Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mac OSX终端走shadowsocks代理 #18

Open
mrdulin opened this Issue Apr 8, 2017 · 62 comments

Comments

Projects
None yet
@mrdulin
Copy link
Owner

mrdulin commented Apr 8, 2017

shadowsocks设置为:

  • 打开shadowsocks
  • 自动代理模式
  • 服务器(香港阿里云)

zsh作为说明

~ vim ~/.zshrc  

添加如下代理配置:

# proxy list
alias proxy='export all_proxy=socks5://127.0.0.1:1080'
alias unproxy='unset all_proxy'

:wq保存退出

~ source ~/.zshrc

使用proxy前先查看下当前的ip地址:

~ curl ip.cn
当前 IP:112.64.xxx.xx 来自:上海市 联通

或者

~ curl cip.cc
IP	: 140.206.97.42
地址	: 中国  上海

数据二	: 上海市 | 联通

URL	: http://www.cip.cc/140.206.97.42

执行:

~ proxy
➜  ~ curl ip.cn
当前 IP:47.89.xx.xxx 来自:香港特别行政区 阿里云

如果ip.cn不能用,可以换个类似的站点查询

~ curl cip.cc
IP	: 45.78.47.19
地址	: 美国  加利福尼亚

数据二	: 美国 | 加利福尼亚州洛杉矶市 IT7 Networks

URL	: http://www.cip.cc/45.78.47.19

没问题,终端走了代理,brew update顺畅了- -

如果不需要走代理,执行:

~ unproxy   
➜  ~ curl ip.cn
当前 IP:112.64.xxx.xx 来自:上海市 联通

proxychains-ng

~ brew install proxychains-ng
Updating Homebrew...

由于OSX升级后的SIP限制,在proxychains.conf�文件中设置sssocks5代理,无效了。解决办法是在重启后,在Recovery mode下关闭SIP,但对于强迫症来说,不能忍(安全问题)。详见
rofl0r/proxychains-ng/issues/78

➜  ~ proxychains4 curl ip.cn
[proxychains] config file found: /usr/local/Cellar/proxychains-ng/4.12/etc/proxychains.conf
[proxychains] preloading /usr/local/Cellar/proxychains-ng/4.12/lib/libproxychains4.dylib
当前 IP:112.64.xxx.xx 来自:上海市 联通

配置文件/usr/local/Cellar/proxychains-ng/4.12/etc/proxychains.conf:

 111 [ProxyList]
 112 # add proxy here ...
 113 # meanwile
 114 # defaults set to "tor"
 115 #socks4     127.0.0.1 9050
 116 socks5  127.0.0.1 1080

-- update 2017.07.21 --

osx下使用brew安装google-chrome时:

% brew cask install google-chrome
==> Satisfying dependencies
==> Downloading https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg

curl: (6) Could not resolve host: dl.google.com
Error: Download failed on Cask 'google-chrome' with message: Download failed: https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg
Error: Install incomplete.

通过设置terminalhttp代理解决:

% export http_proxy=http://127.0.0.1:1087;export https_proxy=http://127.0.0.1:1087;

参考:


Flag Counter

@Huang-Libo

This comment has been minimized.

Copy link

Huang-Libo commented Oct 26, 2017

@mrdulin
执行 proxy 之后, curl ip.cn 的结果:
curl: (7) Failed to connect to 127.0.0.1 port 1080: Connection refused

在前面加上 sudo 后, 获取的 ip 还是本地运营商的. 这是怎么回事呢?

@mrdulin

This comment has been minimized.

Copy link
Owner Author

mrdulin commented Oct 27, 2017

@Huang-Libo 请确保本地代理服务器的地址和端口是127.0.0.1:1080

请打开ss,进行代理服务器设置
我试了下,退出ss,就是你这个错误,因为本地代理服务器没有启动。

@Huang-Libo

This comment has been minimized.

Copy link

Huang-Libo commented Oct 27, 2017

@mrdulin
设置是对的, 执行 proxy 之前都能看到结果, 执行 proxy 之后就报错, 有点奇怪.

@samhou1988

This comment has been minimized.

Copy link

samhou1988 commented Nov 7, 2017

我也遇到了类似的情况,设置了 shadowsocks 的 socks 代理地址为: 127.0.0.1 端口为 1080,重启下 shadowsocks 后执行 proxy 成功

@Huang-Libo

This comment has been minimized.

Copy link

Huang-Libo commented Nov 9, 2017

@samhou1988 其实我发现使用 proxychains-ng 的时候使用 brew 版本的程序就可以了

@Ericva

This comment has been minimized.

Copy link

Ericva commented Nov 20, 2017

@mrdulin 请教楼主几个问题。
1.本地的ss只能配置远端server的ip和端口号吧?本地代理服务器的ip和port也就是127.0.0.1和1080是不是不能自己配置?
2.执行proxy之后,显示的是”curl: (52) Empty reply from server“。
3.我看楼主一开始的测试是没有安装proxychains-ng这个的,是不是也先不需要安装这个?
麻烦楼主帮忙看下~

@mrdulin

This comment has been minimized.

Copy link
Owner Author

mrdulin commented Nov 21, 2017

@Ericva
1.本地的ss是客户端,你的VPS上的ss是服务端,客户端的服务器配置中,地址和端口填写你VPS的ip地址和ss服务端运行后的端口号,这样客户端就连接到你的vps的ss服务了。
image
ss客户端启动后,可以修改客户端服务的端口号,不一定是1080,使用switchomega,proxifier等代理切换软件时,指定ss的ip和端口是客户端的。
image

2.你的服务器配置ip或者端口不正确,客户端ss没有链接到VPS上的ss服务端,或者是你VPS上的ss服务端没有启动或是出了问题。如下图,我随便输入了一个ip和端口,执行proxy后,结果显示“curl: (52) Empty reply from server”

3.proxychains-ng和通过在.zshrc或者.bashrc中指定代理alias是两种终端走代理的方式,没有依赖关系。

@Ericva

This comment has been minimized.

Copy link

Ericva commented Nov 21, 2017

谢谢楼主快速的解答~ 关于2,我ss是配置好了的,chrome/safari都可以科学上网,感觉应该是其他的坑,但是还不知道是啥原因。/(ㄒoㄒ)/~~

@dasheng523

This comment has been minimized.

Copy link

dasheng523 commented Nov 25, 2017

跟Ericva碰到的问题一样。chrome/safari都可以,但终端上只能访问国内网站。

@p0sec

This comment has been minimized.

Copy link

p0sec commented Dec 29, 2017

感谢,终端一直代理不出去,这次终于好了

@liushazm

This comment has been minimized.

Copy link

liushazm commented Jan 17, 2018

非常感谢,代理已经能显示外国的地址,但是ping www.google.com 的时候还是ping不通,请问知道为什么吗

@1057437122

This comment has been minimized.

Copy link

1057437122 commented Jan 20, 2018

@liushazm 我的也是这样,求解~

@roclee2020

This comment has been minimized.

Copy link

roclee2020 commented Jan 23, 2018

谢谢楼主,解决了我困扰多时的问题,感谢分享

@wuyachao

This comment has been minimized.

Copy link

wuyachao commented Feb 23, 2018

@liushazm 代理已经显示国外的Ip,但是还是ping不通,请问你解决了吗

@wentaocn

This comment has been minimized.

Copy link

wentaocn commented Feb 24, 2018

我的curl ip.cn在没有使用代理的情况都没法用,很奇怪。
报错类似@Huang-Libo :

curl: (7) Failed to connect to ip.cn port 80: Operation timed out

macOS 10.13.3, iTerm2

@Huang-Libo

This comment has been minimized.

Copy link

Huang-Libo commented Feb 24, 2018

@liushazm
ss代理是基于tcp或者udp协议,而ping是走的icmp协议因此在ss下不能ping通google

参考:
https://stackoverflow.com/questions/5274934/use-ping-through-socks-server

@solomonxie solomonxie referenced this issue Feb 25, 2018

Open

AWS为首的云服务器实战钻研 #31

7 of 7 tasks complete

@solomonxie solomonxie referenced this issue Mar 5, 2018

Open

Network Engineering 网络工程师 #35

28 of 30 tasks complete
@mrdulin

This comment has been minimized.

Copy link
Owner Author

mrdulin commented Mar 9, 2018

@liushazm @1057437122

@Huang-Libo 说的没错

网络七层协议(OSI):7 应用层 6 表示层 5 会话层 4 传输层 3 网络层 2 数据链路层 1 物理层

上层模型依赖下层模型

  1. ping命令使用的ICMP协议,作用在OSI模型第3层——网络层(IP层)

使用wireshark抓包查看ping命令发送给目标地址的数据包
image

  1. SOCKS作用在OSI模型的第5层——会话层

  2. HTTP、FTP、SMTP作用在OSI模型第7层——网络层

ss支持的代理协议是socks(5 会话层)和http(7 应用层),最终都依赖于TCP(4 传输层)和IP协议(3 网络层),发送tcp数据包,但并不能代理第3层——网络层

本机与ss代理服务器之间发送的tcp数据包
image

@liushazm

This comment has been minimized.

Copy link

liushazm commented Mar 15, 2018

@Huang-Libo @mrdulin 非常感谢两位大神
@1057437122 @wuyachao 上面两位大神解决了

@usercao

This comment has been minimized.

Copy link

usercao commented Mar 19, 2018

默认终端proxy没有这个命令,是不是要安装什么软件才能执行这个?

@mrdulin

This comment has been minimized.

Copy link
Owner Author

mrdulin commented Mar 19, 2018

@usercao 为了方便,设置的命令别名

执行proxy就表示执行export all_proxy=socks5://127.0.0.1:1080

@devSC

This comment has been minimized.

Copy link

devSC commented Mar 29, 2018

新装的proxychains-ng 配置文件路径在: /usr/local/etc/proxychains.conf

@ziqinH

This comment has been minimized.

Copy link

ziqinH commented Mar 30, 2018

@liushazm 请问 ping 不通是你再怎么解决的?

@Jay54520

This comment has been minimized.

Copy link

Jay54520 commented Apr 7, 2018

all_proxy 这个环境变量的作用是什么?谷歌了一下没有找到答案。

与 MacOS 网络偏好中的代理配置有什么区别?

@lambal

This comment has been minimized.

Copy link

lambal commented Aug 30, 2018

非常有用! 👍

@kyleduo

This comment has been minimized.

Copy link

kyleduo commented Sep 13, 2018

完美~

@googege

This comment has been minimized.

Copy link

googege commented Oct 8, 2018

@xiaohao111
弃用哪个R8版本,下载https://github.com/shadowsocks/ShadowsocksX-NG/releases/ 版本即可。

@chunjie-sam-liu

This comment has been minimized.

Copy link

chunjie-sam-liu commented Nov 28, 2018

alias proxy='export socks5_proxy=socks5://127.0.0.1:1086;export http_proxy=http://127.0.0.1:1087;export https_proxy=http://127.0.0.1:1087;'
alias unproxy='unset socks5_proxy http_proxy https_proxy'

这样可以把socks5和http以及https全都代理。

@m3lon

This comment has been minimized.

Copy link

m3lon commented Nov 29, 2018

good article

@sunadm

This comment has been minimized.

Copy link

sunadm commented Dec 1, 2018

if u just want use brew under proxy, then u can simply set the curl config.
put '.curlrc' in ur home dir, content like this:

socks5 = "127.0.0.1:1087"
@Pliza

This comment has been minimized.

Copy link

Pliza commented Dec 7, 2018

Thank you very much! It helped me a lot!

@yifan2223

This comment has been minimized.

Copy link

yifan2223 commented Dec 24, 2018

Thanks so much

@pbdm

This comment has been minimized.

Copy link

pbdm commented Dec 28, 2018

https://unix.stackexchange.com/questions/212894/whats-the-right-format-for-the-http-proxy-environment-variable-caps-or-no-ca
貌似 proxy 环境变量的设置没有官方的标准, 不同的应用会读取不同的设置,所以貌似最好应该把 http_proxy, https_proxy, all_proxy, HTTP_PROXY, HTTPS_PROXY, ALL_PROXY 这些都设置上......

@longshilin

This comment has been minimized.

Copy link

longshilin commented Dec 28, 2018

https://unix.stackexchange.com/questions/212894/whats-the-right-format-for-the-http-proxy-environment-variable-caps-or-no-ca
貌似 proxy 环境变量的设置没有官方的标准, 不同的应用会读取不同的设置,所以貌似最好应该把 http_proxy, https_proxy, all_proxy, HTTP_PROXY, HTTPS_PROXY, ALL_PROXY 这些都设置上......

走一波 vim .zshrc

# proxy list
alias proxy='export http_proxy=socks5://127.0.0.1:1080 https_proxy=$http_proxy HTTP_PROXY=$http_proxy HTTPS_PROXY=$http_proxy all_proxy=$http_proxy'
alias unproxy='unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY all_proxy'
@xkcoding

This comment has been minimized.

Copy link

xkcoding commented Jan 9, 2019

感谢感谢

@leiz

This comment has been minimized.

Copy link

leiz commented Jan 13, 2019

thx👍

@zouchao

This comment has been minimized.

Copy link

zouchao commented Jan 18, 2019

终端里面能使用pac吗?目前没有找到合适的用法,大家都是怎么解决如下这种情况的呢?

比如在iterm2里面go get的时候,有些包是自己服务器的,有些是国外的。。。设置了代理就无法拉到自己的包,不设置代理就拉不到国外的包

@lucas1993ch

This comment has been minimized.

Copy link

lucas1993ch commented Jan 20, 2019

终端里面能使用pac吗?目前没有找到合适的用法,大家都是怎么解决如下这种情况的呢?

比如在iterm2里面go get的时候,有些包是自己服务器的,有些是国外的。。。设置了代理就无法拉到自己的包,不设置代理就拉不到国外的包

暂时没找到终端里配置pac的方法,但是有其他方式可以满足如上的需求。
目前我知道有如下几种解决方法:
1:使用proxychains-ng,但是这样子会涉及到sip,有些人不能忍,上面的答案中有提到关闭sip的问题。
2:做个二级代理。二级代理需要两个服务器,一个国外服务器Outer(没被墙的),一个国内服务器Inner。我们的电脑直接国内服务器
(终端export all_proxy="http://192.168.x.x"等等)
然后在国内服务器上做再进行规则过滤,让公司内网的网段等其他网段不走Outer(即不走Outer代理服务器,一般就直接重定),其余的被墙的再走Outer。这样子内部只要搭建一遍即可让所有人都可以通过连接到Inner从而能满足:能go get 内网的代码,又能go get 哪些被墙的网站。
具体方法:可以使用ss(国外服务器上部署ss,因为ss的灵活性比较高,所以也推荐二级代理服务器使用ss,一级代理服务器使用cow)。详情:https://blog.guchengf.me/proxy-with-shadowsocks-cow
cow+cow
或者是v2ray也可以了解一下。

@zouchao

This comment has been minimized.

Copy link

zouchao commented Jan 22, 2019

@lucas1993ch 感谢您的建议,已在内网(privoxy)+ 墙外(ss)撘了一套。

@gatspy

This comment has been minimized.

Copy link

gatspy commented Jan 30, 2019

还是alias方式可靠点.虽然要手动切换下

@luvvien

This comment has been minimized.

Copy link

luvvien commented Feb 22, 2019

别用shadowsocks了,Google的outline直接就能命令行使用,搭建和使用方法:科学上网之outline搭建和使用

@mrdulin

This comment has been minimized.

Copy link
Owner Author

mrdulin commented Feb 23, 2019

@luvvien 感谢分享,学习了

@yibhou

This comment has been minimized.

Copy link

yibhou commented Feb 24, 2019

谢谢分享

@jaywade95

This comment has been minimized.

Copy link

jaywade95 commented Mar 4, 2019

楼主您好,我在iterm2下面根据楼主的教程配置了,curl ip.gs之后也是返回的香港ip,但是ssh还是走了国内的出口ip,请问一下ssh协议是还需要另外配置是吗?

@luvvien

This comment has been minimized.

Copy link

luvvien commented Mar 4, 2019

@mrdulin 哇 美女工程师

@mrdulin

This comment has been minimized.

Copy link
Owner Author

mrdulin commented Mar 4, 2019

@jaywade95 可以参考下:#69

@wi1dcard

This comment has been minimized.

Copy link

wi1dcard commented Mar 4, 2019

@mrdulin 哇 美女工程师

忽然发现头像背后是在青岛 2333。

@luvvien

This comment has been minimized.

Copy link

luvvien commented Mar 5, 2019

@mrdulin 哇 美女工程师

忽然发现头像背后是在青岛 2333。
@wi1dcard 我也发现了 哈哈 我距离青岛一个多小时

@jaywade95

This comment has been minimized.

Copy link

jaywade95 commented Mar 5, 2019

@mrdulin 感谢楼主分享,已经成功配置

@EndlessCheng

This comment has been minimized.

Copy link

EndlessCheng commented Mar 11, 2019

似乎执行

export http_proxy=http://127.0.0.1:1087
export https_proxy=http://127.0.0.1:1087

就够了

@riskers

This comment has been minimized.

Copy link

riskers commented Mar 11, 2019

之前总结过一篇文章: riskers/blog#38

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.