配置是跟着不良林大佬的基础上修改的,但是我用闲置的 mac 启动 sing box ,本机可以正常连外网,但是局域网设备的网关&dns 指向 mac ip 都不行。
应该不是 mac 的防火墙原因,mac 上防火墙都是全关状态,alist 的网盘还是可以正常访问的
折腾几天各种换配置都不行,希望大佬可以指点下
{
"log": {
"disabled": false,
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "default-dns",
"address": "223.5.5.5",
"detour": "direct-out"
},
{
"tag": "system-dns",
"address": "local",
"detour": "direct-out"
},
{
"tag": "block-dns",
"address": "rcode://name_error"
},
{
"tag": "google",
"address": "https://dns.google/dns-query",
"address_resolver": "default-dns",
"address_strategy": "ipv4_only",
"strategy": "ipv4_only",
"client_subnet": "59.36.166.66"
}
],
"rules": [
{
"outbound": "any",
"server": "default-dns"
},
{
"query_type": "HTTPS",
"server": "block-dns"
},
{
"clash_mode": "direct",
"server": "default-dns"
},
{
"clash_mode": "global",
"server": "google"
},
{
"rule_set": "cnsite",
"server": "default-dns"
}
],
"strategy": "ipv4_only",
"disable_cache": false,
"disable_expire": false,
"independent_cache": false,
"final": "google"
},
"inbounds": [
{
"type": "tun",
"address": "172.19.0.1/30",
"auto_route": true,
"strict_route": false,
"sniff": true,
"sniff_override_destination": true
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct-out"
},
{
"type": "block",
"tag": "block-out"
},
{
"type": "dns",
"tag": "dns-out"
},
{
"type": "urltest",
"tag": "自动选择",
"outbounds": [
"美国"
]
},
{
"type": "selector",
"tag": "手动选择",
"outbounds": [
"direct-out",
"block-out",
"自动选择",
"美国"
],
"default": "自动选择"
},
{
"type": "selector",
"tag": "GLOBAL",
"outbounds": [
"direct-out",
"手动选择",
"自动选择",
"美国"
],
"default": "手动选择"
},
{
"type": "vless",
"tag": "美国"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"protocol": "quic",
"outbound": "block-out"
},
{
"clash_mode": "direct",
"outbound": "direct-out"
},
{
"clash_mode": "global",
"outbound": "GLOBAL"
},
{
"rule_set": [
"cnip",
"cnsite"
],
"outbound": "direct-out"
}
],
"rule_set": [
{
"type": "remote",
"tag": "cnip",
"format": "binary",
"url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo-lite/geoip/cn.srs",
"download_detour": "direct-out"
},
{
"type": "remote",
"tag": "cnsite",
"format": "binary",
"url": "https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo-lite/geosite/cn.srs",
"download_detour": "direct-out"
}
],
"auto_detect_interface": true,
"final": "手动选择"
},
"experimental": {
"clash_api": {
"external_controller": "0.0.0.0:9090",
"external_ui_download_url": "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip",
"external_ui_download_detour": "手动选择",
"default_mode": "rule"
}
}
}
1
lpt0 15 天前 via Android
mac 是软路由?
|
2
guangnan OP @lpt0 就是闲置的一个旧 mac 当旁路由,想翻墙的设备就把网关和 dns 指向 mac 这个 ip
之前用 clash 都没啥问题,换成 sing box 就不可以了 |
3
lpt0 15 天前
参考一下我的,尤其是 inbound 部分
https://raw.githubusercontent.com/Laputa0/archrouter/refs/heads/main/debian_sysroot/etc/sing-box/ config.json.with-dns.bak |
4
lpt0 15 天前
route rules 部分似乎没有处理 private ip 走直连
|
5
leehaoze98 15 天前
配置看着没啥毛病,如果是走的无线网,mac 上没开启 IP 动态伪装,很可能是包从主路由发出去的时候没做 NAT ,可以去主路由上用 tcpdump 抓一下发出去的包看看
|
6
zfabl 14 天前
inbounds tun 加上"auto_redirect": true
|
7
Laoz666 14 天前
mac 有个互联网共享 开开
|
8
Ipsum 14 天前 via Android
nat 做了吗? ipforward 做了吗?
|
9
leon2023 12 天前
我也折腾了一段时间,始终有些问题,放弃了,感觉还是 v2 或者 clash 稳定
|
10
owt5008137 10 天前 via Android
不太了解 mac ,但是 linux 要当路由是要加载转发相关的内核模块且 sysctl 开启 ip_forward 的。不然默认是不允许转发子网数据包的
|