shadowsocks-rust icon indicating copy to clipboard operation
shadowsocks-rust copied to clipboard

Published 20 hours ago verified publisher icon shadowsocks

Connected but no internet deployed on AWS EC2

Open amir28 opened this issue 2 years ago • 4 comments

I have an EC2 Ubuntu 22.04 instance in AWS. There services deploys on 1:1 NAS means the OS only see the its private IP but It's something like a bridge between public IP and OS.(replaced client ip with MY_Client_IP and server public ip with AWS_public_ip)

# Server
$ sudo /home/ubuntu/Apps/ssserver -c config.json -v
2022-07-11T19:13:44.635868458+00:00 DEBUG [6645:139767383308672] [shadowsocks_rust::sys] rlimit NOFILE adjusted rlimit { rlim_cur: 1048576, rlim_max: 1048576 }
2022-07-11T19:13:44.637135031+00:00 INFO  [6645:139767383308672] [shadowsocks_rust::service::server] shadowsocks server 1.14.3 build 2022-04-04T17:17:20.738520637+00:00
2022-07-11T19:13:44.638215447+00:00 INFO  [6645:139767383308672] [shadowsocks_service::server::tcprelay] shadowsocks tcp server listening on 0.0.0.0:443, inbound address 0.0.0.0:443
2022-07-11T19:13:55.503759018+00:00 DEBUG [6645:139767383303744] [shadowsocks_service::server::tcprelay] established tcp tunnel MY_Client_IP:17140 <-> 4.2.2.2:53 with ConnectOpts { fwmark: None, bind_local_addr: None, bind_interface: None, tcp: TcpSocketOpts { send_buffer_size: None, recv_buffer_size: None, nodelay: false, fastopen: false, keepalive: Some(15s) } }
2022-07-11T19:14:05.759546818+00:00 DEBUG [6645:139767383303744] [shadowsocks_service::server::tcprelay] established tcp tunnel MY_Client_IP:17141 <-> 4.2.2.2:53 with ConnectOpts { fwmark: None, bind_local_addr: None, bind_interface: None, tcp: TcpSocketOpts { send_buffer_size: None, recv_buffer_size: None, nodelay: false, fastopen: false, keepalive: Some(15s) } }
2022-07-11T19:14:16.024866206+00:00 DEBUG [6645:139767383303744] [shadowsocks_service::server::tcprelay] established tcp tunnel MY_Client_IP:17142 <-> 4.2.2.2:53 with ConnectOpts { fwmark: None, bind_local_addr: None, bind_interface: None, tcp: TcpSocketOpts { send_buffer_size: None, recv_buffer_size: None, nodelay: false, fastopen: false, keepalive: Some(15s) } }
^C2022-07-11T19:17:56.374931114+00:00 INFO  [6645:139767383308672] [shadowsocks_rust::monitor::imp] received SIGINT, exiting

# Client
$ /home/amir/Shadowsocks-rust/sslocal -c ss-config3.json -v
2022-07-11T23:43:38.981641100+04:30 DEBUG [10457:140191176387072] [shadowsocks_rust::sys] rlimit NOFILE adjusted rlimit { rlim_cur: 1048576, rlim_max: 1048576 }
2022-07-11T23:43:38.981705813+04:30 INFO  [10457:140191176387072] [shadowsocks_rust::service::local] shadowsocks local 1.14.3 build 2022-04-04T17:17:20.738520637+00:00
2022-07-11T23:43:38.982018397+04:30 INFO  [10457:140191172179520] [shadowsocks_service::local::socks::server] shadowsocks socks TCP listening on 127.0.0.1:1090
2022-07-11T23:43:55.124769897+04:30 DEBUG [10457:140191176382016] [shadowsocks_service::local::socks::server::socks5::tcprelay] CONNECT 4.2.2.2:53
2022-07-11T23:43:55.378511416+04:30 DEBUG [10457:140191176382016] [shadowsocks_service::local::utils] established tcp tunnel 127.0.0.1:39496 <-> 4.2.2.2:53 through sever AWS_public_ip:443 (outbound: AWS_public_ip:443)
2022-07-11T23:44:05.389007035+04:30 DEBUG [10457:140191176382016] [shadowsocks_service::local::socks::server::socks5::tcprelay] CONNECT 4.2.2.2:53
2022-07-11T23:44:05.640909995+04:30 DEBUG [10457:140191176382016] [shadowsocks_service::local::utils] established tcp tunnel 127.0.0.1:39498 <-> 4.2.2.2:53 through sever AWS_public_ip:443 (outbound: AWS_public_ip:443)
2022-07-11T23:44:15.649910963+04:30 DEBUG [10457:140191172179520] [shadowsocks_service::local::socks::server::socks5::tcprelay] CONNECT 4.2.2.2:53
2022-07-11T23:44:15.902823635+04:30 DEBUG [10457:140191172179520] [shadowsocks_service::local::utils] established tcp tunnel 127.0.0.1:39500 <-> 4.2.2.2:53 through sever AWS_public_ip:443 (outbound: AWS_public_ip:443)
^C2022-07-11T23:47:58.411155659+04:30 INFO  [10457:140191176387072] [shadowsocks_rust::monitor::imp] received SIGINT, 

# in another terminal window
$ proxychains wget google.com
ProxyChains-3.1 (http://proxychains.sf.net)
--2022-07-11 23:43:55--  http://google.com/
Resolving google.com (google.com)... |DNS-request| google.com 
|S-chain|-<>-127.0.0.1:1090-<><>-4.2.2.2:53-<><>-OK
|S-chain|-<>-127.0.0.1:1090-<><>-4.2.2.2:53-<><>-OK
|S-chain|-<>-127.0.0.1:1090-<><>-4.2.2.2:53-<><>-OK
|DNS-response|: google.com does not exist
failed: Unknown error.
wget: unable to resolve host address ‘google.com’

The client config:

$ cat ss-config3.json 
{
    "server": "AWS_public_ip",
    "server_port":443,
    "password":"PASS",
    "method":"chacha20-ietf-poly1305",
    "local_address": "127.0.0.1",
    "local_port":1090
}

the server config

$ cat config.json
{
    "server": "0.0.0.0",
    "server_port":443,
    "password":"PASS",
    "method":"chacha20-ietf-poly1305",
    "local_address": "AWS_public_ip",
    "local_port":443
}

Also removing local_address and local_port in server config results Network is unreachable error in server side. I'm sure that firewall is not running and settinged up network inbound settings in AWS: ` $ sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT $ sudo iptables -A INPUT -p udp --dport 443 -j ACCEPT $ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT udp -- anywhere anywhere state NEW udp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT udp -- anywhere anywhere udp dpt:https

Chain FORWARD (policy ACCEPT) target prot opt source destination

Chain OUTPUT (policy ACCEPT) target prot opt source destination
`

amir28 avatar Jul 11 '22 19:07 amir28

Also removing local_address and local_port in server config results Network is unreachable error in server side.

There must be something wrong in your route table. Can you curl any destinations on your server?

zonyitoo avatar Jul 12 '22 03:07 zonyitoo

Can you curl any destinations on your server?

Yes

Now I tested V2ray and shadowsocks-libev. they also not worked

amir28 avatar Jul 12 '22 04:07 amir28

No idea why.

zonyitoo avatar Jul 12 '22 05:07 zonyitoo

try to change IP to "::" in server config?

5uy4n9 avatar Jul 15 '22 20:07 5uy4n9

Just yesterday I accidentally realized it works with one of mobile internet providers.(and today works with my home ADSL but very slowly and not works with other ISPs) seems not related to AWS so closing. but still confused how my server has been detected and censored even without share it

configs:

# server:
{
    "server":"0.0.0.0",
    "server_port":1312,
    "local_address":"PUBLIC_ADDRESS",
    "local_port":1312,
    "password":"PASS",
    "method":"chacha20-ietf-poly1305",
    "nameserver":"8.8.8.8",
    "mode":"tcp_only"
}
# client:
{
    "server": "PUBLIC_ADDRESS",
    "server_port":1312,
    "password":"PASS",
    "method":"chacha20-ietf-poly1305",
    "local_address": "127.0.0.1",
    "local_port":1090,
    "remote_dns_address": "8.8.8.8"
}

thankyou

amir28 avatar Sep 17 '22 15:09 amir28