我有一个运行 Ubuntu 19 的 VPS。VPS 配置如下:
- OpenVPN 服务器端口 443
- OpenVPN 与 4343 共享端口
- Apache2 Web 服务器监听 80 和 4343(用于 SSL)
- OpenVPN DNS 流量传递至皮孔
- PiHole 将上游 DNS 设置为在同一 VPS 上自托管未绑定
这个设置有效。 PiHole 对 VPN 客户端进行广告拦截,并正确解析除由 apache 4343 托管在 VPS 上的网站之外的所有网站。该网站在未连接到 VPN 时加载正常。在我的 iptables 配置下面,我相信我有环回,所以我认为它应该可以正常工作。通过 VPN 连接时 SSH 工作正常,因此它似乎与端口共享隔离。配置取自PiHole 文档。
~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
REJECT udp -- anywhere anywhere udp dpt:80 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:https reject-with tcp-reset
REJECT udp -- anywhere anywhere udp dpt:443 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
答案1
问题是 pihole 正在从“/etc/hosts”读取服务器的 IP 地址,其中 IP 地址为 127.0.0.1。解决方案是编辑主机文件,如下所示:
mydomain.com my domain.com
127.0.0.1 localhost