I have a ubuntu server, but I have to connect to by <ip>:8820. I want to setup a shadowsocks server on it on port 1081, then how to connect to it? Say something like <ip>:8820:1081(which is invalid)? I have tried to use ssh to map it's 1081 port to my 1081 port:
ssh -N -f -L localhost:1081:localhost:1081 -p 8820 user#<ip>
Then I config my sslocal as:
{
"server":"127.0.0.1",
"server_port":1081,
"local_address":"127.0.0.1",
"local_port":10081,
"password":"password",
"timeout":300,
"method":"rc4-md5",
"workers":1
}
But it doesn't work, how can I do?
First, Server ip must be your vps ip adress. And use 443 port(or othders but now GFW has upgrade to use whitelist, 443 port temporarily safe)
Second, Could you share your ss-local.log on here ?
If your method:rc4-md5 doesn't work, you can try aes-256-cfb. I also have problems with the service on method:rc4-md5
Don't forget restart your ss-server.
Finally, Make sure your internet don't has any othder proxy.
You don’t actually need that.
{
"server":"0.0.0.0",
"server_port":<your server port here>,
"password":"password",
"timeout":300,
"method":"rc4-md5",
"workers":1
}
Configure ss-server to listen on ‘0.0.0.0’.
Mapping remote port, simply you can use ss-tunnel instead.
Suggestions:
DO NOT USE STANDARD PORTS. (Random port number larger than 3000 smaller than 65536 is OK for me.)
The rc4-md5 solution:
https://github.com/shadowsocks/shadowsocks-libev/issues/1966
Reference:
https://github.com/shadowsocks/shadowsocks-libev/blob/master/doc/ss-tunnel.asciidoc
Related
My Redis instance is running at 192.168.1.101.
Redis version is 4.0.1
I want to to be able to connect this Redis instance from 192.168.1.103, but I can't.
I type redis-cli -h 192.168.1.101 -p 6379 -a myredisPasswordisHere while I'm at 192.168.1.103
It returns
Could not connect to Redis at 192.168.1.101:6379: Connection refused
Could not connect to Redis at 192.168.1.101:6379: Connection refused
Here's the related part of the Redis.conf, it's located in /usr/local/etc/redis.conf. I've installed it via Homebrew.
TL;DR
protected-mode yes
bind 192.168.1.100 192.168.1.101 192.168.1.102 192.168.1.103 192.168.1.104
requirepass myredisPasswordisHere
What's wrong here?
For the redis service to be available for other remote hosts to query it, You need to bind it publicly to serve using bind 0.0.0.0
As the other comments from #Itamar and #Mark clearly mention, bind isn't the list of IP addresses that can connect but rather the interface on the local machine. Once the service is publicly available and running with 0.0.0.0 for your requirement of only allowing specific hosts, you need some kind of a firewall with a whitelist of IP addresses that can access this host which you can achieve with iptables.
I am trying to execute the container named redis which is running right now.But the error Could not connect to Redis at redis:6379: Name or service not known. Any one please hell me to figure out the issue and fix it.
This is because both the containers are not in same network, Add a network property inside service name and make sure its same for both
redis:
networks:
- redis-net
Naming the container doesn't alter your hosts file or DNS, and depending on how you ran the container it may not be accessible via the standard port as Docker does port translation.
Run docker inspect redis and examine the ports output, it will tell you what port it is accessible on as well as the IP. Note, however, that this will only be connectable over that IP from that host. To access it from off of the host you will need to use the port from the above command and the host's IP address. That assumes your local firewall rules allow it, which are beyond the scope of this site.
Try below command
src/redis-cli -h localhost -p 6379
I use this for remote port forwarding over SSH tunnel:
ssh root#X.X.X.X -R 443:127.0.0.1:443
this binds to 0.0.0.0:443 and forwards to 127.0.0.1:443 .
The remote server has multiple IPs. Is it possible to specify the IP I want to bind to, for instance 10.10.10.1:443, instead of binding to all interfaces?
iptables is not available on the remote server.
I managed to solve it.
On the remote server I set in sshd_config:
GatewayPorts clientspecified
Then I changed the arguments on the client like this:
ssh root#X.X.X.X -R 10.10.10.1:443:127.0.0.1:443
Now it works as expected, SSH binds to port 443 on interface 10.10.10.1 and forwards all traffic over the tunnel to localhost:443 .
I am doing a local forwarding to the remote port at 80 which the apache2 is listening on like this ssh -L 80:localhost:80 user#host.com , so it connects me to the remote server, however I find I can still do mkdir rm and such commands. Isn't it so that I am only forwarded to application listening on port 80? so what's the difference to this command ssh -p 22 host.com ? Is there a way to test if this port forwarding is working?
Yes, you can Test as follows:
You should use a Client program on one Side and A Server Program on the other remote side.
Try to connect your client to your server according to ports and IP's used in your port forwarding by Netsh Cmd.
If connection succeed , that is it, if connection fails, that means port forwarding command was failed, or your ip and port configuration of your client and server is wrong.
More over if you send a text file to the server, you should receive it.
I hope that this will help.
Thanks.
You can listen on port 80 with netcat like this on the host ...
nc -l -p 80
... and then either send something back with netcat ...
nc host.com 80 <<< hello
... and see if you get a "hello" on the server, or use nmap :
nmap host.com -p 80
You can also use nmap the same way if you already have a server listening on port 80, like apache.
Just note that nmap will say it's closed unless there is something listening on that port.
I have an Apache webserver running on a local machine through reverse ssh tunnel, i.e.:
ssh -R *:80:local_machine:8080 username#gateway_machine
In other words, all traffic from port 80 on gateway_machine
is sent to port 8080 on local_machine.
For monitoring purposes, I wish to know IP addresses of the remote clients
connected to gateway_machine. However my local Apache server sees
all traffic coming from the IP address of gateway_machine.
My question: Is there any way to setup ssh server running on gateway_machine such that
it sends all traffic to local_machine with actual remote IP addresses ?
The SSH protocol uses a channel type called "direct-tcpip" for forwarding a TCP connection. The protocol message for opening one of these channels includes the address and port of the client whose connection is being forwarded. So the information that you want is available to the ssh client (which in your case is opening the connection to the target of the forward).
The OpenSSH ssh client logs the originator address and port in a debug level message, so you can see it if you run ssh with the -v option:
$ ssh -v -R 2000:localhost:1000 localhost
...
debug1: client_request_forwarded_tcpip: listen localhost port 2000, originator ::1 port 51101
Here the originator address was ::1 (IPv6 localhost) and port 51101. The ssh utility doesn't do anything else with the information.
So, depending on your needs, you have three approaches to collect this information:
Invoke the ssh process which creates these forwards with the -v option, and arrange to collect and parse the relevant debug information.
Make source code changes to ssh to make it do what you want it to do with the information.
Write your own ssh client which does what you want. SSH client libraries are available for most modern programming languages.