New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Google-Home 不能联网问题 #106

Closed
auroroa opened this Issue Jun 9, 2017 · 15 comments

Comments

Projects
None yet
8 participants
@auroroa
Copy link

auroroa commented Jun 9, 2017

问题描述

电脑、手机、Ipad等终端访问外网都没问题,唯独 Google-Home 不行

运行结果

通过 tcpdump 检测路由器 DNS 解析

Google-Home:
23:51:25.991349 IP Google-Home.lan.39208 > google-public-dns-a.google.com.domain: 6023+ A? www.google.com. (32)

电脑:
23:53:03.658009 IP ABCdeMBP.lan.60007 > t.w.domain: 61682+ A? www.google.com. (32)

我发现所有都请求都是 t.w.domain ,只有 Google-Home 是 google-public-dns-a.google.com.domain

请大神指导,谢谢。

@paicha

This comment has been minimized.

Copy link

paicha commented Jun 16, 2017

Same issue.

@jasohwang

This comment has been minimized.

Copy link

jasohwang commented Jun 17, 2017

在网上搜到这个,不过我没有试成功。
https://gist.github.com/willwhui/28e8896b6e4560f1cf0d32a5acf501f3

@paicha

This comment has been minimized.

Copy link

paicha commented Jun 17, 2017

网件刷梅林后开 ss 后可以正常使用

@walnuthe

This comment has been minimized.

Copy link

walnuthe commented Jun 18, 2017

@jasohwang 我已经试过可以了

@jasohwang

This comment has been minimized.

Copy link

jasohwang commented Jun 18, 2017

@walnuthe 能请教一下具体怎么设置的吗?

@walnuthe

This comment has been minimized.

Copy link

walnuthe commented Jun 18, 2017

@jasohwang 我用的极路由,ss后,找到firewal.user文件,将ipstate的命令行写到文件里,再更新一下GFWLIST,重启

@jasohwang

This comment has been minimized.

Copy link

jasohwang commented Jun 18, 2017

@walnuthe 还是没成功,可以把firewall.user的内容贴一下吗?另外我是用的白名单模式,好像更新GFWLIST没什么用吧。

@paicha

This comment has been minimized.

Copy link

paicha commented Jun 25, 2017

有新进展吗?

@pinlin168

This comment has been minimized.

Copy link

pinlin168 commented Jun 29, 2017

@jasohwang 我在极路由3上实验成功了, 我的firewall.user内容是这样的, 希望有帮助:
iptables -t nat -A PREROUTING -s 192.168.199.1/24 -p udp --dport 53 -j DNAT --to 192.168.199.1
iptables -t nat -A PREROUTING -s 192.168.199.1/24 -p tcp --dport 53 -j DNAT --to 192.168.199.1
iptables -I PREROUTING -t nat -p udp -d 8.8.4.4 --dport 53 -j REDIRECT --to-ports 3088
iptables -I PREROUTING -t nat -p udp -d 8.8.8.8 --dport 53 -j REDIRECT --to-ports 3088

@q629988171

This comment has been minimized.

Copy link

q629988171 commented Jun 29, 2017

@pinlin168 你确认这些命令都正确无误且能执行

  1. iptables -t nat -A PREROUTING -s 192.168.199.1/24 -p udp --dport 53 -j DNAT --to 192.168.199.1
  2. iptables -t nat -A PREROUTING -s 192.168.199.1/24 -p tcp --dport 53 -j DNAT --to 192.168.199.1
  3. iptables -I PREROUTING -t nat -p udp -d 8.8.4.4 --dport 53 -j REDIRECT --to-ports 3088
  4. iptables -I PREROUTING -t nat -p udp -d 8.8.8.8 --dport 53 -j REDIRECT --to-ports 3088

第一条将源IP 192.168.199.1/255.255.255.0 目的端口53,转换到 IP 192.168.199.1 ,第二条类似;
第三条将目标IP 8.8.4.4 端口53 重新定向到本地端口3088,第四条类似;

问题来了:第一条,更改所有来自192.168.199.1/24的数据包的源ip地址为192.168.199.1,这好像是无用功,而且有可能会造成不可预知的故障;

@pinlin168

This comment has been minimized.

Copy link

pinlin168 commented Jun 29, 2017

@q629988171 请参照前面发出来的链接, 里面有解释, https://gist.github.com/willwhui/28e8896b6e4560f1cf0d32a5acf501f3
如果我没理解错的话应该是:
第一和第二条的意思是把来自局域网的DNS查询请求(DNS查询请求端口是53, tcp和udp协议都有, 参照这里)转到网关192.168.199.1上
第三和第四条就是将目标是8.8.4.4和8.8.8.8这两个ip的DNS请求都转到shadowsock服务器(端口3088)去查询

@q629988171

This comment has been minimized.

Copy link

q629988171 commented Jun 29, 2017

@pinlin168 首先对你的回复表示感谢,仍然有以下几个疑问,期待与你的讨论:

1)来自局域网的DNS查询请求默认转网关,不需要二次操作;
2)这样做的效果就是强制客户端DNS代理;
3)局域网IP范围不是应该这样写更规范合理吗,192.168.199.0/24;
4)192.168.199.1/24 这样写就等于 192.168.199.1/255.255.255.0 是单IP而不是局域网IP范围;

@auroroa

This comment has been minimized.

Copy link

auroroa commented Jul 8, 2017

按照@pinlin168 的配置,我也成功了(极路由3),感谢。

@auroroa auroroa closed this Jul 8, 2017

@jimmyljxy

This comment has been minimized.

Copy link

jimmyljxy commented Jul 15, 2017

@pinlin168 worked, thanks a lot!

@yjfkk

This comment has been minimized.

Copy link

yjfkk commented Sep 2, 2018

感谢分享,搞定。
iptables -t nat -A PREROUTING -s 192.168.199.1/24 -p udp --dport 53 -j DNAT --to 192.168.199.1
iptables -t nat -A PREROUTING -s 192.168.199.1/24 -p tcp --dport 53 -j DNAT --to 192.168.199.1
iptables -I PREROUTING -t nat -p udp -d 8.8.4.4 --dport 53 -j REDIRECT --to-ports 3088
iptables -I PREROUTING -t nat -p udp -d 8.8.8.8 --dport 53 -j REDIRECT --to-ports 3088

3088 换成ss本地端口即可

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment