Shadowsocks-libev: iptables该如何设置

Created on 9 Apr 2017  ·  7Comments  ·  Source: shadowsocks/shadowsocks-libev

Please answer these questions before submitting your issue. Thanks!

(Please mention that if the issue you filed is solved, you may wish to close it by yourself. Thanks again.)

(PS, you can remove 3 lines above, including this one, before post your issue.)

What version of shadowsocks-libev are you using?

shadowsocks-libev 2.6.2 with OpenSSL 1.0.2k

What operating system are you using?

centos

What did you do?

/etc/shadowsocks-libev/shadowsocks.json

{
        "server":"x.x.x.x",
        "server_port":8888,
        "password":"xxx",
        "timeout":600,
        "method":"aes-256-cfb"
}

service iptables start
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp --dport 8888 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 8888 -j ACCEPT
service shadowsocks.server start

What did you expect to see?

run shadowsocks with iptables is opened

What did you see instead?

开启INPUT过滤后,shadowsocks无法访问客户端请求的网站

What is your config in detail (with all sensitive info masked)?

question
Source
picture 860git

Most helpful comment

擦,iptables --policy INPUT DROP这一条不能直接命令行输入的,导致VPS直接连不上了。

picture songxin1990 on 18 May 2018
👍4

All 7 comments

iptables -A OUTPUT -p tcp --dport 8888 -j ACCEPT

halldong picture halldong on 12 Apr 2017

一些微小的工作

清空所有链

iptables --flush
iptables --delete-chain
iptables --table mangle --flush
iptables --table mangle --delete-chain

设定默认规则

iptables --policy INPUT DROP
iptables --policy OUTPUT ACCEPT
iptables --policy FORWARD DROP

允许SSH

iptables --append INPUT --protocol tcp --dport 22-j ACCEPT

允许Shadowsocks端口

iptables --append INPUT --protocol tcp --dport 8888 -j ACCEPT

允许合法接入链接

iptables --append INPUT --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT

永久化

iptables-save > /etc/iptables_rules
echo "/sbin/iptables-restore < /etc/iptables_rules" >> /etc/rc.local

kkkkke picture kkkkke on 12 Apr 2017
👍4 👎3

thks

candledragle picture candledragle on 20 Sep 2017

thks2

860git picture 860git on 26 Sep 2017

擦,iptables --policy INPUT DROP这一条不能直接命令行输入的,导致VPS直接连不上了。

songxin1990 picture songxin1990 on 18 May 2018
👍4

擦,iptables --policy INPUT DROP这一条不能直接命令行输入的,导致VPS直接连不上了。

什么意思,这一行不能输入是么?

Dongzzzz picture Dongzzzz on 15 Feb 2019

擦,iptables --policy INPUT DROP这一条不能直接命令行输入的,导致VPS直接连不上了。

什么意思,这一行不能输入是么?

就是说不能直接在控制台,shell窗口中输入,要编辑配置文件模式下输入。
如果vps连接不上了,可以尝试linode管理台重启vps或者用linode的控制台连接vps。
shadowsocks现在端口老是被封,被封后通过linode控制台上去改端口,或者直接开telnet吧,,不怕的话。

songxin1990 picture songxin1990 on 20 Feb 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

zhfreal picture zhfreal  ·  4Comments
yuhaiyang picture yuhaiyang  ·  4Comments
msdurex picture msdurex  ·  3Comments
tony1016 picture tony1016  ·  3Comments
zent00 picture zent00  ·  3Comments