[求助] 开启mihomo后,无法访问docker容器,并且之前进行的外网端口映射也打不开。 #1260
Description
Verify steps
- 我已经阅读了 文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。
- 我未仔细看过 文档 并解决问题
- 我未在 Issue Tracker 中寻找过我要提出的问题
- 我已经使用最新的 Alpha 分支版本测试过,问题依旧存在
- 我提供了可以在本地重现该问题的服务器、客户端配置文件与流程,而不是一个脱敏的复杂客户端配置文件。
- 我提供了可用于重现我报告的错误的最简配置,而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
- 我提供了完整的配置文件与日志,而不是出于对自身智力的自信而仅提供了部分认为有用的部分。
操作系统
Linux
系统版本
Ubuntu 22.04.4 LTS (GNU/Linux 6.5.0-28-generic x86_64)
Mihomo 版本
Mihomo Meta alpha-3ae4014 linux amd64 with go1.22.2 Sun May 12 12:44:46 UTC 2024
配置文件
#!name = mihomo 配置文件
#!desc = 说明:理论上适用于 所有的 meta 内核,已测试的有 Clash Verg Rev、Openclash、mihomo
#!date = 2024-05-03 17:00
#!source = https://wiki.metacubex.one/example/conf/#__tabbed_1_3
######### 锚点 start #######
# 策略组相关锚点
pr: &pr {type: select, proxies: [手动选择, 自动选择, 负载均衡, 香港节点, 台湾节点, 美国节点, 狮城节点, 日本节点, 韩国节点, 国内直连]}
# 这里是机场订阅更新和延迟测试相关锚点
p: &p {type: http, interval: 3600, health-check: {enable: true, url: https://www.youtube.com/generate_204, interval: 300}}
######### 锚点 end #######
# 机场订阅,名称不能重复
proxy-providers:
provider1:
<<: *p
url: "test"
provider2:
<<: *p
url: "test"
# 全局配置
# # 开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录 true/false
ipv6: true
# 允许局域网连接
allow-lan: true
# HTTP(S) 和 SOCKS 代理混合端口
mixed-port: 7890
# 更换延迟计算方式,去除握手等额外延迟
unified-delay: false
# TCP 并发连接所有 IP, 将使用最快握手的 TCP
tcp-concurrent: true
# 配置 WEB UI
external-ui: /etc/mihomo/ui
# 外部控制器,可以使用 RESTful API 来控制你的 Clash 内核
external-controller: 0.0.0.0:9090
# 自定义外部用户界面下载地址
external-ui-url: "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip"
# 匹配所有进程 always/strict/off
## - always, 开启,强制匹配所有进程
## - strict, 默认,由 mihomo 判断是否开启
## - off, 不匹配进程,推荐在路由器上使用此模式
find-process-mode: strict
# 全局 TLS 指纹,优先低于 proxy 内的 client-fingerprint
## - 可选: "chrome","firefox","safari","ios","random","none" options.
## - Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
global-client-fingerprint: chrome
# profile 应为扩展配置,但在 mihomo, 仅作为缓存项使用
profile:
# 储存 API 对策略组的选择,以供下次启动时使用
store-selected: true
# 储存 fakeip 映射表,域名再次发生连接时,使用原有映射地址
store-fake-ip: true
# 嗅探域名 可选配置
sniffer:
enable: true
# TLS 和 QUIC 默认如果不配置 ports 默认嗅探 443
sniff:
HTTP:
ports: [80, 8080-8880]
override-destination: true
TLS:
ports: [443, 8443]
QUIC:
ports: [443, 8443]
# 需要跳过嗅探的域名
skip-classical:
- "Mijia Cloud" # 米家设备,建议加
- "dlg.io.mi.com"
- "+.apple.com" # 苹果域名,建议加
# TUN 配置
tun:
enable: true
# 可选: gvisor/mixed
stack: mixed
# DNS 劫持,一般设置为 any:53 即可, 即劫持所有53端口的 udp 流量
dns-hijack:
- "any:53"
# 自动设置全局路由表,可以自动将全局流量路由进入 TUN 网卡。
auto-route: true
# 自动识别出口网卡
auto-detect-interface: true
# DNS 配置
dns:
# 关闭将使用系统 DNS
enable: true
# 开启 DNS 服务器监听
listen: :53
# IPV6解析开关;如果为false,将返回ipv6结果为空
ipv6: true
# 模式:redir-host 或 fake-ip (默认使用 fake-ip 模式)
enhanced-mode: fake-ip
# Fake-IP解析地址池
fake-ip-range: 28.0.0.1/8
fake-ip-filter:
- "*"
- "+.lan"
- "+.local"
# 解析非 IP 的 DNS 用的 DNS 服务器,只支持纯 IP
default-nameserver:
- 223.5.5.5
- 119.29.29.29
# 这部分为主要 DNS 配置,支持udp/tcp/dot/doh/doq,影响所有直连,确保使用对大陆解析精准的 DNS
nameserver:
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
# 单个出站代理节点
proxies:
# 直连节点
- name: "国内直连"
type: direct
udp: true
# 策略组
proxy-groups:
# 策略分流分组
- {name: 手动选择, type: select, proxies: [自动选择, 负载均衡, 香港节点, 台湾节点, 美国节点, 狮城节点, 日本节点, 韩国节点]}
- {name: YouTube, <<: *pr}
- {name: Google, <<: *pr}
- {name: Microsoft, <<: *pr}
- {name: TikTok, <<: *pr}
- {name: Netflix, <<: *pr}
- {name: Disney+, <<: *pr}
- {name: Spotify, <<: *pr}
- {name: Telegram, <<: *pr}
- {name: ChatGPT, <<: *pr}
- {name: PayPal, <<: *pr}
- {name: Twitter, <<: *pr}
- {name: Facebook, <<: *pr}
- {name: GlobalGFW, <<: *pr}
- {name: Apple, type: select, proxies: [国内直连, 手动选择, 自动选择, 负载均衡, 香港节点, 台湾节点, 美国节点, 狮城节点, 日本节点, 韩国节点]}
- {name: Bilibili, type: select, proxies: [国内直连, 手动选择, 自动选择, 负载均衡, 香港节点, 台湾节点, 美国节点, 狮城节点, 日本节点, 韩国节点]}
- {name: China, type: select, proxies: [国内直连, 手动选择, 自动选择, 负载均衡, 香港节点, 台湾节点, 美国节点, 狮城节点, 日本节点, 韩国节点]}
- {name: 兜底规则, <<: *pr}
# 地区分组筛选
- {name: 香港节点, type: url-test, include-all-providers: true, filter: "(?=.*(港|HK|(?i)Hong))^((?!(台|日|韩|新|深|美)).)*$"}
- {name: 台湾节点, type: url-test, include-all-providers: true, filter: "(?=.*(台|TW|(?i)Taiwan))^((?!(港|日|韩|新|美)).)*$" }
- {name: 美国节点, type: url-test, include-all-providers: true, filter: "(?=.*(美|US|(?i)States|America))^((?!(港|台|日|韩|新)).)*$"}
- {name: 狮城节点, type: url-test, include-all-providers: true, filter: "(?=.*(新|狮|獅|SG|(?i)Singapore))^((?!(港|台|日|韩|美|西)).)*$"}
- {name: 日本节点, type: url-test, include-all-providers: true, filter: "(?=.*(日|JP|(?i)Japan))^((?!(港|台|韩|新|美)).)*$" }
- {name: 韩国节点, type: url-test, include-all-providers: true, filter: "(?=.*(韩|KR|(?i)Korea))^((?!(台|日|港|新|美)).)*$"}
- {name: 自动选择, type: url-test, include-all-providers: true, tolerance: 10}
- {name: 负载均衡, type: load-balance, include-all-providers: true, strategy: consistent-hashing}
# 分流策略
rules:
- RULE-SET,Lan,China
- RULE-SET,Adrules,REJECT
- RULE-SET,YouTube,YouTube
- RULE-SET,Google,Google
- RULE-SET,Copilot,Microsoft
- RULE-SET,GitHub,Microsoft
- RULE-SET,OneDrive,Microsoft
- RULE-SET,Microsoft,Microsoft
- RULE-SET,TikTok,TikTok
- RULE-SET,Netflix,Netflix
- RULE-SET,Disney+,Disney+
- RULE-SET,Spotify,Spotify
- RULE-SET,Telegram,Telegram
- RULE-SET,OpenAI,ChatGPT
- RULE-SET,PayPal,PayPal
- RULE-SET,Twitter,Twitter
- RULE-SET,Facebook,Facebook
- RULE-SET,GlobalMedia,GlobalGFW
- RULE-SET,GlobalGFW,GlobalGFW
- RULE-SET,Apple,Apple
- RULE-SET,Bilibili,Bilibili
- RULE-SET,WeChat,China
- RULE-SET,ChinaMedia,China
- RULE-SET,China,China
- GEOIP,CN,China,no-resolve
- MATCH,兜底规则
# 规则集锚点
rule-anchor:
# classical 规则相关
classical: &classical {type: http, interval: 86400, behavior: classical, format: text}
# 规则集
rule-providers:
# 广告拦截
Adrules:
<<: *classical
url: "https://adrules.top/adrules.list"
# 谷歌服务
YouTube:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/YouTube.list"
Google:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Google.list"
# 微软服务
Copilot:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Copilot.list"
GitHub:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/GitHub.list"
OneDrive:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/OneDrive.list"
Microsoft:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Microsoft.list"
# 电报服务
Telegram:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Telegram.list"
# ChatGPT
OpenAI:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/OpenAI.list"
# 贝宝支付
PayPal:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/PayPal.list"
# 推特加速
Twitter:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Twitter.list"
# 脸书加速
Facebook:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Facebook.list"
# 海外抖音
TikTok:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/TikTok.list"
# 奈飞影视
Netflix:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/Netflix.list"
# 迪士尼+
Disney+:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/Disney+.list"
# Spotify
Spotify:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/Spotify.list"
# 海外媒体
GlobalMedia:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/GlobalMedia.list"
# 海外服务
GlobalGFW:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/GlobalGFW.list"
# 苹果服务
Apple:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Apple.list"
# 哔哩哔哩
Bilibili:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/Bilibili.list"
# 国内服务
WeChat:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/WeChat.list"
ChinaMedia:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/ChinaMedia.list"
China:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Direct.list"
# 局域网
Lan:
<<: *classical
url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Local.list"
# 屏蔽 443
script:
shortcuts:
quic: network == 'udp' and dst_port == 443描述
是使用浏览器配置的http代理形式。开启mihomo后,无法访问docker容器,并且之前进行的外网端口映射也打不开。关闭miho后一切正常。TUN开启关闭均如此。
重现方式
使用浏览器配置的http代理形式。开启mihomo后,无法访问docker容器,并且之前进行的外网端口映射也打不开。关闭miho后一切正常。
日志
53 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52597 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout
52 [debug] [Process] find process XX.XX.XX.XX error: process not found
51 [debug] [Rule] use default rules
50 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52577 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout
49 [info] [TCP] 192.168.60.99:52581 --> api.mousegesturesapi.com:443 match Match using 兜底规则[香港2-hk68]
48 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56
47 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05
46 [debug] [Process] find process api.mousegesturesapi.com error: process not found
45 [debug] [Rule] use default rules
44 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52575 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout
43 [info] [TCP] 28.0.0.1:43398(NetworkManager) --> connectivity-check.ubuntu.com:80 match Match using 兜底规则[香港2-hk68]
42 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05
41 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56
40 [debug] [Rule] use default rules
39 [debug] [DNS] hijack udp:28.0.0.2:53 from 28.0.0.1:55700
38 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52569 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout
37 [debug] [Process] find process XX.XX.XX.XX error: process not found
36 [debug] [Rule] use default rules
35 [debug] [Process] find process XX.XX.XX.XX error: process not found
34 [debug] [Rule] use default rules
33 [info] [TCP] 192.168.60.99:52571 --> stats.g.doubleclick.net:443 match RuleSet(Adrules) using REJECT
32 [debug] [Rule] use default rules
31 [info] [TCP] 192.168.60.99:52570 --> stats.g.doubleclick.net:443 match RuleSet(Adrules) using REJECT
30 [debug] [Rule] use default rules
29 [debug] [Process] find process XX.XX.XX.XX error: process not found
28 [debug] [Rule] use default rules
27 [info] [TCP] 192.168.60.99:52567 --> github-wiki-see.page:443 match RuleSet(GitHub) using Microsoft[香港2-hk68]
26 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05
25 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56
24 [debug] [Rule] use default rules
23 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52557 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout
22 [info] [TCP] 192.168.60.99:52559 --> my.zerotier.com:443 match Match using 兜底规则[香港2-hk68]
21 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05
20 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56
19 [debug] [Process] find process my.zerotier.com error: process not found
18 [debug] [Rule] use default rules
17 [debug] [Process] find process XX.XX.XX.XX error: process not found
16 [debug] [Rule] use default rules
15 [info] [TCP] 192.168.60.99:52556 --> api.mousegesturesapi.com:443 match Match using 兜底规则[香港2-hk68]
14 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05
13 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56
12 [debug] [Process] find process api.mousegesturesapi.com error: process not found
11 [debug] [Rule] use default rules
10 [warning] [TCP] dial China (match RuleSet/Lan) 192.168.60.99:52551 --> 192.168.192.211:9000 error: dial tcp 192.168.192.211:9000: i/o timeout
9 [debug] [Rule] use default rules
8 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52545 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout
7 [debug] [Process] find process XX.XX.XX.XX error: process not found
6 [debug] [Rule] use default rules
5 [info] [TCP] 192.168.60.99:52544 --> clients4.google.com:443 match RuleSet(Google) using Google[香港2-hk68]
4 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05
3 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56
2 [debug] [Rule] use default rules
1 [info] [TCP] 192.168.60.99:52518 --> api.mousegesturesapi.com:443 match Match using 兜底规则[香港2-hk68]