shadowsocks-rust
shadowsocks-rust copied to clipboard
Connected but no internet deployed on AWS EC2
I have an EC2 Ubuntu 22.04 instance in AWS. There services deploys on 1:1 NAS means the OS only see the its private IP but It's something like a bridge between public IP and OS.(replaced client ip with MY_Client_IP
and server public ip with AWS_public_ip
)
# Server
$ sudo /home/ubuntu/Apps/ssserver -c config.json -v
2022-07-11T19:13:44.635868458+00:00 DEBUG [6645:139767383308672] [shadowsocks_rust::sys] rlimit NOFILE adjusted rlimit { rlim_cur: 1048576, rlim_max: 1048576 }
2022-07-11T19:13:44.637135031+00:00 INFO [6645:139767383308672] [shadowsocks_rust::service::server] shadowsocks server 1.14.3 build 2022-04-04T17:17:20.738520637+00:00
2022-07-11T19:13:44.638215447+00:00 INFO [6645:139767383308672] [shadowsocks_service::server::tcprelay] shadowsocks tcp server listening on 0.0.0.0:443, inbound address 0.0.0.0:443
2022-07-11T19:13:55.503759018+00:00 DEBUG [6645:139767383303744] [shadowsocks_service::server::tcprelay] established tcp tunnel MY_Client_IP:17140 <-> 4.2.2.2:53 with ConnectOpts { fwmark: None, bind_local_addr: None, bind_interface: None, tcp: TcpSocketOpts { send_buffer_size: None, recv_buffer_size: None, nodelay: false, fastopen: false, keepalive: Some(15s) } }
2022-07-11T19:14:05.759546818+00:00 DEBUG [6645:139767383303744] [shadowsocks_service::server::tcprelay] established tcp tunnel MY_Client_IP:17141 <-> 4.2.2.2:53 with ConnectOpts { fwmark: None, bind_local_addr: None, bind_interface: None, tcp: TcpSocketOpts { send_buffer_size: None, recv_buffer_size: None, nodelay: false, fastopen: false, keepalive: Some(15s) } }
2022-07-11T19:14:16.024866206+00:00 DEBUG [6645:139767383303744] [shadowsocks_service::server::tcprelay] established tcp tunnel MY_Client_IP:17142 <-> 4.2.2.2:53 with ConnectOpts { fwmark: None, bind_local_addr: None, bind_interface: None, tcp: TcpSocketOpts { send_buffer_size: None, recv_buffer_size: None, nodelay: false, fastopen: false, keepalive: Some(15s) } }
^C2022-07-11T19:17:56.374931114+00:00 INFO [6645:139767383308672] [shadowsocks_rust::monitor::imp] received SIGINT, exiting
# Client
$ /home/amir/Shadowsocks-rust/sslocal -c ss-config3.json -v
2022-07-11T23:43:38.981641100+04:30 DEBUG [10457:140191176387072] [shadowsocks_rust::sys] rlimit NOFILE adjusted rlimit { rlim_cur: 1048576, rlim_max: 1048576 }
2022-07-11T23:43:38.981705813+04:30 INFO [10457:140191176387072] [shadowsocks_rust::service::local] shadowsocks local 1.14.3 build 2022-04-04T17:17:20.738520637+00:00
2022-07-11T23:43:38.982018397+04:30 INFO [10457:140191172179520] [shadowsocks_service::local::socks::server] shadowsocks socks TCP listening on 127.0.0.1:1090
2022-07-11T23:43:55.124769897+04:30 DEBUG [10457:140191176382016] [shadowsocks_service::local::socks::server::socks5::tcprelay] CONNECT 4.2.2.2:53
2022-07-11T23:43:55.378511416+04:30 DEBUG [10457:140191176382016] [shadowsocks_service::local::utils] established tcp tunnel 127.0.0.1:39496 <-> 4.2.2.2:53 through sever AWS_public_ip:443 (outbound: AWS_public_ip:443)
2022-07-11T23:44:05.389007035+04:30 DEBUG [10457:140191176382016] [shadowsocks_service::local::socks::server::socks5::tcprelay] CONNECT 4.2.2.2:53
2022-07-11T23:44:05.640909995+04:30 DEBUG [10457:140191176382016] [shadowsocks_service::local::utils] established tcp tunnel 127.0.0.1:39498 <-> 4.2.2.2:53 through sever AWS_public_ip:443 (outbound: AWS_public_ip:443)
2022-07-11T23:44:15.649910963+04:30 DEBUG [10457:140191172179520] [shadowsocks_service::local::socks::server::socks5::tcprelay] CONNECT 4.2.2.2:53
2022-07-11T23:44:15.902823635+04:30 DEBUG [10457:140191172179520] [shadowsocks_service::local::utils] established tcp tunnel 127.0.0.1:39500 <-> 4.2.2.2:53 through sever AWS_public_ip:443 (outbound: AWS_public_ip:443)
^C2022-07-11T23:47:58.411155659+04:30 INFO [10457:140191176387072] [shadowsocks_rust::monitor::imp] received SIGINT,
# in another terminal window
$ proxychains wget google.com
ProxyChains-3.1 (http://proxychains.sf.net)
--2022-07-11 23:43:55-- http://google.com/
Resolving google.com (google.com)... |DNS-request| google.com
|S-chain|-<>-127.0.0.1:1090-<><>-4.2.2.2:53-<><>-OK
|S-chain|-<>-127.0.0.1:1090-<><>-4.2.2.2:53-<><>-OK
|S-chain|-<>-127.0.0.1:1090-<><>-4.2.2.2:53-<><>-OK
|DNS-response|: google.com does not exist
failed: Unknown error.
wget: unable to resolve host address ‘google.com’
The client config:
$ cat ss-config3.json
{
"server": "AWS_public_ip",
"server_port":443,
"password":"PASS",
"method":"chacha20-ietf-poly1305",
"local_address": "127.0.0.1",
"local_port":1090
}
the server config
$ cat config.json
{
"server": "0.0.0.0",
"server_port":443,
"password":"PASS",
"method":"chacha20-ietf-poly1305",
"local_address": "AWS_public_ip",
"local_port":443
}
Also removing local_address
and local_port
in server config results Network is unreachable
error in server side.
I'm sure that firewall is not running and settinged up network inbound settings in AWS:
`
$ sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
$ sudo iptables -A INPUT -p udp --dport 443 -j ACCEPT
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT udp -- anywhere anywhere state NEW udp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:https
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
`
Also removing local_address and local_port in server config results Network is unreachable error in server side.
There must be something wrong in your route table. Can you curl
any destinations on your server?
Can you curl any destinations on your server?
Yes
Now I tested V2ray and shadowsocks-libev. they also not worked
No idea why.
try to change IP to "::" in server config?
Just yesterday I accidentally realized it works with one of mobile internet providers.(and today works with my home ADSL but very slowly and not works with other ISPs) seems not related to AWS so closing. but still confused how my server has been detected and censored even without share it
configs:
# server:
{
"server":"0.0.0.0",
"server_port":1312,
"local_address":"PUBLIC_ADDRESS",
"local_port":1312,
"password":"PASS",
"method":"chacha20-ietf-poly1305",
"nameserver":"8.8.8.8",
"mode":"tcp_only"
}
# client:
{
"server": "PUBLIC_ADDRESS",
"server_port":1312,
"password":"PASS",
"method":"chacha20-ietf-poly1305",
"local_address": "127.0.0.1",
"local_port":1090,
"remote_dns_address": "8.8.8.8"
}
thankyou