empty】 - DestinationIP:【36.156.49.101】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
22. SourceIP:【192.168.100.239】 - Host:【Empty】 - DestinationIP:【58.83.177.137】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
23. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【114.114.114.114】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
24. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【114.114.114.114】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
25. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【114.114.114.114】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
26. SourceIP:【192.168.100.243】 - Host:【s1.music.126.net】 - DestinationIP:【120.226.194.229】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
27. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【114.114.114.114】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
28. SourceIP:【192.168.100.243】 - Host:【Empty】 - DestinationIP:【111.62.49.134】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
29. SourceIP:【192.168.100.243】 - Host:【s1.music.126.net】 - DestinationIP:【120.226.194.229】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
30. SourceIP:【192.168.100.243】 - Host:【mcs-bd.feishu.cn】 - DestinationIP:【111.48.200.167】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
31. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【114.114.114.114】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
32. SourceIP:【192.168.100.182】 - Host:【Empty】 - DestinationIP:【120.92.65.240】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
33. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【114.114.114.114】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
34. SourceIP:【192.168.100.243】 - Host:【whois.pconline.com.cn】 - DestinationIP:【120.240.113.2】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
35. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【114.114.114.114】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
36. SourceIP:【192.168.100.243】 - Host:【Empty】 - DestinationIP:【120.233.22.112】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
37. SourceIP:【192.168.100.216】 - Host:【Empty】 - DestinationIP:【36.156.49.86】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
38. SourceIP:【192.168.100.239】 - Host:【Empty】 - DestinationIP:【36.156.49.75】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
39. SourceIP:【192.168.100.243】 - Host:【www.baidu.com】 - DestinationIP:【180.101.50.188】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
40. SourceIP:【192.168.100.243】 - Host:【mcs-bd.feishu.cn】 - DestinationIP:【111.48.200.167】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
41. SourceIP:【192.168.100.243】 - Host:【www.taobao.com】 - DestinationIP:【183.214.3.190】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
42. SourceIP:【192.168.100.238】 - Host:【gateway.icloud.com】 - DestinationIP:【17.248.216.68】 - Network:【tcp】 - RulePayload:【icloud】 - Lastchain:【DIRECT】
43. SourceIP:【192.168.100.239】 - Host:【Empty】 - DestinationIP:【120.233.12.9】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
44. SourceIP:【192.168.100.243】 - Host:【rc10.oray.com】 - DestinationIP:【121.196.110.124】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
45. SourceIP:【192.168.100.243】 - Host:【msg-frontier-lf.feishu.cn】 - DestinationIP:【111.62.37.139】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
46. SourceIP:【192.168.100.103】 - Host:【Empty】 - DestinationIP:【114.114.114.114】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
47. SourceIP:【192.168.100.155】 - Host:【Empty】 - DestinationIP:【36.156.49.34】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
48. SourceIP:【192.168.100.245】 - Host:【Empty】 - DestinationIP:【183.84.7.207】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
49. SourceIP:【192.168.100.243】 - Host:【ttnet-doh.feishu.cn】 - DestinationIP:【8.133.123.142】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
50. SourceIP:【192.168.100.243】 - Host:【whois.pconline.com.cn】 - DestinationIP:【120.240.113.2】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
51. SourceIP:【192.168.100.101】 - Host:【Empty】 - DestinationIP:【183.84.7.209】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
52. SourceIP:【192.168.100.243】 - Host:【www.baidu.com】 - DestinationIP:【180.101.50.188】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
53. SourceIP:【192.168.100.138】 - Host:【Empty】 - DestinationIP:【36.156.49.86】 - Network:【udp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
### OpenClash Config
_No response_
### Expected Behavior
期望能该功能在此环境下能够正常使用
### Additional Context
_No response_
mosdns那边会有很多这样的日志
2024-04-30 15:12:22 WARN forward_xinfeng_udp upstream error {"uqid": 5283, "qname": "1-courier.push.apple.com.", "qclass": 1, "qtype": 65, "upstream": "114.114.114.114", "error": "context deadline exceeded"} 2024-04-30 15:12:22 WARN apple_domain_fallback secondary error {"query": {"uqid": 5283, "client": "::ffff:127.0.0.1", "qname": "1-courier.push.apple.com.", "qtype": 65, "qclass": 1, "elapsed": "5.000937751s"}, "error": "context deadline exceeded"} 2024-04-30 15:12:22 WARN udp_server entry err {"query": {"uqid": 5282, "client": "::ffff:127.0.0.1", "qname": "1-courier.push.apple.com.", "qtype": 28, "qclass": 1, "elapsed": "5.000955476s"}, "error": "context deadline exceeded"} 2024-04-30 15:12:22 WARN forward_xinfeng_udp upstream error {"uqid": 5282, "qname": "1-courier.push.apple.com.", "qclass": 1, "qtype": 28, "upstream": "114.114.115.115", "error": "context deadline exceeded"} 2024-04-30 15:12:22 WARN apple_domain_fallback secondary error {"query": {"uqid": 5282, "client": "::ffff:127.0.0.1", "qname": "1-courier.push.apple.com.", "qtype": 28, "qclass": 1, "elapsed": "5.000945686s"}, "error": "context deadline exceeded"} 2024-04-30 15:12:22 WARN forward_xinfeng_udp upstream error {"uqid": 5282, "qname": "1-courier.push.apple.com.", "qclass": 1, "qtype": 28, "upstream": "114.114.115.115", "error": "context deadline exceeded"} 2024-04-30 15:12:22 WARN udp_server entry err {"query": {"uqid": 5283, "client": "::ffff:127.0.0.1", "qname": "1-courier.push.apple.com.", "qtype": 65, "qclass": 1, "elapsed": "5.000947562s"}, "error": "no valid response from both primary and secondary"} 2024-04-30 15:12:22 WARN forward_xinfeng_udp upstream error {"uqid": 5283, "qname": "1-courier.push.apple.com.", "qclass": 1, "qtype": 65, "upstream": "114.114.114.114", "error": "context deadline exceeded"} 2024-04-30 15:12:22 WARN udp_server entry err {"query": {"uqid": 5284, "client": "::ffff:127.0.0.1", "qname": "1-courier.push.apple.com.", "qtype": 1, "qclass": 1, "elapsed": "5.000887024s"}, "error": "context deadline exceeded"} 2024-04-30 15:12:22 WARN apple_domain_fallback secondary error {"query": {"uqid": 5284, "client": "::ffff:127.0.0.1", "qname": "1-courier.push.apple.com.", "qtype": 1, "qclass": 1, "elapsed": "5.00090001s"}, "error": "context deadline exceeded"} 2024-04-30 15:12:22 WARN forward_xinfeng_udp upstream error {"uqid": 5284, "qname": "1-courier.push.apple.com.", "qclass": 1, "qtype": 1, "upstream": "114.114.114.114", "error": "context deadline exceeded"} 2024-04-30 15:12:22 WARN forward_xinfeng_udp upstream error {"uqid": 5284, "qname": "1-courier.push.apple.com.", "qclass": 1, "qtype": 1, "upstream": "114.114.114.114", "error": "context deadline exceeded"} 2024-04-30 15:27:45 WARN forward_remote upstream error {"uqid": 5689, "qname": "sentry.io.", "qclass": 1, "qtype": 1, "upstream": "tls://9.9.9.9", "error": "context deadline exceeded"} 2024-04-30 15:30:39 WARN forward_remote upstream error {"uqid": 5788, "qname": "avatars.githubusercontent.com.", "qclass": 1, "qtype": 1, "upstream": "tls://1.1.1.1", "error": "context deadline exceeded"}
你访问的网站似乎很喜欢“优先ipv6”,但你的clash貌似没有启用ipv6流量代理 — 或许你可以试一下进luci-app-mosdns里先把“远程dns解析优先ipv4”给勾上
你访问的网站似乎很喜欢“优先ipv6”,但你的clash貌似没有启用ipv6流量代理 — 或许你可以试一下进luci-app-mosdns里先把“远程dns解析优先ipv4”给勾上
我尝试在openwrt占用53端口的adg上,把ipv6解析关闭了,确实代理网络恢复了;并且我关闭了lan口的dhcp ipv6 dns服务,仅提供ipv4地址; 但是依旧存在以下问题: https://ipleak.net/ 能够检测到中国ip地址,并且在其检查的dns地址中会出现ipv6地址;
当前我的网络结构如下: ikuai进行PPPoE,开启了ipv6地址,并且dhcp也向lan口提供ipv6地址; openwrt的wan口dhcp接入ikuai lan口,开启了wan6,关闭了lan口的dhcp ipv6 dns提供服务,WAN和LAN的RA采用中继模式; adg替换了53端口,adg上游dns为mosdns,关闭了IPV6解析; mosdns端口5335,开启了自定义国内DNS,开启了防止DNS泄漏;其国内dns上游为smartdns,海外dns上游为1.1.1.1、8.8.8.8、9.9.9.9; smartdns端口5336,dns使用国内DoH DNS; OpenClash为FakeIP TUN模式,关了DNS劫持,未开启IPV6代理,开启了自定义DNS,上游为本地的adg; PC接入openwrt lan口。
你访问的网站似乎很喜欢“优先ipv6”,但你的clash貌似没有启用ipv6流量代理 — 或许你可以试一下进luci-app-mosdns里先把“远程dns解析优先ipv4”给勾上
此外,原本我mosdns理的“远程dns解析优先ipv4”是勾上的,但是依旧不能解决此前的问题,adg中把ipv6解析关闭后openclash才回复正常。
你访问的网站似乎很喜欢“优先ipv6”,但你的clash貌似没有启用ipv6流量代理 — 或许你可以试一下进luci-app-mosdns里先把“远程dns解析优先ipv4”给勾上
我尝试在openwrt占用53端口的adg上,把ipv6解析关闭了,确实代理网络恢复了;并且我关闭了lan口的dhcp ipv6 dns服务,仅提供ipv4地址; 但是依旧存在以下问题: https://ipleak.net/ 能够检测到中国ip地址,并且在其检查的dns地址中会出现ipv6地址;
当前我的网络结构如下: ikuai进行PPPoE,开启了ipv6地址,并且dhcp也向lan口提供ipv6地址; openwrt的wan口dhcp接入ikuai lan口,开启了wan6,关闭了lan口的dhcp ipv6 dns提供服务,WAN和LAN的RA采用中继模式; adg替换了53端口,adg上游dns为mosdns,关闭了IPV6解析; mosdns端口5335,开启了自定义国内DNS,开启了防止DNS泄漏;其国内dns上游为smartdns,海外dns上游为1.1.1.1、8.8.8.8、9.9.9.9; smartdns端口5336,dns使用国内DoH DNS; OpenClash为FakeIP TUN模式,关了DNS劫持,未开启IPV6代理,开启了自定义DNS,上游为本地的adg; PC接入openwrt lan口。
https://ipleak.net/ 的DNS泄漏问题解决了,MOSDNS不支持填写「127.0.0.1:5336」此类格式,使用此类格式时,会使用默认的WAN口DNS; 修改为「192.168.100.1:5336」后,自定义的DNS地址才生效,分流开始正常工作。
分享一份个人配置供老铁参考 ADG作为dnsmasq的上游服务器>OpenClash(7874)自定义上游>MOSDNS(5335) OpenClash使用Redir的TUN模式,关闭DNS劫持,启用IPv6代理和DNS解析 MOSDNS日志等级设为错误
分享一份个人配置供老铁参考 ADG作为dnsmasq的上游服务器>OpenClash(7874)自定义上游>MOSDNS(5335) OpenClash使用Redir的TUN模式,关闭DNS劫持,启用IPv6代理和DNS解析 MOSDNS日志等级设为错误
为什么不直接绕开dnsmasq端口,adg占用53端口开启dns缓存,mosdns占用5335作为adg上游关闭dns缓存,openclash不参与dns解析自定义dns地址到adg地址; 在你的环节中我没有感觉到dnsmasq和openclash参与dns的必要性;
分享一份个人配置供老铁参考 ADG作为dnsmasq的上游服务器>OpenClash(7874)自定义上游>MOSDNS(5335) OpenClash使用Redir的TUN模式,关闭DNS劫持,启用IPv6代理和DNS解析 MOSDNS日志等级设为错误
为什么不直接绕开dnsmasq端口,adg占用53端口开启dns缓存,mosdns占用5335作为adg上游关闭dns缓存,openclash不参与dns解析自定义dns地址到adg地址; 在你的环节中我没有感觉到dnsmasq和openclash参与dns的必要性;
不直接绕开dnsmasq端口是因为ADG作为dnsmasq的上游服务器比ADG占用53端口去广告效果稳定。 如果按照你的设置,OpenClash开启自定义上游DNS地址,必须劫持本地DNS解析,也就是转发dnsmasq的53端口到8784端口,和ADG占用53端口冲突。 目前使用我的配置,无论分流还是IPv6都没有问题,DNS这块我也不是很懂,以上表述如果有误,还请老铁指正。
分享一份个人配置供老铁参考 ADG作为dnsmasq的上游服务器>OpenClash(7874)自定义上游>MOSDNS(5335) OpenClash使用Redir的TUN模式,关闭DNS劫持,启用IPv6代理和DNS解析 MOSDNS日志等级设为错误
为什么不直接绕开dnsmasq端口,adg占用53端口开启dns缓存,mosdns占用5335作为adg上游关闭dns缓存,openclash不参与dns解析自定义dns地址到adg地址; 在你的环节中我没有感觉到dnsmasq和openclash参与dns的必要性;
不直接绕开dnsmasq端口是因为ADG作为dnsmasq的上游服务器比ADG占用53端口去广告效果稳定。 如果按照你的设置,OpenClash开启自定义上游DNS地址,必须劫持本地DNS解析,也就是转发dnsmasq的53端口到8784端口,和ADG占用53端口冲突。 目前使用我的配置,无论分流还是IPv6都没有问题,DNS这块我也不是很懂,以上表述如果有误,还请老铁指正。
朋友,能加个TG请教吗?t.me/cqjerry
分享一份个人配置供老铁参考 ADG作为dnsmasq的上游服务器>OpenClash(7874)自定义上游>MOSDNS(5335) OpenClash使用Redir的TUN模式,关闭DNS劫持,启用IPv6代理和DNS解析 MOSDNS日志等级设为错误
可以使用混合模式 开启TUN 更好
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}