引用自: ultra 于 八月 11, 2016, 07:14:40 下午
谢谢测试反馈,
curl www.dongtaiwang.com
curl: (18) transfer closed with 19 bytes remaining to read
不设置代理还是上不了动态网吗?
引用自: daxa8 于 八月 20, 2016, 04:21:07 下午谢谢反馈, 我们会考量。
本人用安卓版,感觉文章不能分享到微信,有点遗憾!
引用2,更新软件库列表:
user@debian:~$ sudo su
引用3,安装 ufw 防火墙:
root@debian:/home/user# apt-get update
引用4,激活 ufw 防火墙:
root@debian:/home/user# apt-get install ufw
引用5,查看 ufw 配置的 iptables 防火墙规则:
root@debian:/home/user# ufw enable
Firewall is active and enabled on system startup
引用6,安装火狐浏览器 firefox-esr:
root@debian:/home/user# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
( 省略 )
引用7,查看发行版本号:
root@debian:/home/user# apt-get install firefox-esr
引用8,测试数据:
root@debian:/home/user# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.5 (jessie)
Release: 8.5
Codename: jessie
引用
root@debian:/home/user# cat /etc/resolv.conf
nameserver 10.11.0.2
root@debian:/home/user# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 192.168.1.200/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 171597sec preferred_lft 171597sec
inet6 xxxx::xxxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.11.123.124/32 scope global tun0
valid_lft forever preferred_lft forever
root@debian:/home/user# ip route
0.0.0.0/1 via 10.11.123.124 dev tun0 scope link
default via 192.168.1.1 dev eth0 proto static metric 1024
xx.xx.xx.xx via 192.168.1.1 dev eth0
xx.xx.xx.xx via 192.168.1.1 dev eth0
xx.xx.xx.xx via 192.168.1.1 dev eth0
127.0.0.1 via 192.168.1.1 dev eth0
128.0.0.0/1 via 10.11.123.124 dev tun0 scope link
169.254.0.0/16 dev eth0 scope link metric 1000
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.200
root@debian:/home/user# nslookup www.dongtaiwang.com
Server: 10.11.0.2
Address: 10.11.0.2#53
Non-authoritative answer:
Name: www.dongtaiwang.com
Address: 172.16.0.6
root@debian:/home/user#
引用sudo su
引用ufw enable至此,【在系统启动时启用和激活防火墙】,设置完毕,
引用iptables -S
引用
# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
引用
# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
***( 省略 )
引用
# cat /etc/resolv.conf
nameserver 10.11.0.2
引用
# ip a
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.11.123.124/32 scope global tun0
valid_lft forever preferred_lft forever
引用
# ifconfig
tun0 Link encap:未指定 硬件地址 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet 地址:10.11.123.124 点对点:10.11.123.124 掩码:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 跃点数:1
接收数据包:27 错误:0 丢弃:0 过载:0 帧数:0
发送数据包:27 错误:0 丢弃:0 过载:0 载波:0
碰撞:0 发送队列长度:500
接收字节:3291 (3.2 KB) 发送字节:1692 (1.6 KB)
引用
# ip route
0.0.0.0/1 via 10.11.123.124 dev tun0 scope link
default via 192.168.53.2 dev enxxx proto static metric 100
xxx.xxx.xxx.xxx via 192.168.53.2 dev enxxx
xxx.xxx.xxx.xxx via 192.168.53.2 dev enxxx
xxx.xxx.xxx.xxx via 192.168.53.2 dev enxxx
127.0.0.1 via 192.168.53.2 dev enxxx
128.0.0.0/1 via 10.11.123.124 dev tun0 scope link
xxx.xxx.xxx.xxx via 192.168.53.2 dev enxxx
169.254.0.0/16 dev enxxx scope link metric 1000
192.168.53.0/24 dev enxxx proto kernel scope link src 192.168.53.172 metric 100
引用
# nslookup www.dongtaiwang.com
Server: 10.11.0.2
Address: 10.11.0.2#53
Non-authoritative answer:
Name: www.dongtaiwang.com
Address: 172.16.0.9
引用
# curl www.dongtaiwang.com
curl: (18) transfer closed with 19 bytes remaining to read
引用自: jingyue 于 八月 06, 2016, 05:22:08 上午
测试另一台虚拟机,原有网卡 eth0,eth1,lo,iptables 防火墙规则稍微复杂,
VPN 模式,
Firefox 火狐浏览器【不使用代理】,
打不开任何网页,
引用
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1082 errors:0 dropped:0 overruns:0 frame:0
TX packets:1082 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:520878 (508.6 KiB) TX bytes:520878 (508.6 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.11.123.124 P-t-P:10.11.123.124 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
引用
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1337 errors:0 dropped:0 overruns:0 frame:0
TX packets:1337 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:534157 (521.6 KiB) TX bytes:534157 (521.6 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.11.123.123 P-t-P:10.11.123.124 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
引用
# ip route | grep tun0
10.11.123.124 dev tun0 proto kernel scope link src 10.11.123.123
引用
找不到服务器
Firefox 无法找到在 www.dongtaiwang.com 的服务器。
请检查该地址是否输入错误,比如将"www.example.com"错写成"ww.example.com"
如果您无法载入任何页面,请检查您计算机的网络连接。
如果您的计算机或网络受到防火墙或者代理服务器的保护,请确认 Firefox 已被授权访问网络。
引用
找不到服务器
Firefox 无法找到在 www.yahoo.com 的服务器。
请检查该地址是否输入错误,比如将"www.example.com"错写成"ww.example.com"
如果您无法载入任何页面,请检查您计算机的网络连接。
如果您的计算机或网络受到防火墙或者代理服务器的保护,请确认 Firefox 已被授权访问网络。
引用
# cat /etc/resolv.conf
nameserver 10.11.0.2
引用
# nslookup www.dongtaiwang.com
;; connection timed out; no servers could be reached
引用
# nslookup https://www.yahoo.com
;; connection timed out; no servers could be reached
引用
# ip route | grep tun0
0.0.0.0/1 via 10.11.123.124 dev tun0 scope link
128.0.0.0/1 via 10.11.123.124 dev tun0 scope link
引用
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 192.168.53.156/24 brd 192.168.53.255 scope global dynamic eth0
valid_lft 1737sec preferred_lft 1737sec
inet6 xxxx::xxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 10.0.56.1/24 brd 10.0.56.255 scope global eth1
valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.11.123.124/32 scope global tun0
valid_lft forever preferred_lft forever
引用自: ultra 于 八月 05, 2016, 03:02:12 下午是的,
谢谢反馈,是不是http都有问题,https可以?
引用# cat /etc/resolv.conf
nameserver 10.11.0.2
引用
# nslookup www.dongtaiwang.com
Server: 10.11.0.2
Address: 10.11.0.2#53
Non-authoritative answer:
Name: www.dongtaiwang.com
Address: 172.16.0.23
引用
# nslookup www.torproject.org
Server: 10.11.0.2
Address: 10.11.0.2#53
Non-authoritative answer:
Name: www.torproject.org
Address: 172.16.0.4
引用
# nslookup https://www.torproject.org
Server: 10.11.0.2
Address: 10.11.0.2#53
Non-authoritative answer:
Name: https://www.torproject.org
Address: 172.16.0.24
引用# curl www.dongtaiwang.com
curl: (18) transfer closed with 19 bytes remaining to read
引用
# curl http://cn.ntdtv.com
curl: (18) transfer closed with 19 bytes remaining to read
引用
# ./u1604b -M vpn
Connecting ...
Connecting ...
Connecting ...
Connecting ...
CONNECTED
VPN MODE
引用
# cat /etc/resolv.conf
nameserver 10.11.0.2
# ip a | grep tun0
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
inet 10.11.123.124/32 scope global tun0
inet 10.11.123.123/32 brd 10.11.123.123 scope global tun0
# ip route | grep tun0
0.0.0.0/1 via 10.11.123.124 dev tun0 scope link
128.0.0.0/1 via 10.11.123.124 dev tun0 scope link
# nslookup www.dongtaiwang.com
Server: 10.11.0.2
Address: 10.11.0.2#53
Non-authoritative answer:
Name: www.dongtaiwang.com
Address: 172.16.0.0
# curl www.dongtaiwang.com
curl: (18) transfer closed with 19 bytes remaining to read
在 0.040 秒内创建了带有 18 查询的页面。