我有一台 Hetzner VPS 和 Ubuntu Server 16(服务器)。我想用它作为远程网络的 HTTP 代理,但我的问题是我无法访问服务器外部的代理端口。我使用 tinyproxy 作为简单的 http 代理服务器,但我认为这没关系,因为我也尝试过 Squid。
在询问之前我检查了一些基本时刻:
- 防火墙已禁用
root@g / # ufw status
Status: inactive
- Tinyproxy 正在运行
root@g / # service tinyproxy status
● tinyproxy.service - LSB: Tinyproxy HTTP proxy
Loaded: loaded (/etc/init.d/tinyproxy; bad; vendor preset: enabled)
Active: active (running) since Thu 2019-03-28 19:58:11 CET; 1 day 2h ago
Docs: man:systemd-sysv-generator(8)
Process: 7494 ExecStop=/etc/init.d/tinyproxy stop (code=exited, status=0/SUCCESS)
Process: 7499 ExecStart=/etc/init.d/tinyproxy start (code=exited, status=0/SUCCESS)
Tasks: 11
Memory: 5.4M
CPU: 1.178s
CGroup: /system.slice/tinyproxy.service
├─7537 /usr/sbin/tinyproxy
├─7540 /usr/sbin/tinyproxy
├─7541 /usr/sbin/tinyproxy
├─7542 /usr/sbin/tinyproxy
├─7543 /usr/sbin/tinyproxy
├─7544 /usr/sbin/tinyproxy
├─7545 /usr/sbin/tinyproxy
├─7546 /usr/sbin/tinyproxy
├─7547 /usr/sbin/tinyproxy
├─7548 /usr/sbin/tinyproxy
└─7549 /usr/sbin/tinyproxy
Mar 28 19:58:11 german systemd[1]: Starting LSB: Tinyproxy HTTP proxy...
Mar 28 19:58:11 german tinyproxy[7499]: Starting tinyproxy: tinyproxy.
Mar 28 19:58:11 german systemd[1]: Started LSB: Tinyproxy HTTP proxy.
- 服务器正在监听代理端口(8888)
root@g / # netstat -an | grep "LISTEN "
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1080 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::3002 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
tcp6 0 0 :::3006 :::* LISTEN
tcp6 0 0 :::2375 :::* LISTEN
- 我查过 IP 表,但说实话我不太明白
root@g / # iptables -L -n -x -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
99952286 37369939710 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1634344 98674279 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2343 144306 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
788 286051 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
442 164289 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
324726 21021269 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1080
3462547 186835506 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
149920429 115433171227 DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0
22887 309690442 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
21746 1697123 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
557186689 2014390071915 ACCEPT all -- * br-770d85b66525 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
6249909 363261028 DOCKER all -- * br-770d85b66525 0.0.0.0/0 0.0.0.0/0
53787256 21286309449 ACCEPT all -- br-770d85b66525 !br-770d85b66525 0.0.0.0/0 0.0.0.0/0
3331362 199881704 ACCEPT all -- br-770d85b66525 br-770d85b66525 0.0.0.0/0 0.0.0.0/0
41344046 8301225682 ACCEPT all -- * * 10.10.10.0/24 0.0.0.0/0 policy match dir in pol ipsec proto 50
41041690 87245507143 ACCEPT all -- * * 0.0.0.0/0 10.10.10.0/24 policy match dir out pol ipsec proto 50
26679 3540888 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 74627 packets, 23792962 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
150 6096 ACCEPT tcp -- !br-770d85b66525 br-770d85b66525 0.0.0.0/0 172.18.0.5 tcp dpt:3000
132632 7919657 ACCEPT tcp -- !br-770d85b66525 br-770d85b66525 0.0.0.0/0 172.18.0.7 tcp dpt:5432
291 13864 ACCEPT tcp -- !br-770d85b66525 br-770d85b66525 0.0.0.0/0 172.18.0.3 tcp dpt:3000
20245 1130900 ACCEPT tcp -- !br-770d85b66525 br-770d85b66525 0.0.0.0/0 172.18.0.4 tcp dpt:443
629141 35989923 ACCEPT tcp -- !br-770d85b66525 br-770d85b66525 0.0.0.0/0 172.18.0.4 tcp dpt:80
Chain DOCKER-ISOLATION (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- br-770d85b66525 docker0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- docker0 br-770d85b66525 0.0.0.0/0 0.0.0.0/0
149920429 115433171227 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
- 检查我是否可以从本地主机访问代理。不用担心由权限引起的 403 错误,但我至少得到了响应:
root@g / # curl -x 127.0.0.1:8888 -v http://google.com
* Rebuilt URL to: http://google.com/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8888 (#0)
> GET http://google.com/ HTTP/1.1
> Host: google.com
> User-Agent: curl/7.47.0
> Accept: */*
> Proxy-Connection: Keep-Alive
>
* HTTP 1.0, assume close after body
< HTTP/1.0 403 Access denied
< Server: tinyproxy/1.8.3
< Content-Type: text/html
< Connection: close
...
- 我尝试使用外部服务器 IP 从外部进行访问。我尝试从远程网络甚至从服务器的控制台进行访问。
root@g / # curl -x IP_ADDRESS:8888 -v http://google.com
* Rebuilt URL to: http://google.com/
* Trying IP_ADDRESS...
* connect to IP_ADDRESS port 8888 failed: Connection timed out
* Failed to connect to IP_ADDRESS port 8888: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to IP_ADDRESS port 8888: Connection timed out
所以我被困在这里,不知道还要检查什么。该服务器还用作 SOCKS5 代理和 http/https 服务器,没有任何外部访问问题。你能给我一些建议吗,我还可以检查什么?