` root@rs:~# ls -la /etc/kaskad/bot_state find /etc/kaskad/bot_state -type f -maxdepth 2 -print -exec sed -n '1,160p' {} \; grep -n "ip1\|ip2\|rule\|alias" /usr/local/bin/gokaskad total 12 drwxr-xr-x 2 root root 4096 May 26 16:17 . drwxr-xr-x 4 root root 4096 May 26 12:50 .. -rw-r--r-- 1 root root 107 May 26 16:17 system find: warning: you have specified the global option -maxdepth after the argument -type, but global options are not positional, i.e., -maxdepth affects tests specified before it as well as those specified after it. Please specify global options before other arguments. /etc/kaskad/bot_state/system UPDATE_TOKEN=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 15:ALIASES_FILE="$KASKAD_DIR/aliases" 57:set_alias_full() { 67:set_alias() { 73: set_alias_full "$ip" "$name" "${old_note:-}" "${old_country:-}" "${old_isp:-}" 76:set_alias_note() { 82: set_alias_full "$ip" "${old_name:-}" "$note" "${old_country:-}" "${old_isp:-}" 85:set_alias_geo() { 91: set_alias_full "$ip" "${old_name:-}" "${old_note:-}" "$country" "$isp" 94:get_alias_field() { 107:get_alias() { get_alias_field "$1" "name"; } 112: name=$(get_alias_field "$ip" "name") 113: country=$(get_alias_field "$ip" "country") 114: isp=$(get_alias_field "$ip" "isp") 129: name=$(get_alias_field "$ip" "name") 136: name=$(get_alias_field "$ip" "name") 137: note=$(get_alias_field "$ip" "note") 138: country=$(get_alias_field "$ip" "country") 139: isp=$(get_alias_field "$ip" "isp") 221: set_alias_geo "$ip" "$geo_country" "$geo_isp" 252: existing_name=$(get_alias "$ip") 258: [ -n "$_RET_NAME" ] && set_alias "$ip" "$_RET_NAME" 262: [ -n "$_RET_NOTE" ] && set_alias_note "$ip" "$_RET_NOTE" 296: set_alias_geo "$ip" "$geo_country" "$geo_isp" 404:get_rules_list() { 415: get_rules_list | awk -F'|' '{split($3,a,":"); print a[1]}' | sort -u 420: get_rules_list | awk -F'|' -v ip="$ip" '{split($3,a,":"); if(a[1]==ip){print a[2]; exit}}' 445:remove_rules_for_port() { 447: iptables -t nat -S PREROUTING 2>/dev/null | grep "DNAT" | grep -- "--dport ${in_port} " | grep -- "-p ${proto} " | while read -r rule; do 448: eval "iptables -t nat -D ${rule#-A }" 2>/dev/null 450: iptables -S INPUT 2>/dev/null | grep "kaskad" | grep -- "--dport ${in_port} " | grep -- "-p ${proto} " | while read -r rule; do 451: eval "iptables -D ${rule#-A }" 2>/dev/null 453: iptables -S FORWARD 2>/dev/null | grep "kaskad" | grep -- "-p ${proto} " | while read -r rule; do 454: local rd; rd=$(echo "$rule" | sed -n 's/.*--dport \([0-9]*\).*/\1/p') 455: local rs; rs=$(echo "$rule" | sed -n 's/.*--sport \([0-9]*\).*/\1/p') 456: [[ "$rd" == "$in_port" || "$rs" == "$in_port" ]] && eval "iptables -D ${rule#-A }" 2>/dev/null 460:apply_iptables_rules() { 463: log_action "ADD rule: $proto :$in_port -> $target_ip:$out_port ($name)" 464: remove_rules_for_port "$proto" "$in_port" 480:# ─── Interactive rule configuration ────────────────────────── 482:configure_rule() { 494: apply_iptables_rules "$proto" "$port" "$port" "$target_ip" "$name" 498:configure_custom_rule() { 518: apply_iptables_rules "$proto" "$in_port" "$out_port" "$target_ip" "Custom Rule" 524:list_active_rules() { 527: local rules 528: rules=$(get_rules_list) 529: if [ -z "$rules" ]; then 532: echo "$rules" | while IFS='|' read -r proto port dest; do 541:delete_single_rule() { 543: local -a rules_arr=() 546: rules_arr[$i]="$proto|$port|$dest" 550: done <<< "$(get_rules_list)" 551: if [ ${#rules_arr[@]} -eq 0 ]; then 555: read -p "Номер для удаления (0 — отмена): " rule_num 556: [[ "$rule_num" == "0" || -z "${rules_arr[$rule_num]:-}" ]] && return 557: IFS='|' read -r d_proto d_port d_dest <<< "${rules_arr[$rule_num]}" 559: iptables -S INPUT 2>/dev/null | grep "kaskad:${d_port}:${d_proto}" | while read -r rule; do eval "iptables -D ${rule#-A }" 2>/dev/null; done

[Telegram Anten-ka club id:-1002445567608 topic:5655 +1m Tue 2026-05-26 11:36 UTC] Grey Makarov (468688749): <media:document> [Replying to Anten-ka Ai Helper DOG id:45106] На роутере, не в 3x-ui. Если это Keenetic + XKeen, ищи в веб-морде: Приложения → XRay/XKeen → Конфигурация → 04_outbounds.json и рядом 05_routing.json. Или просто открой по SSH файл: /usb/etc/xray/configs/04_outbounds.json. Мне нужен скрин/текст, где видно tag, address, port, serverName, publicKey, shortId. ✅ [/Replying] <file name="05_routing---c405a4a1-57f7-4183-a3a7-7b866fed3160.json" mime="application/json"> <<<EXTERNAL_UNTRUSTED_CONTENT id="1cb00551a3f13f69">>> Source: External --- { "routing": { "rules": [ { "inboundTag": ["redirect", "tproxy"], "outboundTag": "direct", "type": "field", "ip": ["92.242.164.225/32"] }, { "inboundTag": ["redirect", "tproxy"], "outboundTag": "block", "type": "field", "network": "udp", "port": "135, 137, 138, 139" }, { "inboundTag": ["redirect", "tproxy"], "outboundTag": "block", "type": "field", "domain": ["appcenter.ms"] }, { "inboundTag": ["redirect", "tproxy"], "outboundTag": "direct", "type": "field", "domain": [ "regexp:^([\\w\\-\\.]+\\.)ru$", "regexp:^([\\w\\-\\.]+\\.)su$", "regexp:^([\\w\\-\\.]+\\.)xn--p1ai$", "regexp:^([\\w\\-\\.]+\\.)xn--p1acf$", "regexp:^([\\w\\-\\.]+\\.)xn--80asehdb$", "regexp:^([\\w\\-\\.]+\\.)xn--c1avg$", "regexp:^([\\w\\-\\.]+\\.)xn--80aswg$", "regexp:^([\\w\\-\\.]+\\.)xn--80adxhks$", "regexp:^([\\w\\-\\.]+\\.)moscow$", "regexp:^([\\w\\-\\.]+\\.)xn--d1acj3b$", "ext:geosite_v2fly.dat:category-gov-ru", "ext:geosite_v2fly.dat:private", "ext:geosite_v2fly.dat:yandex", "ext:geosite_v2fly.dat:steam", "ext:geosite_v2fly.dat:vk" ] }, { "inboundTag": ["redirect", "tproxy"], "outboundTag": "direct", "type": "field", "protocol": ["bittorrent"] }, { "inboundTag": ["redirect", "tproxy"], "outboundTag": "vless-reality", "type": "field" } ] } } <<<END_EXTERNAL_UNTRUSTED_CONTENT id="1cb00551a3f13f69">>> </file> <file name="04_outbounds---2715ae6c-ec46-4f89-aa3e-ba6bb4a8369c.json" mime="application/json"> <<<EXTERNAL_UNTRUSTED_CONTENT id="c293d18c8c6fac51">>> Source: External --- { "outbounds": [ { "tag": "vless-reality", "protocol": "vless", "settings": { "vnext": [ { "address": "92.242.164.225", "port": 443, "users": [ { "id": "fb18f0f4-0f16-45a7-93ed-bc72968e26c4", "flow": "xtls-rprx-vision", "encryption": "none", "level": 0 } ] } ] }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "publicKey": "glht0A6LbGl-tvR91tKbgPysVxjI3OT2pUh6VSYxp1Q", "fingerprint": "chrome", "serverName": "max.ru", "shortId": "dc", "spiderX": "/" } } }, { "tag": "direct", "protocol": "freedom" }, { "tag": "block", "protocol": "blackhole", "settings": { "response": { "type": "http" } } } ] } <<<END_EXTERNAL_UNTRUSTED_CONTENT id="c293d18c8c6fac51">>> </file>

напомню ошибки в логах роутера продолжают приходить мы решаем как их устранить INFO[2026-05-26T11:26:01.844680610Z] [TCP] 10.1.30.142:46142 --> 145.190.68.5:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T11:26:01.845303226Z] [TCP] 10.1.30.142:46140 --> 145.190.68.5:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T11:26:01.852153534Z] [TCP] 10.1.30.142:46136 --> 145.190.68.5:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T11:26:01.876787149Z] [TCP] 10.1.30.142:53448 --> 20.33.39.105:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T11:26:02.138492149Z] [TCP] 10.1.30.142:46152 --> 145.190.68.5:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T11:26:02.672743226Z] [TCP] 192.168.2.88:60945 --> 83.222.28.15:443 match GeoIP(ru) using DIRECT INFO[2026-05-26T11:26:05.859879072Z] [TCP] 10.1.30.76:51298 --> 78.159.245.10:443 match GeoIP(ru) using DIRECT WARN[2026-05-26T11:26:06.623415226Z] [TCP] dial PROXY (match Match/) 10.1.30.142:46138 --> 145.190.68.5:443 error: 92.242.164.225:443 connect error: context deadline exceeded WARN[2026-05-26T11:26:06.676621072Z] [TCP] dial PROXY (match Match/) 10.1.30.142:46154 --> 145.190.68.5:443 error: 92.242.164.225:443 connect error: context deadline exceeded WARN[2026-05-26T11:26:06.691050072Z] [TCP] dial PROXY (match Match/) 10.1.30.142:46156 --> 145.190.68.5:443 error: 92.242.164.225:443 connect error: context deadline exceeded WARN[2026-05-26T11:26:06.709442918Z] [TCP] dial PROXY (match Match/) 10.1.30.142:46158 --> 145.190.68.5:443 error: 92.242.164.225:443 connect error: context deadline exceeded WARN[2026-05-26T11:26:06.715574303Z] [TCP] dial PROXY (match Match/) 10.1.30.142:46160 --> 145.190.68.5:443 error: 92.242.164.225:443 connect error: context deadline exceeded WARN[2026-05-26T11:26:06.737165534Z] [TCP] dial PROXY (match Match/) 10.1.30.142:46162 --> 145.190.68.5:443 error: 92.242.164.225:443 connect error: context deadline exceeded INFO[2026-05-26T11:26:06.852257226Z] [TCP] 10.1.30.142:46164 --> 145.190.68.5:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T11:26:06.854674303Z] [TCP] 10.1.30.142:40004 --> 195.219.175.135:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T11:26:06.856548303Z] [TCP] 192.168.2.88:60951 --> 52.192.189.47:8202 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T11:26:06.857274688Z] [TCP] 10.1.30.142:52306 --> 20.153.154.25:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T11:26:06.860555534Z] [TCP] 192.168.2.88:60946 --> 142.251.1.84:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T11:26:06.867069457Z] [TCP] 10.1.30.142:52308 --> 20.153.154.25:443 match Match using PROXY[1-pol58xkeen] WARN[2026-05-26T11:26:07.102173072Z] [TCP] dial PROXY (match Match/) 10.1.30.142:46166 --> 145.190.68.5:443 error: 92.242.164.225:443 connect error: context deadline exceeded

я добавил то что ты мне скидывал { "routing": { "rules": [ { "inboundTag": ["redirect", "tproxy"], "outboundTag": "direct", "type": "field", "ip": ["92.242.164.225/32"] }, { "inboundTag": ["redirect", "tproxy"], "outboundTag": "block", "type": "field", "network": "udp", "port": "135, 137, 138, 139" }, { "inboundTag": ["redirect", "tproxy"], "outboundTag": "block", "type": "field", "domain": ["appcenter.ms"] }, { "inboundTag": ["redirect", "tproxy"], "outboundTag": "direct", "type": "field", "domain": [ "regexp:^([\\w\\-\\.]+\\.)ru$", "regexp:^([\\w\\-\\.]+\\.)su$", "regexp:^([\\w\\-\\.]+\\.)xn--p1ai$", "regexp:^([\\w\\-\\.]+\\.)xn--p1acf$", "regexp:^([\\w\\-\\.]+\\.)xn--80asehdb$", "regexp:^([\\w\\-\\.]+\\.)xn--c1avg$", "regexp:^([\\w\\-\\.]+\\.)xn--80aswg$", "regexp:^([\\w\\-\\.]+\\.)xn--80adxhks$", "regexp:^([\\w\\-\\.]+\\.)moscow$", "regexp:^([\\w\\-\\.]+\\.)xn--d1acj3b$", "ext:geosite_v2fly.dat:category-gov-ru", "ext:geosite_v2fly.dat:private", "ext:geosite_v2fly.dat:yandex", "ext:geosite_v2fly.dat:steam", "ext:geosite_v2fly.dat:vk" ] }, { "inboundTag": ["redirect", "tproxy"], "outboundTag": "direct", "type": "field", "protocol": ["bittorrent"] }, { "inboundTag": ["redirect", "tproxy"], "outboundTag": "vless-reality", "type": "field" } ] } }

неделю работает без ошибок потом ошибки продолжают поступать куда ещё смотреть? [TCP] 192.168.2.88:58482 --> 13.33.235.75:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:40.668396840Z] [TCP] 192.168.2.88:58479 --> 172.64.155.189:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:40.777690994Z] [TCP] 192.168.2.88:58483 --> 104.18.32.67:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:40.886167455Z] [TCP] 192.168.2.88:58484 --> 2.17.251.109:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:41.504363379Z] [TCP] 192.168.2.88:58485 --> 98.66.133.184:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:41.913525840Z] [TCP] 192.168.2.88:58488 --> 51.68.35.181:8610 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:41.930536763Z] [TCP] 192.168.2.88:58486 --> 172.64.155.189:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:42.199919148Z] [TCP] 192.168.2.88:58489 --> 141.95.72.59:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:42.874452917Z] [TCP] 10.1.30.131:41194 --> 64.233.165.188:5228 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:43.692683225Z] [TCP] 192.168.2.88:58490 --> 62.4.9.11:80 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:43.810652686Z] [TCP] 192.168.2.88:58492 --> 149.154.167.41:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:43.812889994Z] [TCP] 192.168.2.88:58491 --> 149.154.167.51:443 match Match using PROXY[1-pol58xkeen] WARN[2026-05-26T10:42:46.494729994Z] [UDP] dial PROXY (match Match/) 192.168.2.88:53189 --> 82.116.242.36:3883 error: 92.242.164.225:443 connect error: context deadline exceeded INFO[2026-05-26T10:42:46.636181610Z] [TCP] 192.168.2.88:58495 --> 52.9.29.177:443 match Match using PROXY[1-pol58xkeen] WARN[2026-05-26T10:42:46.719968302Z] [TCP] dial PROXY (match Match/) 192.168.2.88:58487 --> 51.68.35.181:8616 error: 92.242.164.225:443 connect error: context deadline exceeded INFO[2026-05-26T10:42:47.691420533Z] [UDP] 192.168.2.88:53189 --> 82.116.242.36:3883 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:42:48.099143610Z] [TCP] 192.168.2.88:58496 --> 57.128.79.72:17154 match Match using PROXY[1-pol58xkeen] WARN[2026-05-26T10:42:48.638034917Z] [TCP] dial PROXY (match Match/) 192.168.2.88:58494 --> 149.154.167.41:80 error: 92.242.164.225:443 connect error: context deadline exceeded WARN[2026-05-26T10:42:48.638083841Z] [TCP] dial PROXY (match Match/) 192.168.2.88:58493 --> 149.154.167.51:80 error: 92.242.164.225:443 connect error: context deadline exceeded WARN[2026-05-26T10:42:53.285477148Z] [TCP] dial PROXY (match Match/) 10.1.30.149:57496 --> 64.233.165.188:5228 error: 92.242.164.225:443 connect error: context deadline exceeded WARN[2026-05-26T10:42:56.874734610Z] [TCP] dial PROXY (match Match/) 192.168.2.88:58431 --> 82.116.242.36:7680 error: 92.242.164.225:443 connect error: context deadline exceeded WARN[2026-05-26T10:42:58.827386533Z] [TCP] dial PROXY (match Match/) 10.1.30.149:37046 --> 142.251.169.188:443 error: 92.242.164.225:443 connect error: context deadline exceeded WARN[2026-05-26T10:42:59.940865303Z] [TCP] dial PROXY (match Match/) 192.168.2.88:58497 --> 173.194.221.94:443 error: 92.242.164.225:443 connect error: context deadline exceeded INFO[2026-05-26T10:43:00.073593380Z] [TCP] 192.168.2.88:58498 --> 149.154.167.51:80 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:43:00.224588226Z] [TCP] 192.168.2.88:58499 --> 173.194.221.94:443 match Match using PROXY[1-pol58xkeen] INFO[2026-05-26T10:43:02.567813611Z] [TCP] 192.168.2.88:58501 --> 5.255.255.77:443 match GeoIP(ru) using DIRECT

@AntenkaAI_bot так а новых пользователей мне заводить на каком сервере тогда?

@AntenkaAI_bot Обновлять ли geofile?

@AntenkaAI_bot Хочу попросить тебя оценить архитектуру моего каскада со стороны - насколько он правильно построен, что улучшить. Схема такая: устройство → Bridge (Россия, 3x-UI / Xray) → Exit (Нидерланды, 3x-UI / Xray) → интернет. Первое плечо, от устройства до Bridge: VLESS + TCP + Reality, flow xtls-rprx-vision, SNI крупного популярного сайта, uTLS firefox. Порт 443, плюс port-hopping: диапазон 20101-20200 заворачивается на 443 через iptables. Второе плечо, от Bridge до Exit: VLESS + XHTTP + Reality, SNI отдельного домена, режим stream-up (scStreamUpServerSecs 20-80, xmux maxConcurrency 16-32). Outbound на Bridge заведён прямой правкой SQLite, не через GUI. Общее по обоим плечам: sockopt с tcpUserTimeout=10000 и tcpKeepAlive, BBR, MTU 1380, на Exit стоит MSS-clamp 1280 (там eth0 с MTU 1380). Маршрутизация на Bridge: российский трафик (geosite ru, geoip ru) идёт напрямую (DIRECT), всё остальное - на Exit. Bittorrent и приватные адреса блокируются. DNS через DoH. Раз в 3 дня cron перезапускает x-ui - это воркэраунд против утечки памяти в XHTTP. Параллельно поднят запасной канал через Cloudflare CDN на отдельном домене (packet-up, Origin Cert). Вопросы: 1. Архитектурно схема выстроена правильно, или есть грубые ошибки? 2. Что бы ты изменил ради стабильности? 3. Reality на обоих плечах - это нормально, или на втором плече лучше что-то другое? Что думаешь? 4. Чего тут не хватает для отказоустойчивости?