配置规则如下,目前国外列表使用 fakeip 可以正常访问,国内没有添加列表,但是网站、APP 都正常访问,目前看国内都是直连,可是 final 明明使用了代理,这一点理解不了。
{
"log": {
"disabled": false,
"level": "error",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "dns_local",
"address": "114.114.114.114",
"detour": "direct"
},
{
"tag": "dns_proxy",
"address": "https://8.8.8.8/dns-query",
"address_resolver": "dns_local",
"detour": "proxy"
},
{
"tag": "dns_fakeip",
"address": "fakeip"
}
],
"rules": [
{
"outbound": "any",
"server": "dns_local",
"disable_cache": true
},
{
"rule_set": "geolocation-!cn",
"server": "dns_fakeip"
}
],
"strategy": "ipv4_only",
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/16"
}
},
"route": {
"rule_set": [
{
"tag": "geosite-geolocation-!cn",
"type": "remote",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs",
"download_detour": "direct"
}
],
"rules": [
{
"inbound": "dns-in",
"outbound": "dns-out"
},
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"port": 53,
"outbound": "dns-out"
},
{
"ip_is_private": true,
"outbound": "direct"
}
],
"final": "proxy",
"default_interface": "ether0"
},
"inbounds": [
{
"type": "direct",
"tag": "dns-in",
"listen": "0.0.0.0",
"listen_port": 53
},
{
"type": "tun",
"tag": "tun-in",
"inet4_address": "198.18.0.0/16",
"strict_route": true,
"stack": "system",
"sniff": true,
"sniff_override_destination": true
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
},
{
"tag": "proxy",
"type": "vless",
"flow": "",
"server": "",
"server_port": 443 ,
"uuid": ""
}
]
}
1
wan89883 114 天前 via iPhone
可能和你的策略路由配置有关,国内域名返回的是真 IP ,路由器直接走默认网关,没进入 singbox
|
2
isAK47 OP @wan89883 看日志是进入 singbox 了,不过 router 节点日志只匹配了 dns 解析( router: match[0] inbound=dns-in => dns-out ),router 里面也加入了 geosite-cn 、geoip-cn 等规则,日志里面看都没匹配到。
|
3
wan89883 114 天前 via iPhone
@isAK47 dns 是通过 dns-in 进入 singbox 的,但是当程序拿到 dns 解析结果,通过目的 IP 开始 tcp 握手时,这个 IP 由于不属于 198.18.0.0/16 ,tcp 握手请求就直接被路由器发送到正常网关了,没进入 tun 。具体什么问题得根据你 routeros 的策略路由配置来确定。
|
4
isAK47 OP @wan89883 路由器基本是默认的,分流全部在配置文件中。目前只在/ip route 中把 198.18.0.0/16 网关设置为容器 IP ,并且走的主路由表;如果要让国内列表也走 sing-box ,策略路由该怎么修改呢,对这块了解的比较浅,还望大佬指点一下,谢谢了!
|
7
wan89883 113 天前 via iPhone
|