发现部分如微信,钉钉等应用在请求查看器中显示的IP,且方式为TCP,我理解为是增强模式接管失败了。
查看了路由表,发现增强模式下的路由表有些问题(但不确定),期待进一步的排查思路。
关闭增强模式的路由表
❯ netstat -nr -f inet
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 10.0.0.1 UGScg en0
10/24 link#10 UCS en0 !
10.0.0.1/32 link#10 UCS en0 !
10.0.0.1 56:46:56:a7:d1:43 UHLWIir en0 1198
10.0.0.143 f4:34:f0:3a:e9:ac UHLWIi en0 742
10.0.0.154 9a:7f:65:b3:b0:95 UHLWI en0 659
10.0.0.168 54:48:e6:7c:6f:cd UHLWI en0 1156
10.0.0.234/32 link#10 UCS en0 !
10.0.0.237 4e:e0:b9:fc:66:d2 UHLWI en0 1198
127.0.0.1 127.0.0.1 UH lo0
198.18.0/15 lo0 USc lo0
255.255.255.255/32 link#10 UCS en0 !`
开启增强模式后的路由表
`❯ netstat -nr -f inet
Routing tables
Internet:
Destination Gateway Flags Netif Expire
0 10.0.0.1 UGScg en0
default 10.0.0.1 UGScg en0
1 198.18.0.1 UGSc utun5
2/7 198.18.0.1 UGSc utun5
4/6 198.18.0.1 UGSc utun5
8/5 198.18.0.1 UGSc utun5
10/24 link#10 UCS en0 !
10 10.0.0.1 UGSc en0
10.0.0.1/32 link#10 UCS en0 !
10.0.0.1 56:46:56:a7:d1:43 UHLWIir en0 1195
10.0.0.143 f4:34:f0:3a:e9:ac UHLWIi en0 709
10.0.0.154 9a:7f:65:b3:b0:95 UHLWI en0 626
10.0.0.168 54:48:e6:7c:6f:cd UHLWI en0 1183
10.0.0.234/32 link#10 UCS en0 !
10.0.0.237 4e:e0:b9:fc:66:d2 UHLWIi en0 1165
10.0.0.255 ff:ff:ff:ff:ff:ff UHLWbI en0 !
16/4 198.18.0.1 UGSc utun5
32/3 198.18.0.1 UGSc utun5
64/2 198.18.0.1 UGSc utun5
100.64/10 10.0.0.1 UGSc en0
127 10.0.0.1 UGSc en0
127.0.0.1 127.0.0.1 UH lo0
128.0/1 198.18.0.1 UGSc utun5
169.254 10.0.0.1 UGSc en0
172.16/12 10.0.0.1 UGSc en0
192.0.0 10.0.0.1 UGSc en0
192.0.2 10.0.0.1 UGSc en0
192.88.99 10.0.0.1 UGSc en0
192.168.0/16 10.0.0.1 UGSc en0
198.18.0/15 lo0 USc lo0
198.18.0.1 198.18.0.1 UH utun5
198.18.2.1 10.0.0.1 UGSc en0
198.51.100 10.0.0.1 UGSc en0
203.0.113 10.0.0.1 UGSc en0
224.0.0/4 10.0.0.1 UGmS en0
255.255.255.255/32 link#10 UCS en0 !`
微信无法访问时的日志
`Rule Evaluating - 4 ms
Establishing TCP Connection - 7 ms
Active - 3000 ms
Events
22:04:41.709709 Sub-rule matched: IP-CIDR 223.166.0.0/15
22:04:41.709746 Rule matched: RULE-SET ChinaIP.list
22:04:41.710113 Connecting with address: 223.166.152.106, bound to the primary interface (en0) explicitly under the Enhanced Mode
22:04:41.717373 Connected to address 223.166.152.106 in 7ms
22:04:41.717479 TCP connection established
22:04:44.717708 Connection was abandoned before completing the TCP handshake.`
