如果访问不了外网,但是有某台设备可以,可以使用代理方案。
这是个关键字,需要拼接一下。shadow,socks,libev
1),服务器PS:能出外网的机器,运行ssserver
2)shadow,socks客户服务器CS:客户端代理服务,运行ss-local
3)http代理服务HS:把socks协议转成http,可以和CS放一起
4)浏览器browser,设置http代理。
安装:
ubuntu可以用apt安装
没有的可以上github找源码,shadow,socks,libev,编译安装。具体查看github,但github的说明不详细,centos7安装步骤不足。缺少的开发包需要另外安装,特别源码用到有3个lib库需要分别到github下载,解压后替换原来的3个lib开头的空目录,运行autogen.sh生成configure,然后configure,make,make install。
成功后提示:
libtool: install: /bin/install -c ss-local /usr/local/bin/ss-local
libtool: install: /bin/install -c ss-tunnel /usr/local/bin/ss-tunnel
libtool: install: /bin/install -c ss-server /usr/local/bin/ss-server
libtool: install: /bin/install -c ss-manager /usr/local/bin/ss-manager
libtool: install: /bin/install -c ss-redir /usr/local/bin/ss-redir
http代理可以用privoxy,yum可以安装
1)PS的配置:
/usr/bin/ss-server -c /etc/ss/config.json -u
# cat /etc/ss/config.json
{
"server":"0.0.0.0",
"server_port":3333,
"local_port":4444,
"password":"yourpassword",
"timeout":60,
"method": "aes-256-gcm"
}
2)CS的配置:
/usr/bin/sslocal -c /etc/ss/config.json
/etc/ss/config.json
{
"server":"your.server.ip.here",
"server_port":3333,
"local_address": "127.0.0.1",
"local_port":4444,
"password":"yourpassword",
"timeout":300,
"method":"aes-256-gcm",
"fast_open": false,
"workers": 10
}
3)HS
/usr/sbin/privoxy —pidfile /run/privoxy.pid —user privoxy /etc/privoxy/config
核心配置是forward-socks5t / 127.0.0.1:4444 .指向本地的socks代理端口
# cat /etc/privoxy/config
confdir /etc/privoxy
logdir /var/log/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
filterfile user.filter # User customizations
logfile logfile
listen-address 0.0.0.0:18118
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forward-socks5t / 127.0.0.1:4444 .
forward 192.168.*.*/ .
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300