无论如何都联不通

[turingking]

服务器操作 和 log，服务器log一直没变过

jinhan13789@taiwan-a:~$ sudo iptables -F
jinhan13789@taiwan-a:~$ sudo iptables -X
jinhan13789@taiwan-a:~$ sudo iptables -t nat -F
jinhan13789@taiwan-a:~$ sudo iptables -t nat -X
jinhan13789@taiwan-a:~$ sudo iptables -t mangle -F
jinhan13789@taiwan-a:~$ sudo iptables -t mangle -X
jinhan13789@taiwan-a:~$ sudo iptables -P INPUT ACCEPT
jinhan13789@taiwan-a:~$ sudo iptables -P FORWARD ACCEPT
jinhan13789@taiwan-a:~$ sudo iptables -P OUTPUT ACCEPT
jinhan13789@taiwan-a:~$ sudo iptables-save
# Generated by iptables-save v1.6.0 on Tue Jun 19 09:04:20 2018
*mangle
:PREROUTING ACCEPT [658:87535]
:INPUT ACCEPT [658:87535]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [532:72112]
:POSTROUTING ACCEPT [532:72112]
COMMIT
# Completed on Tue Jun 19 09:04:20 2018
# Generated by iptables-save v1.6.0 on Tue Jun 19 09:04:20 2018
*nat
:PREROUTING ACCEPT [8:476]
:INPUT ACCEPT [8:476]
:OUTPUT ACCEPT [24:1456]
:POSTROUTING ACCEPT [24:1456]
COMMIT
# Completed on Tue Jun 19 09:04:20 2018
# Generated by iptables-save v1.6.0 on Tue Jun 19 09:04:20 2018
*filter
:INPUT ACCEPT [160:32300]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [143:19541]
:udp2rawDwrW_77a2ebc9_C0 - [0:0]
-A INPUT -p tcp -m tcp --dport 8888 -j udp2rawDwrW_77a2ebc9_C0
-A udp2rawDwrW_77a2ebc9_C0 -j DROP
COMMIT
# Completed on Tue Jun 19 09:04:20 2018


jinhan13789@taiwan-a:~$ sudo ./udp2raw_amd64  -s -l0.0.0.0:8888 -r 172.25.0.2:1194 -a -k passwd --raw-mode faketcp --cipher-mode xor 
[2018-06-19 08:59:55][INFO]argc=12 ./udp2raw_amd64 -s -l0.0.0.0:8888 -r 172.25.0.2:1194 -a -k passwd --raw-mode faketcp --cipher-mode xor 
[2018-06-19 08:59:55][INFO]important variables: log_level=4:INFO raw_mode=faketcp cipher_mode=xor auth_mode=md5 key=passwd local_ip=0.0.0.0 local_port=8888 remote_ip=172.25.0.2 remote_port=1194 source_ip=0.0.0.0 source_port=0 socket_buf_size=1048576 
[2018-06-19 08:59:55][WARN]you can run udp2raw with non-root account for better security. check README.md in repo for more info.
[2018-06-19 08:59:55][INFO]const_id:77a2ebc9
[2018-06-19 08:59:55][INFO]run_command iptables -N udp2rawDwrW_77a2ebc9_C0
[2018-06-19 08:59:55][INFO]run_command iptables -F udp2rawDwrW_77a2ebc9_C0
[2018-06-19 08:59:55][INFO]run_command iptables -I udp2rawDwrW_77a2ebc9_C0 -j DROP
[2018-06-19 08:59:55][INFO]run_command iptables -I INPUT -p tcp -m tcp --dport 8888 -j udp2rawDwrW_77a2ebc9_C0
[2018-06-19 08:59:55][WARN]auto added iptables rules
[2018-06-19 08:59:55][INFO]now listening at 0.0.0.0:8888

客户端操作和log

root@LEDE:~# iptables -F
root@LEDE:~# iptables -X
root@LEDE:~# iptables -t nat -F
root@LEDE:~# iptables -t nat -X
root@LEDE:~# 
root@LEDE:~# iptables -t mangle -F
root@LEDE:~# iptables -t mangle -X
root@LEDE:~# iptables -P INPUT ACCEPT
root@LEDE:~# iptables -P FORWARD ACCEPT
root@LEDE:~# iptables -P OUTPUT ACCEPT
root@LEDE:~# iptables-save
# Generated by iptables-save v1.4.21 on Tue Jun 19 09:02:52 2018
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Tue Jun 19 09:02:52 2018
# Generated by iptables-save v1.4.21 on Tue Jun 19 09:02:52 2018
*mangle
:PREROUTING ACCEPT [48:3392]
:INPUT ACCEPT [48:3392]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [35:3944]
:POSTROUTING ACCEPT [35:3944]
COMMIT
# Completed on Tue Jun 19 09:02:52 2018
# Generated by iptables-save v1.4.21 on Tue Jun 19 09:02:52 2018
*filter
:INPUT ACCEPT [37:2376]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [32:3696]
COMMIT
# Completed on Tue Jun 19 09:02:52 2018
root@LEDE:~# udp2raw -c -l0.0.0.0:65535 -r104.199.176.45:8888 -a -k "passwd" --raw-mode faketcp --cipher-mode xor
[2018-06-19 09:03:07][INFO]argc=11 udp2raw -c -l0.0.0.0:65535 -r104.199.176.45:8888 -a -k passwd --raw-mode faketcp --cipher-mode xor 
[2018-06-19 09:03:07][INFO]important variables: log_level=4:INFO raw_mode=faketcp cipher_mode=xor auth_mode=md5 key=passwd local_ip=0.0.0.0 local_port=65535 remote_ip=104.199.176.45 remote_port=8888 source_ip=0.0.0.0 source_port=0 socket_buf_size=1048576 
[2018-06-19 09:03:07][WARN]you can run udp2raw with non-root account for better security. check README.md in repo for more info.
[2018-06-19 09:03:07][INFO]const_id:dcbd2afc
[2018-06-19 09:03:07][INFO]run_command iptables -N udp2rawDwrW_dcbd2afc_C0
[2018-06-19 09:03:07][INFO]run_command iptables -F udp2rawDwrW_dcbd2afc_C0
[2018-06-19 09:03:07][INFO]run_command iptables -I udp2rawDwrW_dcbd2afc_C0 -j DROP
[2018-06-19 09:03:07][INFO]run_command iptables -I INPUT -s 104.199.176.45/32 -p tcp -m tcp --sport 8888 -j udp2rawDwrW_dcbd2afc_C0
[2018-06-19 09:03:07][WARN]auto added iptables rules
[2018-06-19 09:03:07][INFO]get_src_adress called
[2018-06-19 09:03:07][INFO]source ip = 192.168.5.9
[2018-06-19 09:03:07][INFO]using port 63272
[2018-06-19 09:03:07][INFO]state changed from client_idle to client_tcp_handshake
[2018-06-19 09:03:07][INFO](re)sent tcp syn
[2018-06-19 09:03:08][INFO](re)sent tcp syn
[2018-06-19 09:03:09][INFO](re)sent tcp syn
[2018-06-19 09:03:10][INFO](re)sent tcp syn
[2018-06-19 09:03:11][INFO](re)sent tcp syn
[2018-06-19 09:03:12][INFO]state back to client_idle from client_tcp_handshake
[2018-06-19 09:03:12][INFO]using port 32030
[2018-06-19 09:03:12][INFO]state changed from client_idle to client_tcp_handshake
[2018-06-19 09:03:12][INFO](re)sent tcp syn
[2018-06-19 09:03:13][INFO](re)sent tcp syn
[2018-06-19 09:03:15][INFO](re)sent tcp syn
[2018-06-19 09:03:16][INFO](re)sent tcp syn
[2018-06-19 09:03:17][INFO](re)sent tcp syn
[2018-06-19 09:03:17][INFO]state back to client_idle from client_tcp_handshake
[2018-06-19 09:03:18][INFO]using port 51965
[2018-06-19 09:03:18][INFO]state changed from client_idle to client_tcp_handshake
[2018-06-19 09:03:18][INFO](re)sent tcp syn
[2018-06-19 09:03:19][INFO](re)sent tcp syn
[2018-06-19 09:03:20][INFO](re)sent tcp syn
[2018-06-19 09:03:21][INFO](re)sent tcp syn
^C[2018-06-19 09:03:22][INFO]epoll interrupted by signal,continue

[2018-06-19 09:03:22][INFO]run_command iptables -D INPUT -s 104.199.176.45/32 -p tcp -m tcp --sport 8888 -j udp2rawDwrW_dcbd2afc_C0
[2018-06-19 09:03:22][INFO]run_command iptables -F udp2rawDwrW_dcbd2afc_C0
[2018-06-19 09:03:22][INFO]run_command iptables -X udp2rawDwrW_dcbd2afc_C0

root@LEDE:~# ping 104.199.176.45
PING 104.199.176.45 (104.199.176.45) 56(84) bytes of data.
64 bytes from 104.199.176.45: icmp_req=1 ttl=47 time=177 ms
64 bytes from 104.199.176.45: icmp_req=2 ttl=47 time=176 ms
^C
--- 104.199.176.45 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 176.612/177.204/177.796/0.592 ms
root@LEDE:~# ssh jinhan13789@104.199.176.45
Permission denied (publickey).
root@LEDE:~# 

在本机上开服务端和客户端都没事~ 服务器也能ping和ssh连接，就是udp2raw不通

[turingking]

问题已解决，是谷歌云vpc防火墙的问题，是独立于主机iptables之外的又一层防火墙。之前只开启了tcp:65535, udp:65535。用的也是65535端口，所以才没问题。 后面换了端口，怎么都连不上= =！