clash cli start
down
- “https://github.com/MetaCubeX/mihomo/releases/tag/v1.19.14”
chmod +x mihomo-linux-amd64-v1.19.14
./mihomo-linux-amd64-v1.19.14 -f default.yaml
if need tun mode
- modify yaml file
```
mixed-port: 7890
allow-lan: true
mode: rule
log-level: info
ipv6: false
external-controller: 0.0.0.0:9090
dns:
enable: true
listen: 0.0.0.0:53
ipv6: false
default-nameserver:
- 223.5.5.5
- 114.114.114.114 nameserver:
- 223.5.5.5
- 114.114.114.114
- 119.29.29.29
- 180.76.76.76 enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 fake-ip-filter:
- ‘*.lan’
- ‘*.localdomain’
- ‘*.example’
- ‘*.invalid’
- ‘*.localhost’
- ‘*.test’
- ‘*.local’
- ‘*.home.arpa’
- router.asus.com
- localhost.sec.qq.com
- localhost.ptlogin2.qq.com
- +.msftconnecttest.com tun: enable: true device-name: clash0 stack: system auto-route: true auto-detect-interface: true dns-hijack:
- 114.114.114.114:53
- 180.76.76.76:53
- 119.29.29.29:53
- 223.5.5.5:53
- 8.8.8.8:53
- 8.8.4.4:53
- 1.1.1.1:53
- 1.0.0.1:53 ```
- Correctly grant CAP_NET_ADMIN and CAP_NET_BIND_SERVICE ```
Execute the following
sudo setcap ‘cap_net_bind_service,cap_net_admin+ep’ ./mihomo-linux-amd64-v1.19.14
确认当前权限
getcap ./mihomo-linux-amd64-v1.19.14
- return normal ./mihomo-linux-amd64-v1.19.14 cap_net_bind_service,cap_net_admin=ep
# add to system
[Unit] Description=Clash Daemon (mihomo) - Running as root After=network.target
[Service] Type=simple User=root Group=root ExecStart=/home/debian/opt/clash-cli/mihomo-linux-amd64-v1.19.14 -f /home/debian/opt/clash-cli/default.yaml Restart=on-failure RestartSec=5
必须设置工作目录,否则可能找不到配置
WorkingDirectory=/home/debian/opt/clash-cli/
确保能访问用户目录下的配置文件
Environment=HOME=/home/debian Environment=USER=debian Environment=CLASH_CONFIG=/home/debian/opt/clash-cli/default.yaml
[Install] WantedBy=multi-user.target
- sudo cp clash.service /etc/systemd/system
- sudo systemctl daemon-reload
- sudo systemctl start clash
- check log
- journalctl -u clash -f
# Ubuntu host clash opens shared LAN and tun and uses the following configuration to let other settings use the host agent.
### Check if there is a tun interface on the interface, usually Mate
ip addr
### Set up forwarding
sudo sysctl -w net.ipv4.ip_forward=1
- option confirm return 1 was normal
cat /proc/sys/net/ipv4/ip_forward
# 修改本地dns
方法1:使用 chattr 解除保护(推荐)
# 查看当前属性
lsattr /etc/resolv.conf
# 移除不可修改属性
sudo chattr -i /etc/resolv.conf
# 现在可以修改了
echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
# 重新设置保护属性(可选)
sudo chattr +i /etc/resolv.conf
# install dnsmasq
sudo apt update sudo apt install dnsmasq
# 确认 /etc/dnsmasq.conf 配置正确:
sudo vim /etc/dnsmasq.conf
# 确保包含:
监听所有接口或指定IP
interface=*
或者
listen-address=127.0.0.1 listen-address=192.168.1.11
禁用DHCP
no-dhcp-interface=*
转发到mihomo的DNS
server=127.0.0.1#1053 no-resolv no-poll ```
检查dnsmasq是否运行
sudo systemctl status dnsmasq
如果没运行,启动它
sudo systemctl start dnsmasq sudo systemctl enable dnsmasq
查看dnsmasq日志
sudo journalctl -u dnsmasq -f
3 commands to set up NAT forwarding
sudo iptables -t nat -A POSTROUTING -o Meta -j MASQUERADE
Allow forwarding from LAN to Clash TUN
sudo iptables -A FORWARD -i enp2s0 -o Meta -j ACCEPT sudo iptables -A FORWARD -i Meta -o enp2s0 -j ACCEPT
Keep settings
sudo apt install iptables-persistent -y sudo netfilter-persistent save
If you want to withdraw, use the following command
sudo iptables -t nat -D POSTROUTING -o Meta -j MASQUERADE
删除第一条
sudo iptables -D FORWARD -i enp2s0 -o Meta -j ACCEPT
删除第二条
sudo iptables -D FORWARD -i Meta -o enp2s0 -j ACCEPT
Keep settings again
sudo apt install iptables-persistent -y sudo netfilter-persistent save
ubuntu Turn off proxy
- dns:127.0.0.1
Mac connection steps
Turn off proxy
- Wi-Fi -> Details -> TCP/IP -> Router : ubuntu IP
- Wi-Fi -> Details -> DNS : ubuntu IP
查询是否被mihomo劫持成功
dig google.com return an 198.18.0.1 range ip
sudo tcpdump -i any -n port 53