Comments (29)
可以看看你的yml配置吗?
from ltproxy.
from ltproxy.
确实,我测试发现是如果 socks 服务开在本地环境的话,会出现循环访问的问题,我想一下修复方案
from ltproxy.
但是我外网机走代理进内网又可以,内网机走代理出外网才不行,这张图的是可以的,我外网机ip是30段,可以走代理访问10段的,就上面那张无法走0段的代理去访问互联网,我直接用proxychains4+curl是可以的,但用ltproxy就不行了
from ltproxy.
目前测试到的是 socks 开在使用 ltproxy 的服务器本机透明代理就不行
from ltproxy.
搞清楚了,是因为你socks开在本地的话,socks的请求也会进入透明代理,透明代理又给了socks,流量循环递归无法使用。目前的解决方案是你的socks 需要使用本地的 ltproxy 用户启动,如: sudo -u ltproxy <socks 启动命令>
from ltproxy.
牛逼!
from ltproxy.
搞清楚了,是因为你socks开在本地的话,socks的请求也会进入透明代理,透明代理又给了socks,流量循环递归无法使用。目前的解决方案是你的socks 需要使用本地的 ltproxy 用户启动,如:
sudo -u ltproxy <socks 启动命令>
注意当ltproxy
和socks
的服务运行在一个主机上的话,socks
的服务需要使用ltproxy
用户运行,如:sudo -u ltproxy ./socks5 -l xxxx
没太明白这句,我socks5代理是别的服务器,不是跟ltproxy运行在同一台机的吖,
就像这里,我使用的ltproxy机是0.123,socks5代理是0.249,这不是在同一台机上的吖
from ltproxy.
那你的具体配置可以脱敏后提供一下吗? 我前面以为是同主机
from ltproxy.
具体配置就是这图里的,然后我这台机的ip是192.168.0.123
from ltproxy.
图片看不到 是前面两个图的第几个呀?
from ltproxy.
rules:
-
proxies:
- direct
target: - 192.168..
- 10...*
- direct
-
proxies:
- socks5 192.168.0.249 27018
target: - extranet
我使用ltproxy的机器ip是192.168.0.123
- socks5 192.168.0.249 27018
from ltproxy.
我测试了你的配置是没有问题的,建议检查一下 socks5 192.168.0.249 27018
是否正常
from ltproxy.
我测试了你的配置是没有问题的,建议检查一下
socks5 192.168.0.249 27018
是否正常
端口是正常的哦,我直接用proxychains4 加curl https://www.baidu.com可以出内容,但开ltproxy start直接用curl https://www.baidu.com就卡在那然后提示无法连接
from ltproxy.
192.168.0.249 的网关不是 192.168.0.123 吧?
from ltproxy.
不是,网关是192.168.0.1
from ltproxy.
查看一下 netfilter 的配置情况 iptables -L -n -v -t nat
查看一下进程的情况 ps aux |grep ipt2socks
from ltproxy.
Chain LLTPROXY (2 references)
pkts bytes target prot opt in out source destination
2916 148K RETURN tcp -- * * 0.0.0.0/0 192.168.0.0/16
0 0 RETURN tcp -- * * 0.0.0.0/0 10.0.0.0/8
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/8
0 0 RETURN all -- * * 0.0.0.0/0 10.0.0.0/8
0 0 RETURN all -- * * 0.0.0.0/0 100.64.0.0/10
0 0 RETURN all -- * * 0.0.0.0/0 127.0.0.0/8
0 0 RETURN all -- * * 0.0.0.0/0 169.254.0.0/16
0 0 RETURN all -- * * 0.0.0.0/0 172.16.0.0/12
0 0 RETURN all -- * * 0.0.0.0/0 192.168.0.0/16
0 0 RETURN all -- * * 0.0.0.0/0 198.18.0.0/15
0 0 RETURN all -- * * 0.0.0.0/0 224.0.0.0/4
0 0 RETURN all -- * * 0.0.0.0/0 240.0.0.0/4
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 redir ports 60634
[root@localhost ~]# ps aux |grep ipt2socks
root 3153 0.0 0.0 6656 2304 pts/0 S+ 14:52 0:00 grep --color=auto ipt2socks
from ltproxy.
原因是你的 ipt2socks 没有启动,执行 ipt2socks --help
看看是否已经安装正常并配置到环境变量中了
from ltproxy.
[root@localhost ~]# ps aux |grep ipt2socks
root 3153 0.0 0.0 6656 2304 pts/0 S+ 14:52 0:00 grep --color=auto ipt2socks
[root@localhost ~]# ipt2socks --help
usage: ipt2socks <options...>. the existing options are as follows:
-s, --server-addr socks5 server ip, default: 127.0.0.1
-p, --server-port socks5 server port, default: 1080
-a, --auth-username username for socks5 authentication
-k, --auth-password password for socks5 authentication
-b, --listen-addr4 listen ipv4 address, default: 127.0.0.1
-B, --listen-addr6 listen ipv6 address, default: ::1
-l, --listen-port listen port number, default: 60080
-S, --tcp-syncnt change the number of tcp syn retransmits
-c, --cache-size udp context cache maxsize, default: 256
-o, --udp-timeout udp context idle timeout, default: 60
-j, --thread-nums number of the worker threads, default: 1
-n, --nofile-limit set nofile limit, may need root privilege
-u, --run-user run as the given user, need root privilege
-T, --tcp-only listen tcp only, aka: disable udp proxy
-U, --udp-only listen udp only, aka: disable tcp proxy
-4, --ipv4-only listen ipv4 only, aka: disable ipv6 proxy
-6, --ipv6-only listen ipv6 only, aka: disable ipv4 proxy
-R, --redirect use redirect instead of tproxy for tcp
-r, --reuse-port enable so_reuseport for single thread
-w, --tfo-accept enable tcp_fastopen for server socket
-W, --tfo-connect enable tcp_fastopen for client socket
-v, --verbose print verbose log, affect performance
-V, --version print ipt2socks version number and exit
-h, --help print ipt2socks help information and exit
from ltproxy.
你手工启动 ipt2socks -R -n 9999 -j 50 -l 60634 -u ltproxy -s 192.168.0.249 -p 27018
看看是否报错,不报错的话测试一下透明代理是否已经生效
from ltproxy.
[root@localhost ~]# ipt2socks -R -n 9999 -j 50 -l 60634 -u ltproxy -s 192.168.0.249 -p 27018
2024-02-05 15:14:20 INF: [main] server address: 192.168.0.249#27018
2024-02-05 15:14:20 INF: [main] listen address: 0.0.0.0#60634
2024-02-05 15:14:20 INF: [main] listen address: ::#60634
2024-02-05 15:14:20 INF: [main] udp cache maximum size: 256
2024-02-05 15:14:20 INF: [main] udp socket idle timeout: 60
2024-02-05 15:14:20 INF: [main] number of worker threads: 50
2024-02-05 15:14:20 INF: [main] enable tcp transparent proxy
2024-02-05 15:14:20 INF: [main] enable udp transparent proxy
2024-02-05 15:14:20 INF: [main] use redirect instead of tproxy
2024-02-05 15:14:20 ERR: [set_ip_transparent] setsockopt(153, IP_TRANSPARENT): Operation not permitted
2024-02-05 15:14:20 ERR: [set_ip_transparent] setsockopt(154, IPV6_TRANSPARENT): Operation not permitted
from ltproxy.
使用正常?
from ltproxy.
不正常,[set_ip_transparent] setsockopt(153, IP_TRANSPARENT): Operation not permitted应该跟这里有关,但手动输指令proxychains4 curl www.baidu.com可以走代理正常访问
from ltproxy.
这个是开启TPROXY的 跟这个应该没关的,这个报错你也可以通过下面命令解决:
setcap cap_net_bind_service,cap_net_admin+ep `which ipt2socks`
重新启动 ipt2socks -R -n 9999 -j 50 -l 60634 -u ltproxy -s 192.168.0.249 -p 27018 -v
再测试是否能使用,看看输出什么日志
from ltproxy.
[root@localhost ~]# setcap cap_net_bind_service,cap_net_admin+ep which ipt2socks
[root@localhost ~]# ipt2socks -R -n 9999 -j 50 -l 60634 -u ltproxy -s 192.168.0.249 -p 27018 -v
2024-02-06 08:39:38 INF: [main] server address: 192.168.0.249#27018
2024-02-06 08:39:38 INF: [main] listen address: 0.0.0.0#60634
2024-02-06 08:39:38 INF: [main] listen address: ::#60634
2024-02-06 08:39:38 INF: [main] udp cache maximum size: 256
2024-02-06 08:39:38 INF: [main] udp socket idle timeout: 60
2024-02-06 08:39:38 INF: [main] number of worker threads: 50
2024-02-06 08:39:38 INF: [main] enable tcp transparent proxy
2024-02-06 08:39:38 INF: [main] enable udp transparent proxy
2024-02-06 08:39:38 INF: [main] use redirect instead of tproxy
2024-02-06 08:39:38 INF: [main] verbose mode (affect performance)
重启后错误消除了,但还是不能通过代理访问
from ltproxy.
你尝试但还是不能通过代理访问,那上面的 ipt2socks 进程上输出也没变化?还是上面那样?应该是 ltproxy 的配置又变了 iptables -t nat -L -n
查看一下
from ltproxy.
应该是域名问题,ltproxy启用后域名还是无法访问,但通过ip可以访问,域名解析不走代理所以出问题了
from ltproxy.
是的,目前利用的是 iptables 的方式进行透明代理,暂无法让域名走socks,域名在本地解析,你也可以给 /etc/hosts 添加静态绑定,现在是可以正常,那我先关闭该 issue
了,有问题再重新打开
from ltproxy.
Related Issues (2)
- 请问下可以改个centos可用的版本吗? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ltproxy.