Linux透明代理使用设置,一个使用ssh的基于VPN的透明代理

sshuttle 允许你通过 ssh 创设一条从您计算机连接收别的远程服务器的 VPN
连接,只要您的服务器帮衬 python2.3 或则更加高的本子。你不得不有本机的 root
权限,然则你能够在服务端有经常账户就可以。

1、安装 shadowsocks:

鉴于某个原因,需求记录顾客的web访谈日志,所以接收Squid来记入80端口的会见日志,别的Squid还会有cache成效。
第一编写翻译Squid的有的注意事项,举例设置ulimit等装置省略
改进运转脚本,运转前设置ulimit参数。

您能够在后生可畏台机器上同不时候运转往往 sshuttle
来连接收不一样的服务器上,那样您就足以同有的时候候使用八个 VPN,
sshuttle能够转变你子网中全数流量到VPN中。

apt install python-pip
pip install shadowsocks

squid.conf文件的更正:

— squid.conf.default  2006-03-28 08:43:48.000000000 +0800
+++ squid.conf  2006-03-28 18:09:49.000000000 +0800
@@ -51,6 +51,7 @@
# 这里无法只监听127.0.0.1:3128
#Default:
# http_port 3128
+http_port 3128
#  TAG: https_port
#        Usage:  [ip:]port cert=certificate.pem [key=key.pem]
[options…]
@@ -107,6 +108,7 @@
#
#Default:
# icp_port 3130
+icp_port 0
#  TAG: htcp_port
# Note: This option is only available if Squid is rebuilt with the
@@ -479,6 +481,7 @@
#
#Default:
# cache_mem 8 MB
+cache_mem 128 MB
#  TAG: cache_swap_low (percent, 0-100)
#  TAG: cache_swap_high        (percent, 0-100)
@@ -529,6 +532,7 @@
#
#Default:
# maximum_object_size_in_memory 8 KB
+maximum_object_size_in_memory 20 KB
#  TAG: ipcache_size   (number of entries)
#  TAG: ipcache_low    (percent)
@@ -693,7 +697,7 @@
#      (hard coded at 1 MB).
#
#Default:
-# cache_Linux透明代理使用设置,一个使用ssh的基于VPN的透明代理。dir ufs /var/spool/squid 100 16 256
+cache_dir ufs /var/spool/squid 256 16 256
#  TAG: cache_access_log
#      Logs the client request activity.  Contains an entry for
@@ -709,6 +713,7 @@
#
#Default:
# cache_log /var/log/squid/cache.log
+cache_log /dev/null
#  TAG: cache_store_log
#      Logs the activities of the storage manager.  Shows which
@@ -719,6 +724,7 @@
#
#Default:
# cache_store_log /var/log/squid/store.log
+cache_store_log none
#  TAG: cache_swap_log
#      Location for the cache “swap.state” file. This log file holds
@@ -856,6 +862,7 @@
#
#Default:
# ftp_user Squid@
+ftp_user user@test.com
#  TAG: ftp_list_width
#      Sets the width of ftp listings. This should be set to fit in
@@ -1942,8 +1949,8 @@
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
-#acl our_networks src 192.168.1.0/24 192.168.2.0/24
-#http_access allow our_networks
+acl our_networks src 10.0.0.0/8
+http_access allow our_networks
# And finally deny all other access to this proxy
http_access allow localhost
@@ -2290,6 +2297,8 @@
# 看看注释,那个是必需张开的
#Default:
# httpd_accel_port 80
+httpd_accel_host virtual
+httpd_accel_port 80
#  TAG: httpd_accel_single_host        on|off
#      If you are running Squid as an accelerator and have a single
backend
@@ -2308,6 +2317,7 @@
#
#Default:
# httpd_accel_single_host off
+httpd_accel_single_host off
#  TAG: httpd_accel_with_proxy on|off
#      If you want to use Squid as both a local httpd accelerator
@@ -2319,6 +2329,7 @@
#
#Default:
# httpd_accel_with_proxy off
+httpd_accel_with_proxy off
#  TAG: httpd_accel_uses_host_header   on|off
#      HTTP/1.1 requests include a Host: header which is basically
the
@@ -2339,6 +2350,7 @@
# 这几个也是必需展开的
#Default:
# httpd_accel_uses_host_header off
+httpd_accel_uses_host_header on
#  TAG: httpd_accel_no_pmtu_disc       on|off
#      In many setups of transparently intercepting proxies Path-MTU
@@ -2491,6 +2503,7 @@
# 为了不让有些网址驾驭一点客户使用代理访谈,所以关闭
#Default:
# forwarded_for on
+forwarded_for off
#  TAG: log_icp_queries        on|off

图片 1

2、编写配置文件

#      If set, ICP queries are logged to access.log. You may wish

Iptables的配置:
iptables -t nat -A PREROUTING -s 10.0.0.0/8 -i eth1 -p tcp -m tcp
–dport 80 -j REDIRECT –to-ports 3128
iptables -A INPUT -s 10.0.0.0/8 -i eth1 -p tcp -m tcp –dport 3128 -j
ACCEPT
注意INPUT里头的设置

图片 2

 

vim /etc/shadowsocks.json

在Ubuntu中安装sshuttle

在巅峰中输入上面包车型地铁下令

  1. sudo apt-get install sshuttle

 

内容如下格式:

使用 sshuttle

 

{
    "server": "s9.y77u.com",
    "server_port": 15054,
    "local_address": "127.0.0.1",
    "local_port": 1087,
    "password": "794987885",
    "timeout": 300,
    "method": "rc4-md5"
}

sshuttle 语法

  1. sshuttle [options...][-r [username@]sshserver[:port]][subnets]

 

3、运行

慎选细节

-r, —remote=[username@]sshserver[:port]

远程主机名和可选的顾客名,用于连接远程服务器的ssh端口号。举例example.com、testuser@example.com、testuser@example.com:2222也许example.com:2244。

 

sslocal -c /etc/shadowsocks.json -d start

sshuttle 例子

在机械中利用上边包车型客车下令:

  1. sudo sshuttle -r username@sshserver 0.0.0.0/0-vv

当开端后,sshuttle会创设四个ssh会话到由-r钦点的服务器。假如-r被丢了,它会在本地运转客商端和服务端,那么些有时会在测量检验时有用。

总是到长途服务器后,sshuttle会上传它的(python卡塔尔源码到长途服务器并执行。所以,你就无需在长途服务器上安装sshuttle,并且顾客端和服务器端间不会设有sshuttle版本冲突。

 

要是产生看似如下错误,请看步骤 4,不然看步骤 5:

手册中的更加多例子

代理全体的本地连接用于地点测量试验,没有利用ssh:

  1. $ sudo sshuttle -v 0/0
  2. Starting sshuttle proxy.
  3. Listening on (‘0.0.0.0′,12300).
  4. [local sudo]Password:
  5. firewall manager ready.
  6. c : connecting to server...
  7. s: available routes:
  8. s:192.168.42.0/24
  9. c : connected.
  10. firewall manager: starting transproxy.
  11. c :Accept:‘192.168.42.106':50035 -> ‘192.168.42.121':139.
  12. c :Accept:‘192.168.42.121':47523 -> ‘77.141.99.22':443.
  13. ...etc...
  14. ^C
  15. firewall manager: undoing changes.
  16. KeyboardInterrupt
  17. c :Keyboard interrupt: exiting.
  18. c : SW#8:192.168.42.121:47523: deleting
  19. c : SW#6:192.168.42.106:50035: deleting

测量试验到长途服务器上的接连几天,自动推测主机名和子网:

  1. $ sudo sshuttle -vNHr example.org
  2. Starting sshuttle proxy.
  3. Listening on (‘0.0.0.0′,12300).
  4. firewall manager ready.
  5. c : connecting to server...
  6. s: available routes:
  7. s:77.141.99.0/24
  8. c : connected.
  9. c : seed_hosts:[]
  10. firewall manager: starting transproxy.
  11. hostwatch:Found: testbox1:1.2.3.4
  12. hostwatch:Found: mytest2:5.6.7.8
  13. hostwatch:Found: domaincontroller:99.1.2.3
  14. c :Accept:‘192.168.42.121':60554 -> ‘77.141.99.22':22.
  15. ^C
  16. firewall manager: undoing changes.
  17. c :Keyboard interrupt: exiting.
  18. c : SW#6:192.168.42.121:60554: deleting

via:

作者:ruchi
译者:geekpi
校对:wxy

本文由 LCTT
原创翻译,Linux中国 荣誉推出

来源:

本文恒久更新链接地址:http://www.linuxidc.com/Linux/2015-05/118141.htm

图片 3

AttributeError: .../bin/lib/libcrypto.so.1.1: undefined symbol: EVP_CIPHER_CTX_cleanup

相关文章