- Gateway Transparent proxy
- Gateway FullCone NAT
- Access control Whitelist/Blacklist
- Routing control based on Port/IP/Domain
- Complete DNS hijacking prevents any 53 port query behavior that bypasses the gateway
- DNS requests intelligent routing based on EDNS-Client-Subnet/Policy
- Based on mihomo documentation, fully visual configuration GUI
- OpenWrt >= 24.10
- firewall4
- The Routing rule and Sub rule of the LuCI app have been migrated from
mihomoformat tojsonformat.
If findoption oldentryin/etc/config/fchomofile, the selected config may not be migrated correctly.
You need to manually reset the selected config and remove theoldentryoption when you are done.
Expand/Collapse
flowchart TD
subgraph Firewall
direction TB
subgraph fw_inpot[Input]; rawin[Raw traffic]; end
subgraph fw_outpot[Output]; lo; direct[Direct]; mihomoin[Mihomo in]; end
rawin --firewall--> flow{Subnet/Local traffic ?}
flow --Subnet--> acl_listen
flow --Local--> proxy_router{Proxy routerself ?}
proxy_router --Yes--> acl_dst
proxy_router --No --> direct
subgraph acl[Access Control]
direction TB
acl_listen{Src-interface filter} --> dns_hijack
acl_listen --> direct
dns_hijack{dport is 53 ?} --Redirect to dnsmasq--> lo
dns_hijack --No --> acl_src
acl_src{Src-address filter} --> acl_dst
acl_src --> direct
acl_dst{Dst-address filter} --> acl_dport
acl_dst --> direct
acl_dport{Dst-port filter
Always redirect port 53} --> mihomoin
acl_dport --> direct
end
end
subgraph DNS
direction TB
subgraph dns_inpot[Input]; dnsreq[Any DNS request to **local:53**]; end
subgraph dns_outpot[Output]; mihomodns[Minomo DNS]; otherdns[Other DNS]; end
dnsreq <--> dnsmasq[DNSmasq]
dnsmasq <--Upstearm--> mihomodns
dnsmasq <--Upstearm--> otherdns
dnsmasq-full --Set ipset--> e[NFTables direct/proxy/cn/gfw ipset]
end
You can find the prebuilt-ipks here
If you have trouble downloading resource files after initial installation, you can upload the initial resource pack.
Used to override /etc/config/fchomo
Direct
- add
Dst-addresstoGlobal > Access Control > Custom Direct list(domain requiresdnsmasq-full) - (Optional) remove
Dst-portonGlobal > Access Control > Routing Control > Routing port (UDP) - accept input
Dst-portonNetwork > Firewall > Traffic Rules, requires the upstream link is Fullcone
Proxy
- (Optional) add
Dst-addresstoGlobal > Access Control > Custom Proxy list(domain requiresdnsmasq-full) - add
Dst-portonGlobal > Access Control > Routing Control > Routing port (UDP) - add rule to
Client > Routing rule, requires the destProxy groupis Fullcone link
# Take the x86_64 platform as an example
tar xjf openwrt-sdk-23.05.3-x86-64_gcc-12.3.0_musl.Linux-x86_64.tar.xz
# Go to the SDK root dir
cd openwrt-sdk-*-x86_64_*
# First run to generate a .config file
make menuconfig
./scripts/feeds update -a
./scripts/feeds install -a
# Get Makefile
git clone --depth 1 --branch master --single-branch --no-checkout https://github.com/fcshark-org/openwrt-fchomo.git package/openwrt-fchomo
pushd package/openwrt-fchomo
umask 022
git checkout
popd
# Select the package LuCI -> Applications -> luci-app-fchomo
make menuconfig
# Start compiling
make package/luci-app-fchomo/compile V=s BUILD_LOG=y -j$(nproc)