记录一下家里网络的一些配置

家里使用的三线接入主路由进行拨号，mwan3 优先级为即插即用 5G RNDIS > 电信 > 长城宽带，网内还有一个 Debian 系统的透明网关，记录下重要配置供以后参考。

参考链接：

Openwrt 上的

/etc/config/network 包含一些 switch、interface 相关的配置


config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdc9:2d14:f187::/48'
        option packet_steering '1'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ifname 'wan'

config interface 'wan'
        option ifname 'lan1'
        option proto 'pppoe'
        option keepalive '0'
        option username '021********'
        option password '******'
        option metric '41'
        option ipv6 'auto'

config interface 'rndis'
        option proto 'dhcp'
        option macaddr '2C:B2:1A:5D:8A:00'
        option _orig_ifname 'usb0'
        option _orig_bridge 'false'
        option metric '40'
        option ifname 'eth1'

config interface 'telecom'
        option proto 'pppoe'
        option ifname 'lan2'
        option username 'ad********'
        option password '********'
        option keepalive '0'
        option ipv6 'auto'
        option metric '42'

/etc/config/dhcp 包含 DHCP 相关的配置


config dnsmasq
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option cachesize '0'
        option doh_backup_noresolv '-1'
        list doh_backup_server ''
        option noresolv '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option '6,192.168.1.234'
        list dhcp_option '3,192.168.1.234'
        option ra 'server'
        list dns 'fe80::2e0:b4ff:fe1c:72ba'
        option dhcpv6 'server'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config srvhost
        option srv '_vlmcs._tcp'
        option target 'OpenWrt'
        option port '1688'
        option class '0'
        option weight '100'

config host
        option dns '1'
        option ip '192.168.1.234'
        option leasetime 'infinite'
        option name 'debian'
        option mac '00:e0:b4:1c:72:ba'

/etc/config/mwan3 三线故障自动切换相关配置


config rule 'iptv_rule1'
        option dest_ip '20.253.1.1/24'
        option proto 'all'
        option sticky '0'
        option use_policy 'wan_only'

config rule 'iptv_rule2'
        option dest_ip '20.254.1.1/24'
        option proto 'all'
        option sticky '0'
        option use_policy 'wan_only'

config rule 'gateway_rule'
        option proto 'all'
        option sticky '0'
        option use_policy 'default_policy'
        option src_ip '192.168.1.234'

config rule 'telecom_rule'
        option proto 'all'
        option sticky '0'
        option use_policy 'except_unicom'
        option src_ip '192.168.1.1/24'

config rule 'default_rule'
        option proto 'all'
        option sticky '0'
        option use_policy 'default_policy'

config globals 'globals'
        option mmx_mask '0x3F00'
        option local_source 'lan'

config interface 'wan'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        option reliability '1'
        option count '1'
        option size '56'
        option timeout '2'
        option interval '5'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'
        option check_quality '0'
        option track_method 'httping'
        list track_ip '101.95.49.100'
        list track_ip '182.61.200.7'

config interface 'telecom'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        option reliability '1'
        option count '1'
        option size '56'
        option timeout '2'
        option interval '5'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'
        option check_quality '1'
        option failure_latency '1000'
        option failure_loss '20'
        option recovery_latency '500'
        option recovery_loss '5'
        list track_ip '101.95.49.100'
        list track_ip '182.61.200.7'
        option track_method 'httping'

config interface 'rndis'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        option reliability '1'
        option count '1'
        option size '56'
        option check_quality '0'
        option timeout '2'
        option interval '5'
        option failure_interval '5'
        option recovery_interval '5'
        option down '3'
        option up '3'
        option track_method 'httping'
        list track_ip '101.95.49.100'
        list track_ip '182.61.200.7'

config member 'wan_m2_w1'
        option interface 'wan'
        option metric '2'
        option weight '1'

config member 'telecom_m3_w1'
        option interface 'telecom'
        option metric '3'
        option weight '1'

config member 'rndis_m1_w1'
        option interface 'rndis'
        option metric '1'
        option weight '1'

config policy 'default_policy'
        option last_resort 'default'
        list use_member 'wan_m2_w1'
        list use_member 'rndis_m1_w1'
        list use_member 'telecom_m3_w1'

config policy 'except_unicom'
        list use_member 'rndis_m1_w1'
        list use_member 'telecom_m3_w1'
        option last_resort 'unreachable'

config policy 'wan_only'
        list use_member 'wan_m2_w1'
        option last_resort 'default'

Debian 上的

先记录下相关命令

1
2
3

useradd clash
systemctl daemon-reload
dpkg-reconfigure iptables-persistent

iptables

iptables -t nat -I PREROUTING 1 -s 192.168.1.1 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -j CLASH
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner 0 -j REDIRECT --to-ports 7892
iptables -t nat -A CLASH -p tcp -j REDIRECT --to-ports 7892
iptables -t nat -A CLASH -d 0.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 10.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 127.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 169.254.0.0/16 -j RETURN
iptables -t nat -A CLASH -d 172.16.0.0/12 -j RETURN
iptables -t nat -A CLASH -d 192.168.0.0/16 -j RETURN
iptables -t nat -A CLASH -d 224.0.0.0/4 -j RETURN
iptables -t nat -A CLASH -d 240.0.0.0/4 -j RETURN

/etc/systemd/system/clash.service

[Unit]
Description=clash service
Requires=systemd-networkd-wait-online.service
After=systemd-networkd-wait-online.service

[Service]
User=clash
Group=clash
Type=simple
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/clash -d /etc/clash/
Restart=on-failure

[Install]
WantedBy=multi-user.target

/etc/clash/config.yaml

port: 7890
socks-port: 7891
redir-port: 7892
allow-lan: true
external-controller: 192.168.1.234:9090
secret: "******"
mode: Rule
log-level: warning
# log-level: info

experimental:
  ignore-resolve-fail: false

proxies:
  - name: Proxy
    type: **
    server: **
    port: **
    uuid: **
    alterId: 0
    cipher: auto
    tls: true
    network: ws
    ws-path: **
    ws-headers:
      Host: **

dns:
  enable: true
  listen: 0.0.0.0:53
  enhanced-mode: redir-host
  nameserver:
    - 127.0.0.1:5335

rules:
  - DOMAIN-SUFFIX,mlsub.net,DIRECT
  ...