首先,linux shell下默认变量的计算小数都省略掉了,也就是0.99999其实就是0,这个很不好,有时候我们需要统计小数的。
好了,用echo + bc的组合可以实现。
- echo "scale=4; $BYTES_SENT/1024/1024"|bc
scale可以设置小数点后保留4位。
但是问题又出来了,如果是0.9999则显示的是.9999,小数点前面的0又不显示了,bc也是够了逗比了,好吧,继续折腾。
- echo "scale=4; $BYTES_SENT/1024/1024"|bc|awk '{printf "%.4f", $0}'
这样子下来,用awk再来格式化下,只怪奶牛shell学得很渣,但是很多东西查到了还是很好学习的,记录下。
autoproxy在firefox新版本中很多无法使用订阅功能,用这个改版还是比较好的选择。
下载地址:http://www.400gb.com/file/114503453
使用方法:下载后直接拖动文件到firefox的地址栏即可安装。
在Nginx的nginx.conf里面有如下的字段
如果我们想在默认的目录添加密码保护,只保护对目录的访问,也就是登陆这个目录就会输入密码,则我们这样设置
其中pass_file是密码文件的绝对路径,密码文件是由用户名和函数 crypt加密的密码组成,可以使用 htpasswd -c -d pass_file username 来生成。
好吧,很多东西还是有个前端管理起来比较方便,奶牛今天也配了个,写下过程记录下。
安装shadowsocks支持
- apt-get install python-pip python-m2crypto
- pip install cymysql
安装LNMP
- wget -c http://soft.vpser.net/lnmp/lnmp1.2-full.tar.gz && tar zxf lnmp1.2-full.tar.gz && cd lnmp1.2-full && ./install.sh lnmp
后端安装配置
- git clone -b manyuser https://github.com/mengskysama/shadowsocks.git
- cd ./shadowsocks/shadowsocks
- vim Config.py
- #Config
- MYSQL_HOST = 'localhost' #这一行是服务器IP,127.0.0.1表示本机
- MYSQL_PORT = 3306 #数据库端口号
- MYSQL_USER = 'nenew' #数据库用户名
- MYSQL_PASS = 'nenew' #数据库密码
- MYSQL_DB = 'shadowsocks' #数据库名称
- MANAGE_PASS = 'ss233333333'
- #if you want manage in other server you should set this value to global ip
- MANAGE_BIND_IP = '127.0.0.1'
- #make sure this port is idle
- MANAGE_PORT = 23333
- python server.py
在mysql数据库中新建数据库shadowsocks,并添加用户nenew,导入manyuser中的sql文件,然后执行python server.py。如果没有异常,则表示已经安装成功后端。
前端安装:
- lnmp vhost add
添加虚拟主机,然后进入虚拟主机目录
- wget https://github.com/orvice/ss-panel/archive/master.zip
- unzip master.zip
- rm master.zip
- mv -f ss-panel-master/* ./
- mv lib/config-simple.php lib/config.php
- vim lib/config.php
编辑配置信息,然后将lib文件夹下的sql文件都导入到nenew数据库中。
添加守护进程supervisor:
- apt-get install supervisor
- echo_supervisord_conf > /etc/supervisor/supervisord.conf
- vim /etc/supervisor/supervisord.conf
将文件最后添加
- [program:shadowsocks]
- command=python /root/shadowsocks/shadowsocks/server.py -c /root/shadowsocks/shadowsocks/config.json
- autorestart=true
- user=root
其中的目录自己根据实际情况设置,重启即可。
前端github:https://github.com/orvice/ss-panel
后端github:https://github.com/mengskysama/shadowsocks
顺带广告,ss服务器150元每年,需要者联系,联系方式见杂货铺。
其实以前也搞过PPTP VPN的配置,但是当时都是存在于建立,很多细节的方面并没有做好。今天来搞下这个日志系统吧,主要实现是通过ip-up 和ip-down两个脚本来实现的。这里说下原理吧,原理是通过pptp建立连接的时候都会执行ip-up,然后断线会执行ip-down。首先看看man pppd里面的一些内容:
- SCRIPTS
- Pppd invokes scripts at various stages in its processing which can be
- used to perform site-specific ancillary processing. These scripts are
- usually shell scripts, but could be executable code files instead.
- Pppd does not wait for the scripts to finish (except for the ip-pre-up
- script). The scripts are executed as root (with the real and effective
- user-id set to 0), so that they can do things such as update routing
- tables or run privileged daemons. Be careful that the contents of
- these scripts do not compromise your system's security. Pppd runs the
- scripts with standard input, output and error redirected to /dev/null,
- and with an environment that is empty except for some environment vari-
- ables that give information about the link. The environment variables
- that pppd sets are:
- DEVICE The name of the serial tty device being used.
- IFNAME The name of the network interface being used.
- IPLOCAL
- The IP address for the local end of the link. This is only set
- when IPCP has come up.
- IPREMOTE
- The IP address for the remote end of the link. This is only set
- when IPCP has come up.
- PEERNAME
- The authenticated name of the peer. This is only set if the
- peer authenticates itself.
- SPEED The baud rate of the tty device.
- ORIG_UID
- The real user-id of the user who invoked pppd.
- PPPLOGNAME
- The username of the real user-id that invoked pppd. This is
- always set.
- For the ip-down and auth-down scripts, pppd also sets the following
- variables giving statistics for the connection:
- CONNECT_TIME
- The number of seconds from when the PPP negotiation started
- until the connection was terminated.
- BYTES_SENT
- The number of bytes sent (at the level of the serial port) dur-
- ing the connection.
- BYTES_RCVD
- The number of bytes received (at the level of the serial port)
- during the connection.
- LINKNAME
- The logical name of the link, set with the linkname option.
- CALL_FILE
- The value of the call option.
- DNS1 If the peer supplies DNS server addresses, this variable is set
- to the first DNS server address supplied.
- DNS2 If the peer supplies DNS server addresses, this variable is set
- to the second DNS server address supplied.
- Pppd invokes the following scripts, if they exist. It is not an error
- if they don't exist.
- /etc/ppp/auth-up
- A program or script which is executed after the remote system
- successfully authenticates itself. It is executed with the
- parameters
- interface-name peer-name user-name tty-device speed
- Note that this script is not executed if the peer doesn't
- authenticate itself, for example when the noauth option is used.
- /etc/ppp/auth-down
- A program or script which is executed when the link goes down,
- if /etc/ppp/auth-up was previously executed. It is executed in
- the same manner with the same parameters as /etc/ppp/auth-up.
- /etc/ppp/ip-pre-up
- A program or script which is executed just before the ppp net-
- work interface is brought up. It is executed with the same
- parameters as the ip-up script (below). At this point the
- interface exists and has IP addresses assigned but is still
- down. This can be used to add firewall rules before any IP
- traffic can pass through the interface. Pppd will wait for this
- script to finish before bringing the interface up, so this
- script should run quickly.
- /etc/ppp/ip-up
- A program or script which is executed when the link is available
- for sending and receiving IP packets (that is, IPCP has come
- up). It is executed with the parameters
- interface-name tty-device speed local-IP-address
- remote-IP-address ipparam
- /etc/ppp/ip-down
- A program or script which is executed when the link is no longer
- available for sending and receiving IP packets. This script can
- be used for undoing the effects of the /etc/ppp/ip-up and
- /etc/ppp/ip-pre-up scripts. It is invoked in the same manner
- and with the same parameters as the ip-up script.
- /etc/ppp/ipv6-up
- Like /etc/ppp/ip-up, except that it is executed when the link is
- available for sending and receiving IPv6 packets. It is executed
- with the parameters
- interface-name tty-device speed local-link-local-address
- remote-link-local-address ipparam
- /etc/ppp/ipv6-down
- Similar to /etc/ppp/ip-down, but it is executed when IPv6 pack-
- ets can no longer be transmitted on the link. It is executed
- with the same parameters as the ipv6-up script.
- /etc/ppp/ipx-up
- A program or script which is executed when the link is available
- for sending and receiving IPX packets (that is, IPXCP has come
- up). It is executed with the parameters
- interface-name tty-device speed network-number
- local-IPX-node-address remote-IPX-node-address local-IPX-rout-
- ing-protocol remote-IPX-routing-protocol local-IPX-router-name
- remote-IPX-router-name ipparam pppd-pid
- The local-IPX-routing-protocol and remote-IPX-routing-protocol
- field may be one of the following:
- NONE to indicate that there is no routing protocol
- RIP to indicate that RIP/SAP should be used
- NLSP to indicate that Novell NLSP should be used
- RIP NLSP to indicate that both RIP/SAP and NLSP should be used
- /etc/ppp/ipx-down
- A program or script which is executed when the link is no longer
- available for sending and receiving IPX packets. This script
- can be used for undoing the effects of the /etc/ppp/ipx-up
- script. It is invoked in the same manner and with the same
- parameters as the ipx-up script.
这就是ppp的脚本内容,里面当然有变量咯,这些变量就是我们需要的。
好了,那么开始进行日志整理吧,首先是ip-up
- vim /etc/ppp/ip-up
- #!/bin/sh
- #
- # This script is run by the pppd after the link is established.
- # It uses run-parts to run scripts in /etc/ppp/ip-up.d, so to add routes,
- # set IP address, run the mailq etc. you should create script(s) there.
- #
- # Be aware that other packages may include /etc/ppp/ip-up.d scripts (named
- # after that package), so choose local script names with that in mind.
- #
- # This script is called with the following arguments:
- # Arg Name Example
- # $1 Interface name ppp0
- # $2 The tty ttyS1
- # $3 The link speed 38400
- # $4 Local IP number 12.34.56.78
- # $5 Peer IP number 12.34.56.99
- # $6 Optional ``ipparam'' value foo
- # The environment is cleared before executing this script
- # so the path must be reset
- PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
- export PATH
- # These variables are for the use of the scripts run by run-parts
- PPP_IFACE="$1"
- PPP_TTY="$2"
- PPP_SPEED="$3"
- PPP_LOCAL="$4"
- PPP_REMOTE="$5"
- PPP_IPPARAM="$6"
- export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
- # as an additional convenience, $PPP_TTYNAME is set to the tty name,
- # stripped of /dev/ (if present) for easier matching.
- PPP_TTYNAME=`/usr/bin/basename "$2"`
- export PPP_TTYNAME
- # If /var/log/ppp-ipupdown.log exists use it for logging.
- if [ -e /var/log/ppp-ipupdown.log ]; then
- exec > /var/log/ppp-ipupdown.log 2>&1
- echo $0 $@
- echo
- fi
- # This script can be used to override the .d files supplied by other packages.
- if [ -x /etc/ppp/ip-up.local ]; then
- exec /etc/ppp/ip-up.local "$@"
- fi
- run-parts /etc/ppp/ip-up.d \
- --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"
- # if pon was called with the "quick" argument, stop pppd
- if [ -e /var/run/ppp-quick ]; then
- rm /var/run/ppp-quick
- wait
- kill $PPPD_PID
- fi
- /sbin/iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source "serverip" 这里设置每次登陆时候都设定一次路由转发,避免失效。
- echo "****************************************************" > /var/log/pptpd-${1}.log 将所有内容导入到pptpd-${1}.log,以防多用户登陆时候造成日志混乱
- echo "username: $PEERNAME" >> /var/log/pptpd-${1}.log
- echo "clientIP: $6" >> /var/log/pptpd-${1}.log
- echo "device: $1" >> /var/log/pptpd-${1}.log
- echo "vpnIP: $4" >> /var/log/pptpd-${1}.log
- echo "assignIP: $5" >> /var/log/pptpd-${1}.log
- echo "logintime: `date -d today +%F_%T`" >> /var/log/pptpd-${1}.log
然后是ip-up的处理:
- vim /etc/ppp/ip-down
- #!/bin/sh
- #
- # This script is run by the pppd _after_ the link is brought down.
- # It uses run-parts to run scripts in /etc/ppp/ip-down.d, so to delete
- # routes, unset IP addresses etc. you should create script(s) there.
- #
- # Be aware that other packages may include /etc/ppp/ip-down.d scripts (named
- # after that package), so choose local script names with that in mind.
- #
- # This script is called with the following arguments:
- # Arg Name Example
- # $1 Interface name ppp0
- # $2 The tty ttyS1
- # $3 The link speed 38400
- # $4 Local IP number 12.34.56.78
- # $5 Peer IP number 12.34.56.99
- # $6 Optional ``ipparam'' value foo
- # The environment is cleared before executing this script
- # so the path must be reset
- PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
- export PATH
- # These variables are for the use of the scripts run by run-parts
- PPP_IFACE="$1"
- PPP_TTY="$2"
- PPP_SPEED="$3"
- PPP_LOCAL="$4"
- PPP_REMOTE="$5"
- PPP_IPPARAM="$6"
- export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
- # as an additional convenience, $PPP_TTYNAME is set to the tty name,
- # stripped of /dev/ (if present) for easier matching.
- PPP_TTYNAME=`/usr/bin/basename "$2"`
- export PPP_TTYNAME
- # If /var/log/ppp-ipupdown.log exists use it for logging.
- if [ -e /var/log/ppp-ipupdown.log ]; then
- exec >> /var/log/ppp-ipupdown.log 2>&1
- echo $0 $@
- echo
- fi
- echo "downtime: `date -d today +%F_%T`" >> /var/log/pptpd-${1}.log
- echo "bytes sent: $BYTES_SENT" >> /var/log/pptpd-${1}.log
- echo "bytes received: $BYTES_RCVD" >> /var/log/pptpd-${1}.log
- echo "connect time: $CONNECT_TIME" >> /var/log/pptpd-${1}.log
- echo "****************************************************" >> /var/log/pptpd-${1}.log
- cat /var/log/pptpd-${1}.log >> /var/log/pptpd.log
- # This script can be used to override the .d files supplied by other packages.
- if [ -x /etc/ppp/ip-down.local ]; then
- exec /etc/ppp/ip-down.local "$@"
- fi
- run-parts /etc/ppp/ip-down.d \
- --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"
最后就可以通过/var/log/pptpd.log文件进行查看PPTP VPN日志了。日志形式如下,需要更美观的自行修改代码:
- ****************************************************
- username: nenew
- clientIP: XXX.XXX.XXX.XXX
- device: ppp0
- vpnIP: 172.16.36.1
- assignIP: 172.16.36.2
- logintime: 2015-08-03_17:06:05
- downtime: 2015-08-03_17:06:23
- bytes sent: 164143
- bytes received: 51606
- connect time: 18
- ****************************************************
iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT –to-source vps网关这句话最好加到/etc/rc.local中,否则可能无法转发,及时iptables-rules里面有。
- cat /dev/ppp
- cat: /dev/ppp: No such device or address
- cat /dev/net/tun
- cat: /dev/net/tun: File descriptor in bad state
是需要检查的。
网卡可能不是eth0,可能是venet0,而且还可能是venet0:0,看好,看好。
安装脚步for ubuntu pptp vpn
- #!/bin/bash
- if [ $(id -u) != "0" ]; then
- printf "Error: You must be root to run this tool!\n"
- exit 1
- fi
- clear
- printf "
- ####################################################
- # #
- # This is a Shell-Based tool of pptp installation #
- # Version: 0.1 #
- # Author: Bruce Ku #
- # For Debian/Ubuntu 32bit and 64bit #
- # #
- ####################################################
- "
- vpsip=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`
- apt-get update
- apt-get --purge remove pptpd ppp
- rm -rf /etc/pptpd.conf
- rm -rf /etc/ppp
- apt-get install -y ppp
- apt-get install -y pptpd
- apt-get install -y iptables logrotate tar cpio perl
- rm -r /dev/ppp
- mknod /dev/ppp c 108 0
- echo 1 > /proc/sys/net/ipv4/ip_forward
- echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
- echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.local
- echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
- echo "localip 172.16.36.1" >> /etc/pptpd.conf
- echo "remoteip 172.16.36.2-254" >> /etc/pptpd.conf
- echo "ms-dns 8.8.8.8" >> /etc/ppp/options
- echo "ms-dns 8.8.4.4" >> /etc/ppp/options
- echo "vpn pptpd 123456 *" >> /etc/ppp/chap-secrets
- iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`
- iptables -A FORWARD -p tcp --syn -s 172.16.36.0/24 -j TCPMSS --set-mss 1356
- iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source "$vpsip"
- iptables-save > /etc/iptables-rules
- printf "
- ####################################################
- add my Yu
- ####################################################
- "
- echo "pre-up iptables-restore < /etc/iptables-rules" >> /etc/network/interfaces
- printf "
- ####################################################
- add my Yu
- ####################################################
- "
- /etc/init.d/pptpd restart
- printf "
- ####################################################
- # #
- # This is a Shell-Based tool of pptp installation #
- # Version: 0.1 #
- # Author: Bruce Ku #
- # For Debian/Ubuntu 32bit and 64bit #
- # #
- ####################################################
- ServerIP:$vpsip
- username:vpn
- password:123456
- "
安装完成重启
奶牛最近在找一个好用的代理程序,支持socks5的tcp和udp两种协议,并且支持64位win8系统,终于最后找到了这个sockscap64.
首先很难的,作者是国人,并且提倡软件免费,并打算一直免费提供sockscap64这软件。sockscap64目前支持socks代理和http代理,并且支持tcp和udp,Sockscap64是基于远程DLL注入技术, 通过修改系统Winsock的API后从而使运行于Sockscap64的网络软件通过SOCKS代理访问网络; 从而实现网络加速或突破局域网限制的功能。经过测试udp功能也比较稳定。
特此推荐,下载http://www.sockscap64.com/software/SocksCap64-setup-2.6.exe
安装
- apt-get install dante-server
配置文件在/etc/danted.conf
- vim /etc/danted.conf
- # $Id: sockd.conf,v 1.43 2005/12/26 16:35:26 michaels Exp $
- #
- # A sample danted.conf
- #
- #
- # The configfile is divided into three parts;
- # 1) serversettings
- # 2) rules
- # 3) routes
- #
- # The recommended order is:
- # Serversettings:
- # logoutput
- # internal
- # external
- # method
- # clientmethod
- # users
- # compatibility
- # extension
- # connecttimeout
- # iotimeout
- # srchost
- #
- # Rules:
- # client block/pass
- # from to
- # libwrap
- # log
- #
- # block/pass
- # from to
- # method
- # command
- # libwrap
- # log
- # protocol
- # proxyprotocol
- #
- # Routes:
- # the server will log both via syslog, to stdout and to /var/log/lotsoflogs 这行是日志输出,输出到syslog stdout和lotsoflogs里面
- logoutput: syslog stdout /var/log/lotsoflogs
- # The server will bind to the address 10.1.1.1, port 1080 and will only
- # accept connections going to that address.
- #internal: 10.1.1.1 port = 1080
- # Alternatively, the interface name can be used instead of the address. 这里设置eth0为网卡,端口1080
- internal: eth0 port = 1080
- # all outgoing connections from the server will use the IP address
- # 195.168.1.1
- #external: 192.168.1.1,这里是设置流量出口使用的ip,也是用eth0网卡的
- external:eth0
- # list over acceptable methods, order of preference.
- # A method not set here will never be selected.
- #
- # If the method field is not set in a rule, the global
- # method is filled in for that rule.
- #
- # methods for socks-rules. 设置方式为用户名模式
- method: username
- #methods for client-rules.
- clientmethod: none
- #or for PAM authentification
- #method: pam
- #
- # An important section, pay attention.
- #
- # when doing something that can require privilege, it will use the
- # userid:
- user.privileged: root
- # when running as usual, it will use the unprivileged userid of:
- user.notprivileged: nobody
- # If you compiled with libwrap support, what userid should it use
- # when executing your libwrap commands? "libwrap".
- user.libwrap: nobody
- #
- # some options to help clients with compatibility:
- #
- # when a client connection comes in the socksserver will try to use
- # the same port as the client is using, when the socksserver
- # goes out on the clients behalf (external: IP address).
- # If this option is set, Dante will try to do it for reserved ports aswell.
- # This will usually require user.privileged to be set to "root".
- compatibility: sameport
- # If you are using the bind extension and have trouble running servers
- # via the server, you might try setting this. The consequences of it
- # are unknown.
- compatibility: reuseaddr
- #
- # The Dante server supports some extensions to the socks protocol.
- # These require that the socks client implements the same extension and
- # can be enabled using the "extension" keyword.
- #
- # enable the bind extension.
- extension: bind
- #
- #
- # misc options.
- #
- # how many seconds can pass from when a client connects til it has
- # sent us it's request? Adjust according to your network performance
- # and methods supported.
- #connecttimeout: 30 # on a lan, this should be enough if method is "none".
- # how many seconds can the client and it's peer idle without sending
- # any data before we dump it? Unless you disable tcp keep-alive for
- # some reason, it's probably best to set this to 0, which is
- # "forever".
- #iotimeout: 0 # or perhaps 86400, for a day.
- # do you want to accept connections from addresses without
- # dns info? what about addresses having a mismatch in dnsinfo?
- #srchost: nounknown nomismatch
- #
- # The actual rules. There are two kinds and they work at different levels.
- #
- # The rules prefixed with "client" are checked first and say who is allowed
- # and who is not allowed to speak/connect to the server. I.e the
- # ip range containing possibly valid clients.
- # It is especially important that these only use IP addresses, not hostnames,
- # for security reasons.
- #
- # The rules that do not have a "client" prefix are checked later, when the
- # client has sent its request and are used to evaluate the actual
- # request.
- #
- # The "to:" in the "client" context gives the address the connection
- # is accepted on, i.e the address the socksserver is listening on, or
- # just "0.0.0.0/0" for any address the server is listening on.
- #
- # The "to:" in the non-"client" context gives the destination of the clients
- # socksrequest.
- #
- # "from:" is the source address in both contexts.
- #
- # the "client" rules. All our clients come from the net 10.0.0.0/8.
- #
- # Allow our clients, also provides an example of the port range command. 设置客户可以通过任何ip登陆,访问任何ip
- client pass {
- from: 0.0.0.0/0 to: 0.0.0.0/0
- # method: rfc931 # match all idented users that also are in passwordfile
- }
- # This is identical to above, but allows clients without a rfc931 (ident)
- # too. In practise this means the socksserver will try to get a rfc931
- # reply first (the above rule), if that fails, it tries this rule.
- #client pass {
- # from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
- #}
- # drop everyone else as soon as we can and log the connect, they are not
- # on our net and have no business connecting to us. This is the default
- # but if you give the rule yourself, you can specify details.
- #client block {
- # from: 0.0.0.0/0 to: 0.0.0.0/0
- # log: connect error
- #}
- # the rules controlling what clients are allowed what requests
- #
- # you probably don't want people connecting to loopback addresses,
- # who knows what could happen then.
- #block {
- # from: 0.0.0.0/0 to: 127.0.0.0/8
- # log: connect error
- #}
- # the people at the 172.16.0.0/12 are bad, no one should talk to them.
- # log the connect request and also provide an example on how to
- # interact with libwrap.
- #block {
- # from: 0.0.0.0/0 to: 172.16.0.0/12
- # libwrap: spawn finger @%a
- # log: connect error
- #}
- # unless you need it, you could block any bind requests.
- #block {
- # from: 0.0.0.0/0 to: 0.0.0.0/0
- # command: bind
- # log: connect error
- #}
- # or you might want to allow it, for instance "active" ftp uses it.
- # Note that a "bindreply" command must also be allowed, it
- # should usually by from "0.0.0.0/0", i.e if a client of yours
- # has permission to bind, it will also have permission to accept
- # the reply from anywhere.
- #pass {
- # from: 10.0.0.0/8 to: 0.0.0.0/0
- # command: bind
- # log: connect error
- #}
- # some connections expect some sort of "reply", this might be
- # the reply to a bind request or it may be the reply to a
- # udppacket, since udp is packetbased.
- # Note that nothing is done to verify that it's a "genuine" reply,
- # that is in general not possible anyway. The below will allow
- # all "replies" in to your clients at the 10.0.0.0/8 net.
- #pass {
- # from: 0.0.0.0/0 to: 10.0.0.0/8
- # command: bindreply udpreply
- # log: connect error
- #}
- # pass any http connects to the example.com domain if they
- # authenticate with username.
- # This matches "example.com" itself and everything ending in ".example.com".
- #pass {
- # from: 10.0.0.0/8 to: .example.com port = http
- # log: connect error
- # method: username
- #}
- # block any other http connects to the example.com domain.
- #block {
- # from: 0.0.0.0/0 to: .example.com port = http
- # log: connect error
- #}
- # everyone from our internal network, 10.0.0.0/8 is allowed to use
- # tcp and udp for everything else. 设置协议支持tcp和udp
- pass {
- from: 0.0.0.0/0 to: 0.0.0.0/0
- protocol: tcp udp
- }
- # last line, block everyone else. This is the default but if you provide
- # one yourself you can specify your own logging/actions
- #block {
- # from: 0.0.0.0/0 to: 0.0.0.0/0
- # log: connect error
- #}
- # route all http connects via an upstream socks server, aka "server-chaining".
- #route {
- # from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks
- #}
配置完成,
- /etc/init.d/danted start
进行启动。登陆是用本机用户名和密码即可。建议将用户的shell设置为nologin
好吧,最近搞了个香港服务器,但是香港带宽限制比较严格,当然不能吃亏了,测速,必须测速。
今天主角出场speedtest-cli,它工作在Python 2.4-3.4
安装:
- pip / easy_install
- pip install speedtest-cli
- or
- easy_install speedtest-cli
- Github
- pip install git+https://github.com/sivel/speedtest-cli.git
- or
- git clone https://github.com/sivel/speedtest-cli.git
- python speedtest-cli/setup.py install
- Just download (Like the way it used to be)
- wget -O speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py
- chmod +x speedtest-cli
- or
- curl -Lo speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py
- chmod +x speedtest-cli
功能和使用:
- $ speedtest-cli -h
- usage: speedtest-cli [-h] [--bytes] [--share] [--simple] [--list]
- [--server SERVER] [--mini MINI] [--source SOURCE]
- [--timeout TIMEOUT] [--version]
- Command line interface for testing internet bandwidth using speedtest.net.
- --------------------------------------------------------------------------
- https://github.com/sivel/speedtest-cli
- optional arguments:
- -h, --help show this help message and exit
- --bytes Display values in bytes instead of bits. Does not affect
- the image generated by --share
- --share Generate and provide a URL to the speedtest.net share
- results image
- --simple Suppress verbose output, only show basic information
- --list Display a list of speedtest.net servers sorted by
- distance
- --server SERVER Specify a server ID to test against
- --mini MINI URL of the Speedtest Mini server
- --source SOURCE Source IP address to bind to
- --timeout TIMEOUT HTTP timeout in seconds. Default 10
- --version Show the version number and exit
简单测速,奶牛是在ubuntu下进行的测试:
- apt-get install python-pip
- pip install speedtest-cli
安装完成后执行:
- speedtest
测试结果如下:
- root@gameserver1:~# speedtest
- Retrieving speedtest.net configuration...
- Retrieving speedtest.net server list...
- Testing from Shanghai Anchnet Network Technology (XXX.XXX.XXX.XXX)...
- Selecting best server based on latency...
- Hosted by Shanghai Branch, China Unicom (Shanghai) [19.64 km]: 29.249 ms
- Testing download speed........................................
- Download: 18.84 Mbit/s
- Testing upload speed..................................................
- Upload: 1.51 Mbit/s