After starting SSClash port forwarding not works

[Jon811]

After starting SSClash port forwarding not works. So my home server is not accessible from outside. How to make, that requests from outside to some port comes into lan device directly?

[zerolabnet]

Check what interface you are using for WAN (command: ip a). Most likely it is not in the list I made, add the interface to the RESERVED_IFACE array in the nft.conf file.

[Jon811]

In my case pppoe-wan is WAN interface, so "ppp* mask had to work, but it's not. adding "pppoe-wan" is not worked.
13: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
link/ppp
inet ... peer ******/32 scope global pppoe-wan
valid_lft forever preferred_lft forever

[Jon811]

Is there a way to debug this chains?

[zerolabnet]

I have no idea what the cause is. "ppp*" really should cover your WAN connection.

[absid89]

the same problem. I use port forwarding for telegram webhook, my wan is also pppoe-wan. and nothing helps to make it work until you disable the service

[Jon811]

In /opt/clash/nft.conf adding
oifname $RESERVED_IFACE return
ip saddr LANIP tcp sport LANPort return
#Redirect traffic to TPROXY
Helped me

[absid89]

In /opt/clash/nft.conf adding oifname $RESERVED_IFACE return ip saddr LANIP tcp sport LANPort return #Redirect traffic to TPROXY Helped me

thx this works for me

upd:
for me the request locally to external address did not work, had to add more rules

add in prerouting and output:
ip daddr != 192.168.1.0/24 tcp dport PORT return
(192.168.1.0 if needed replace with your local network)

[absid89]

@zerolabnet maybe there is a possibility to put this in the config or generally take it into account during automatic generation of the config if there is one

[ma3uk]

Does anyone know how to solve the problem with connecting to external SSH? I cannot connect to my server unless I route it through a proxy; otherwise, SSH connection requests are blocked.

[fildunsky]

Does anyone know how to solve the problem with connecting to external SSH? I cannot connect to my server unless I route it through a proxy; otherwise, SSH connection requests are blocked.

Странно, у меня никогда таких проблем нигде не было по SSH заходит на любые серверы при работающем Clash. Может настройки фаерволла на сервере специфические или ban IP?

[ma3uk]

Does anyone know how to solve the problem with connecting to external SSH? I cannot connect to my server unless I route it through a proxy; otherwise, SSH connection requests are blocked.

Странно, у меня никогда таких проблем нигде не было по SSH заходит на любые серверы при работающем Clash. Может настройки фаерволла на сервере специфические или ban IP?

Именно после установки SSClash перестало по SSH к серваку подключаться, если отключить его или подключиться с другой точки доступа, то всё заходит.