关于在访问控制→附加参数中选择自定义端口设置无效

zxzxzz

unread,

Apr 16, 2018, 12:42:30 AM4/16/18

to OpenWrt-dist

你好a大谢谢你的编译和飞羽的教程，我这边有一个问题，在最新版：我在访问控制→附加参数中选择自定义中，选择了仅代理22~1023端口，而实际情况是我的路由器的aria2（全功能版本用于BT下载）的51413端口也走了代理，为了解决这个可以在访问控制→代理自身设置为直接连接可以解决问题，但是一旦这样设置就访问不了谷歌等外网，相关依赖ipk也安装了：（ipset ，ip，ipset-full）系统是17.01.4稳定版。谢谢

Rin Satsuki

unread,

Apr 16, 2018, 2:14:20 AM4/16/18

to OpenWrt-dist

你应该顺便提供一下 iptables-save -t nat 的打印结果。

在 2018年4月16日星期一 UTC+8下午12:42:30，zxzxzz写道：

zxzxzz

unread,

May 19, 2018, 6:02:10 AM5/19/18

to OpenWrt-dist

hi，打扰了我这边是有拖延症的小白，问一下 iptables-save -t nat这个直接在putty输入就可以了吗！我看Google好像这样就可以了。

在 2018年4月16日星期一 UTC+8下午2:14:20，Rin Satsuki写道：

Rin Satsuki

unread,

May 23, 2018, 11:10:37 AM5/23/18

to OpenWrt-dist

是的。

在 2018年5月19日星期六 UTC+8下午6:02:10，zxzxzz写道：

zxzxzz

unread,

May 30, 2018, 12:18:05 AM5/30/18

to OpenWrt-dist

hi!,现在这个结果是这样的。好像是有点问题但是还是不怎么清楚。

root@Netgear:~# iptables-save -t nat

# Generated by iptables-save v1.4.21 on Wed May 30 12:16:32 2018

*nat

:PREROUTING ACCEPT [6674:826578]

:INPUT ACCEPT [11582:1109864]

:OUTPUT ACCEPT [12345:1139889]

:POSTROUTING ACCEPT [9310:594107]

:SS_SPEC_LAN_AC - [0:0]

:SS_SPEC_LAN_DG - [0:0]

:SS_SPEC_WAN_AC - [0:0]

:SS_SPEC_WAN_DG - [0:0]

:SS_SPEC_WAN_FW - [0:0]

:postrouting_lan_rule - [0:0]

:postrouting_rule - [0:0]

:postrouting_wan_rule - [0:0]

:prerouting_lan_rule - [0:0]

:prerouting_rule - [0:0]

:prerouting_wan_rule - [0:0]

:zone_lan_postrouting - [0:0]

:zone_lan_prerouting - [0:0]

:zone_wan_postrouting - [0:0]

:zone_wan_prerouting - [0:0]

-A PREROUTING -p tcp -j SS_SPEC_LAN_DG

-A PREROUTING -m comment --comment "!fw3: user chain for prerouting" -j prerouti ng_rule

-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting

-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting

-A OUTPUT -p tcp -j SS_SPEC_WAN_DG

-A POSTROUTING -m comment --comment "!fw3: user chain for postrouting" -j postro uting_rule

-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting

-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting

-A SS_SPEC_LAN_AC -m set --match-set ss_spec_src_bp src -j RETURN

-A SS_SPEC_LAN_AC -m set --match-set ss_spec_src_fw src -j SS_SPEC_WAN_FW

-A SS_SPEC_LAN_AC -m set --match-set ss_spec_src_ac src -j SS_SPEC_WAN_AC

-A SS_SPEC_LAN_AC -j SS_SPEC_WAN_AC

-A SS_SPEC_LAN_DG -m set --match-set ss_spec_dst_sp dst -j RETURN

-A SS_SPEC_LAN_DG -p tcp -m tcp --dport 22:1023 -j SS_SPEC_LAN_AC

-A SS_SPEC_WAN_AC -m set --match-set ss_spec_dst_fw dst -j SS_SPEC_WAN_FW

-A SS_SPEC_WAN_AC -m set --match-set ss_spec_dst_bp dst -j RETURN

-A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW

-A SS_SPEC_WAN_DG -m set --match-set ss_spec_dst_sp dst -j RETURN

-A SS_SPEC_WAN_DG -p tcp -m tcp --dport 22:1023 -j SS_SPEC_WAN_AC

-A SS_SPEC_WAN_FW -p tcp -j REDIRECT --to-ports 1234

-A zone_lan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_lan_rule

-A zone_lan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_lan_rule

-A zone_lan_prerouting -p tcp -m tcp --dport 53 -m comment --comment "!fw3: Adbl ock DNS" -j REDIRECT --to-ports 53

-A zone_lan_prerouting -p udp -m udp --dport 53 -m comment --comment "!fw3: Adbl ock DNS" -j REDIRECT --to-ports 53

-A zone_wan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_wan_rule

-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE

-A zone_wan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_wan_rule

COMMIT

# Completed on Wed May 30 12:16:32 2018

在 2018年5月23日星期三 UTC+8下午11:10:37，Rin Satsuki写道：

Reply all

Reply to author

Forward