mihomo开启tun后无法ddns访问

hostsdreamer

null

我的飞牛nas开了ddns通过V4公网可以访问，用docker安装了mihomo后也是没问题可以访问，代理什么的一切正常，但是开了tun后就访问不上了，求大佬解答

这个是yaml配置

services:

管理面板：metacubexd

metacubexd:
container_name: metacubexd
image: ghcr.io/metacubex/metacubexd:latest # 保留 latest 标签
restart: always # 保留自动重启
ports:

• '9097:80' # 保留你设置的 9097 端口映射
  environment:
• DEFAULT_BACKEND_URL=http://127.0.0.1:9090 # 保留 API 连接地址
• TZ=Asia/Shanghai # 保留时区配置
  volumes:
• /vol1/1000/应用数据/mihomo/metacubexd:/config/caddy
  depends_on:
• mihomo # 保留启动依赖

核心代理服务：mihomo

mihomo:
container_name: mihomo
image: docker.io/metacubex/mihomo:Alpha # 保留 Alpha 版镜像
restart: always
pid: host # 保留共享主机 PID
network_mode: host # 保留主机网络模式（核心需求）
cap_add:

• NET_ADMIN
• NET_RAW
  volumes:

保留你的自定义挂载路径，修复日志目录多余的斜杠（//logs → /logs）

• /vol1/1000/应用数据/mihomo/config.yaml:/root/.config/mihomo/config.yaml
• /vol1/1000/应用数据/mihomo/logs:/root/.config/mihomo/logs
• /dev/net/tun:/dev/net/tun # 保留 TUN 设备挂载
  environment:
• TZ=Asia/Shanghai # 保留时区
• MIHOMO_LOG_LEVEL=info # 保留日志级别

下面是mihomo的部分配置

Tunnel配置

tun:
enable: true
stack: system
device: Ethernet99
auto-route: true
auto-detect-interface: true
dns-hijack:

• any:53
• tcp://any:53
  strict-route: true
  mtu: 1500
  route-exclude-address: ["192.168.68.0/24"]

订阅规则

rule-providers:
reject_non_ip_no_drop:
<<: *RuleSet_classical
url: 'https://ruleset.skk.moe/Clash/non_ip/reject-no-drop.txt'
path: './rule_set/sukkaw_ruleset/reject_non_ip_no_drop.txt'

reject_non_ip_drop:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/reject-drop.txt
path: ./rule_set/sukkaw_ruleset/reject_non_ip_drop.txt

reject_non_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/reject.txt
path: ./rule_set/sukkaw_ruleset/reject_non_ip.txt

reject_domainset:
<<: *RuleSet_domain
url: https://ruleset.skk.moe/Clash/domainset/reject.txt
path: ./rule_set/sukkaw_ruleset/reject_domainset.txt

reject_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/ip/reject.txt
path: ./rule_set/sukkaw_ruleset/reject_ip.txt

cdn_domainset:
<<: *RuleSet_domain
url: https://ruleset.skk.moe/Clash/domainset/cdn.txt
path: ./rule_set/sukkaw_ruleset/cdn_domainset.txt

cdn_non_ip:
<<: *RuleSet_domain
url: https://ruleset.skk.moe/Clash/non_ip/cdn.txt
path: ./rule_set/sukkaw_ruleset/cdn_non_ip.txt

所有流媒体（包括上述所有流媒体）

stream_non_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/stream.txt
path: ./rule_set/sukkaw_ruleset/stream_non_ip.txt

stream_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/ip/stream.txt
path: ./rule_set/sukkaw_ruleset/stream_ip.txt

ai_non_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/ai.txt
path: ./rule_set/sukkaw_ruleset/ai_non_ip.txt

telegram_non_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/telegram.txt
path: ./rule_set/sukkaw_ruleset/telegram_non_ip.txt

telegram_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/ip/telegram.txt
path: ./rule_set/sukkaw_ruleset/telegram_ip.txt

apple_cdn:
<<: *RuleSet_domain
url: https://ruleset.skk.moe/Clash/domainset/apple_cdn.txt
path: ./rule_set/sukkaw_ruleset/apple_cdn.txt

apple_services:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/apple_services.txt
path: ./rule_set/sukkaw_ruleset/apple_services.txt

apple_cn_non_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/apple_cn.txt
path: ./rule_set/sukkaw_ruleset/apple_cn_non_ip.txt

microsoft_cdn_non_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/microsoft_cdn.txt
path: ./rule_set/sukkaw_ruleset/microsoft_cdn_non_ip.txt

microsoft_non_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/microsoft.txt
path: ./rule_set/sukkaw_ruleset/microsoft_non_ip.txt

软件更新、操作系统等大文件下载

download_domainset:
<<: *RuleSet_domain
url: https://ruleset.skk.moe/Clash/domainset/download.txt
path: ./rule_set/sukkaw_ruleset/download_domainset.txt

download_non_ip:
<<: *RuleSet_domain
url: https://ruleset.skk.moe/Clash/non_ip/download.txt
path: ./rule_set/sukkaw_ruleset/download_non_ip.txt

内网 域名和局域网 IP

lan_non_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/lan.txt
path: ./rule_set/sukkaw_ruleset/lan_non_ip.txt

lan_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/ip/lan.txt
path: ./rule_set/sukkaw_ruleset/lan_ip.txt

domestic_non_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/domestic.txt
path: ./rule_set/sukkaw_ruleset/domestic_non_ip.txt

direct_non_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/direct.txt
path: ./rule_set/sukkaw_ruleset/direct_non_ip.txt

global_non_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/non_ip/global.txt
path: ./rule_set/sukkaw_ruleset/global_non_ip.txt

domestic_ip:
<<: *RuleSet_classical
url: https://ruleset.skk.moe/Clash/ip/domestic.txt
path: ./rule_set/sukkaw_ruleset/domestic_ip.txt

china_ip:
<<: *RuleSet_ipcidr
url: https://ruleset.skk.moe/Clash/ip/china_ip.txt
path: ./rule_set/sukkaw_ruleset/china_ip.txt

分流规则

rules:

========== 1. 最高优先级：内网/NAS 精准放行（绝对不被拦截/走节点） ==========

• IP-CIDR,192.168.68.3/32,DIRECT,no-resolve # 精准匹配NAS的IP，放行所有端口
• IP-CIDR,192.168.68.0/24,DIRECT,no-resolve # 放行整个内网网段
• DST-PORT,3002,DIRECT,no-resolve # 单独放行3002端口（可选，双重保障）
• RULE-SET,lan_ip,DIRECT # 通用局域网规则，兜底内网访问
• DOMAIN-SUFFIX,gying.net,DIRECT

========== 2. 核心自定义：Jun 节点手动域名规则 ==========

• DOMAIN-SUFFIX,hhzyapi.com,Jun
• DOMAIN-SUFFIX,xinlangapi.com,Jun
• DOMAIN-SUFFIX,rycjapi.com,Jun
• DOMAIN-SUFFIX,milkcloud.org,Jun
• DOMAIN-SUFFIX,subocaiji.com,Jun
• DOMAIN-SUFFIX,wolongzyw.com,Jun
• DOMAIN-SUFFIX,yayazy.net,Jun
• DOMAIN-SUFFIX,guangsuapi.com,Jun
• DOMAIN-SUFFIX,kuaichezy.org,Jun
• DOMAIN-SUFFIX,ukuapi.com,Jun
• DOMAIN-SUFFIX,yparse.com,Jun
• DOMAIN-SUFFIX,1080zyku.com,Jun
• DOMAIN-SUFFIX,niuniuzy.me,Jun
• DOMAIN-SUFFIX,sdzyapi.com,Jun
• DOMAIN-SUFFIX,ikunzyapi.com,Jun
• DOMAIN-SUFFIX,tysyszy.com,Jun
• DOMAIN-SUFFIX,bfzyapi.com,Jun
• DOMAIN-SUFFIX,suoniapi.com,Jun

========== 3. REJECT 拦截规则（放在放行规则后，避免误拦核心流量） ==========

• RULE-SET,reject_non_ip,REJECT
• RULE-SET,reject_domainset,REJECT
• RULE-SET,reject_non_ip_drop,REJECT-DROP
• RULE-SET,reject_non_ip_no_drop,REJECT
• RULE-SET,reject_ip,REJECT

========== 4. 非IP类放行/指定节点规则集（核心流量已优先匹配，不冲突） ==========

• RULE-SET,cdn_domainset,Jun
• RULE-SET,cdn_non_ip,Jun
• RULE-SET,stream_non_ip,🇺🇸 - 自动选择
• RULE-SET,telegram_non_ip,✈️ 电报信息
• RULE-SET,apple_cdn,DIRECT
• RULE-SET,download_domainset,Jun
• RULE-SET,download_non_ip,Jun
• RULE-SET,microsoft_cdn_non_ip,DIRECT
• RULE-SET,apple_cn_non_ip,DIRECT
• RULE-SET,apple_services,🍎 苹果服务
• RULE-SET,microsoft_non_ip,Ⓜ️ 微软服务
• RULE-SET,global_non_ip,Jun
• RULE-SET,domestic_non_ip,DIRECT
• RULE-SET,direct_non_ip,DIRECT

========== 5. IP类放行/指定节点规则集（除局域网外的其他IP规则） ==========

• RULE-SET,telegram_ip,✈️ 电报信息
• RULE-SET,stream_ip,🇺🇸 - 自动选择
• RULE-SET,domestic_ip,DIRECT
• RULE-SET,china_ip,DIRECT

========== 6. 兜底规则：未匹配的所有流量默认直连（必须最后） ==========

• MATCH,DIRECT

一西啊

rules:
  - GEOIP,private,DIRECT    # 直连所有局域网流量
  - GEOIP,cn,DIRECT         # 直连所有中国大陆IP的流量