Ubuntu Server 使用 ShadowSocks 代理翻墙
Summary: Author: 张亚飞 | Read Time: 6 minute read | Published: 2015-08-08
Filed under
—
Categories:
DevOps
—
Tags:
Linux,
Server,
Software,
DevOps,
Vpn 翻墙相关
配置好 ShadowServer 服务器
启动
sudo ssserver -c /data/home/coam/ShadowSocks/shadowsocks.json -d start
加入开机自运行
…
将启动命令 sudo ssserver -c /data/home/coam/ShadowSocks/shadowsocks.json -d start 加入 /etc/rc.local
sudo vi /etc/rc.local
- 安装 shadowsocks
sudo apt install python-pip
sudo pip install shadowsocks
pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip
由于pip安装的 shadowsocks 版本过低,启动运行报错,于是通过源码安装:
wget https://github.com/shadowsocks/shadowsocks/archive/2.9.1.zip
unzip 2.9.1.zip
cd shadowsocks-2.9.1
python setup.py install
sudo pip uninstall shadowsocks
sudo reboot
ssserver --version
注意: 重新安装后需重启才能运行最新版程序
- 如果用配置文件的方式进行配置 需要编辑配置文件
{
"server" : "45.32.80.56",
"server_port" : 8088,
"local_address" : "127.0.0.1",
"local_port" : 1080,
"password" : "******",
"timeout" : 600,
"method" : "aes-256-cfb",
"fast_open":false
}
- 启动方式
sslocal -s 45.32.80.56 -p 8188 -b 127.0.0.1 -l 1080 -k yafei*** -t 600 -m aes-256-cfb
# or
sslocal -c shadowsocks.json
apt代理配置
在Ubuntu中,更新软件apt并不使用系统的代理或者命令行的代理,而是需要进行单独配置.
如果你想通过代理来访问apt上的源,可以修改或者添加一个/etc/apt/apt.conf文件
sudo vi /etc/apt/apt.conf
然后在文件中添加内容如下:
Acquire::http::proxy "http://ip:port/";
Acquire::ftp::proxy "ftp://ip:port/";
Acquire::https::proxy "https://ip:port/";
...
Acquire::http::proxy "http://127.0.0.1:8123/";
Acquire::ftp::proxy "ftp://127.0.0.1:8123/";
Acquire::https::proxy "https://127.0.0.1:8123/";
这样就可以使用代理服务器访问apt上的源了.
要想编辑源的列表,可以修改
vi /etc/apt/sources.list
deb http://cn.archive.ubuntu.com/ubuntu/ raring main restricted
deb-src http://cn.archive.ubuntu.com/ubuntu/ raring main restricted
常见问题
开启 iptables 后,开启 INPUT 和 OUTPUT 后,客户端还是不能连接代理服务器
Wed Aug 03 10:28:14 coam@coam:~/rs$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22312
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8188
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
...
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
...
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22312
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8188
...
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
查看当前 ShadowSocks 代理服务器 Vultr[45.32.80.56]
Wed Aug 03 10:27:39 coam@coam:~$ sudo netstat -tunpl
* [sudo] password for coam:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
...
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1094/nginx -g daemo
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 586/vsftpd
tcp 0 0 45.32.80.56:8188 0.0.0.0:* LISTEN 1877/python
...
可以看到 ShadowSocks 监听的是 [45.32.80.56:8188] ,而其它通过同样防火墙规则设置的 nginx,vsftpd 监听的都是 [0.0.0.0]
于是修改 shadowsocks.json 配置文件,将其改成
{
//"server": "45.32.80.56",
"server": "0.0.0.0",
"server_port": 8188,
"local_address": "127.0.0.1",
"local_port": 1080,
"password": "******",
"timeout": 600,
"method": "aes-256-cfb",
"fast_open": false
}
并重启 代理 服务器,可以看到已经改成监听 [0.0.0.0:8188] 所有ip了,按以上 iptables 防火墙规则开启并重新使用 ShadowSocks 客户端登陆可以正常翻墙
Wed Aug 03 10:27:39 coam@coam:~$ sudo netstat -tunpl
* [sudo] password for coam:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
...
tcp 0 0 0.0.0.0:8188 0.0.0.0:* LISTEN 1877/python
...
以上问题找到了,是 ShadowSocks 监听的 server_ip 配置问题,下面尝试在不修改 ShadowSocks 配置的 server_ip:45.32.80.56 的情况下,修改 iptables 防火墙的 8188 设置
shadowsocks-libev
CentOS 安装 ShadowSocks
pip install --upgrade pip
pip install shadowsocks
参考 CentOS.7.4搭建shadowsocks,以及配置BBR加速
阿里云 ShadowSocks 被监控警告
卸载 阿里云盾 监控
sudo wget http://update.aegis.aliyun.com/download/uninstall.sh
sudo chmod +x uninstall.sh
sudo ./uninstall.sh
卸载 安骑士 监控
sudo wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
sudo chmod +x quartz_uninstall.sh
sudo ./quartz_uninstall.sh
删除残留
sudo pkill aliyun-service
sudo rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service
sudo rm -rf /usr/local/aegis*
屏蔽云盾 IP
sudo iptables -I INPUT -s 140.205.201.0/28 -j DROP
sudo iptables -I INPUT -s 140.205.201.16/29 -j DROP
sudo iptables -I INPUT -s 140.205.201.32/28 -j DROP
sudo iptables -I INPUT -s 140.205.225.192/29 -j DROP
sudo iptables -I INPUT -s 140.205.225.200/30 -j DROP
sudo iptables -I INPUT -s 140.205.225.184/29 -j DROP
sudo iptables -I INPUT -s 140.205.225.183/32 -j DROP
sudo iptables -I INPUT -s 140.205.225.206/32 -j DROP
sudo iptables -I INPUT -s 140.205.225.205/32 -j DROP
sudo iptables -I INPUT -s 140.205.225.195/32 -j DROP
sudo iptables -I INPUT -s 140.205.225.204/32 -j DROP
保存 iptable 规则并开机自动加载
- 保存到
/etc/iptables/rules.v4
# iptables-save > /etc/iptables/rules.v4
流程图
网页浏览手动档 http/dns转sock5
+-----------+ http + dns +-----------------------+ +-----------+ ||
|chrome+代理 | ----------------> | chome + SwitchyOmega |--------------> | privoxy |-----------------+ ||
+-----------+ +-----------------------+ +-----------+ | ||
127.0.0.1:1087 | ||
| ||
macos上的进程 | || 互联网畅游国度
+-----------+ 国内域名服务器 | || +-----------+
| | 114.114.114.114:53 UDP only | || 8.8.8.8:53 TCP/UDP | |
| | 配置名单上的域名 +---------------+ | || +-------------------+ | |
| dropbox | +-------------------------------------> | CN DNS Server | | || | Google DNS Server | | |
| | | +---------------+ | || +-------------------+ | google |
| | | 境外域名解析过滤器 ^ | || | |
| | dns query 本机DNS服务器 +----------+ | | GFW|| ^ | |
| | (udp) +-----------+ | | ----------------+ | || | | |
| terminal | ----------------> | dnsmasq |--------> | chinadns | | || | | |
| | ^ +-----------+ | | ----------------+ | || | | youtube |
| | / 127.0.0.1:53 +----------+ | | || | | |
| | / 127.0.0.1:65353 v v || 境外机场 | | |
| | / 127.0.0.1:1053 机场入口 || xx.xx.xx.xx:xxx | | |
| onenote | / +-----+--------+ +---+------------+ || +------------+---+ | |
| | / | | tcpdns | | |v2ray-plugin| ---||--> |v2ray-plugin| | | |
| | / 流量转发器 | +--------+ -------->| +------------+ || +------------+ |------>| facebook |
| |/ | redsocks | | ss-local | || | ss-server | | |
| / +--------------+ +----------------+ || +----------------+ | |
| chrome |\ 127.0.0.1:12345 127.0.0.1:1086 || mode: tcp_and_udp | |
| | \ ^ || | |
| | \ | || | |
| | \ pf tcp流量劫持国外ip流量(dst.ip不在直连名单中) | || | pxxxhub |
| | \ +---------------------------------------------------+ | || | |
| curl | \ tcp | | | || | |
| | v | +-------+ pf route-to +-------+ pf rdr-to | | || | |
| | ------------|---> | en0 |--------------> | lo0 | -----------|---+ || | |
| ...... | | +-------+ +-------+ | || | ...... |
| | +---------|-----------------------------------------+ || | |
| | | || | |
| | |pf direct || | |
| | | || | |
| | | || | |
+-----------+ v || +-----------+
+-------------------------------------------------------------------------------------+ ||
| | ||
国内互联网江湖 | baidu taobao weibo iqiyi v.qq.com github ...... | || By: https://huhao.ai
| | ||
+-------------------------------------------------------------------------------------+ +-
Comments