Ubuntu Server 使用 ShadowSocks 代理翻墙

Summary: Author: 张亚飞 | 阅读时间: 3 minute read | Published: 2015-08-08
Filed under Categories: DevOpsTags: Linux, Server, Software, DevOps,

Vpn 翻墙相关


配置好 ShadowServer 服务器

启动

sudo ssserver -c /data/home/coam/ShadowSocks/shadowsocks.json -d start

加入开机自运行

将启动命令 sudo ssserver -c /data/home/coam/ShadowSocks/shadowsocks.json -d start 加入 /etc/rc.local

sudo vi /etc/rc.local

  • 安装 shadowsocks
sudo apt install python-pip
sudo pip install shadowsocks

pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip

wget https://github.com/shadowsocks/shadowsocks/archive/2.9.1.zip
unzip 2.9.1.zip
cd shadowsocks-2.9.1
python setup.py install
sudo pip uninstall shadowsocks
sudo reboot
ssserver --version

注意: 重新安装后需重启才能运行最新版程序

  • 如果用配置文件的方式进行配置 需要编辑配置文件
{
    "server" : "45.32.80.56",
    "server_port" : 8088,
    "local_address" : "127.0.0.1",
    "local_port" : 1080,
    "password" : "******",
    "timeout" : 600,
    "method" : "aes-256-cfb",
    "fast_open":false
}
  • 启动方式
sslocal -s 45.32.80.56 -p 8188 -b 127.0.0.1 -l 1080 -k yafei*** -t 600 -m aes-256-cfb
# or
sslocal -c shadowsocks.json

apt代理配置

在Ubuntu中,更新软件apt并不使用系统的代理或者命令行的代理,而是需要进行单独配置.

如果你想通过代理来访问apt上的源,可以修改或者添加一个/etc/apt/apt.conf文件

sudo vi /etc/apt/apt.conf

然后在文件中添加内容如下:

Acquire::http::proxy "http://ip:port/";
Acquire::ftp::proxy "ftp://ip:port/";
Acquire::https::proxy "https://ip:port/";
...
Acquire::http::proxy "http://127.0.0.1:8123/";
Acquire::ftp::proxy "ftp://127.0.0.1:8123/";
Acquire::https::proxy "https://127.0.0.1:8123/";

这样就可以使用代理服务器访问apt上的源了.

要想编辑源的列表,可以修改

vi /etc/apt/sources.list
deb http://cn.archive.ubuntu.com/ubuntu/ raring main restricted
deb-src http://cn.archive.ubuntu.com/ubuntu/ raring main restricted

常见问题

开启 iptables 后,开启 INPUTOUTPUT 后,客户端还是不能连接代理服务器

Wed Aug 03 10:28:14 coam@coam:~/rs$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22312
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8188
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
...

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
...
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:22312
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:8188
...
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

查看当前 ShadowSocks 代理服务器 Vultr[45.32.80.56]

Wed Aug 03 10:27:39 coam@coam:~$ sudo netstat -tunpl
* [sudo] password for coam:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
...
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1094/nginx -g daemo
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      586/vsftpd
tcp        0      0 45.32.80.56:8188        0.0.0.0:*               LISTEN      1877/python
...

可以看到 ShadowSocks 监听的是 [45.32.80.56:8188] ,而其它通过同样防火墙规则设置的 nginx,vsftpd 监听的都是 [0.0.0.0]

于是修改 shadowsocks.json 配置文件,将其改成

{
  //"server": "45.32.80.56",
  "server": "0.0.0.0",
  "server_port": 8188,
  "local_address": "127.0.0.1",
  "local_port": 1080,
  "password": "******",
  "timeout": 600,
  "method": "aes-256-cfb",
  "fast_open": false
}

并重启 代理 服务器,可以看到已经改成监听 [0.0.0.0:8188] 所有ip了,按以上 iptables 防火墙规则开启并重新使用 ShadowSocks 客户端登陆可以正常翻墙

Wed Aug 03 10:27:39 coam@coam:~$ sudo netstat -tunpl
* [sudo] password for coam:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
...
tcp        0      0 0.0.0.0:8188            0.0.0.0:*               LISTEN      1877/python
...

以上问题找到了,是 ShadowSocks 监听的 server_ip 配置问题,下面尝试在不修改 ShadowSocks 配置的 server_ip:45.32.80.56 的情况下,修改 iptables 防火墙的 8188 设置

shadowsocks-libev


CentOS 安装 ShadowSocks

pip install --upgrade pip
pip install shadowsocks

参考 CentOS.7.4搭建shadowsocks,以及配置BBR加速


阿里云 ShadowSocks 被监控警告

卸载 阿里云盾 监控

sudo wget http://update.aegis.aliyun.com/download/uninstall.sh
sudo chmod +x uninstall.sh
sudo ./uninstall.sh

卸载 安骑士 监控

sudo wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
sudo chmod +x quartz_uninstall.sh
sudo ./quartz_uninstall.sh

删除残留

sudo pkill aliyun-service
sudo rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service
sudo rm -rf /usr/local/aegis*

屏蔽云盾 IP

sudo iptables -I INPUT -s 140.205.201.0/28 -j DROP
sudo iptables -I INPUT -s 140.205.201.16/29 -j DROP
sudo iptables -I INPUT -s 140.205.201.32/28 -j DROP
sudo iptables -I INPUT -s 140.205.225.192/29 -j DROP
sudo iptables -I INPUT -s 140.205.225.200/30 -j DROP
sudo iptables -I INPUT -s 140.205.225.184/29 -j DROP
sudo iptables -I INPUT -s 140.205.225.183/32 -j DROP
sudo iptables -I INPUT -s 140.205.225.206/32 -j DROP
sudo iptables -I INPUT -s 140.205.225.205/32 -j DROP
sudo iptables -I INPUT -s 140.205.225.195/32 -j DROP
sudo iptables -I INPUT -s 140.205.225.204/32 -j DROP

保存 iptable 规则并开机自动加载

  • 保存到 /etc/iptables/rules.v4
# iptables-save > /etc/iptables/rules.v4

参考列表

Comments

Cor-Ethan, the beverage → www.iirii.com