透明的stunnel代理setsockopt不允许操作

时间:2015-07-26 07:23:11

标签: linux proxy stunnel setsockopt transparentproxy

我正在尝试在服务器上运行透明的stunnel4代理以获取websocket服务。

WS服务器基于Ratchet框架,因此不支持WSS,因此需要代理。

当stunnel.conf中的transparent设置为none时,websocket流量没有发生任何事故,除了WS服务器之外,所有流量都来自127.0.0.1,一切都运行良好。 但是,一旦透明设置为source,客户端就会获得 WebSocket connection to 'wss://<ADDR>:32770/' failed: Error during WebSocket handshake: net::ERR_CONNECTION_RESET

据我所知,这些问题在stunnel日志中的setsockopt IP_TRANSPARENT: Operation not permitted (1)之后开始。我已经设置了stunnel文档中所需的所有iptables设置,并确保一切都以root身份运行。 我已经在这个问题上工作了三天,并将我搜索条件的所有变化都变为紫色,但无济于事。我希望这里有一个服务器向导来帮助我解决我的麻烦。

stunnel doc reference:https://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONS

设置:
服务器正在运行Ubuntu 12.04.5 LTS(GNU / Linux 2.6.32-042stab093.4 x86_64)
使用stunnel 4

open_server.php文件:

use Ratchet\App;
use Websocket_Server\Server;

require dirname(__DIR__) . '/vendor/autoload.php';

$loop = React\EventLoop\Factory::create();
$webSock = new React\Socket\Server($loop);
$webSock->listen(8888, '0.0.0.0');

$webServer = new Ratchet\Server\IoServer(
        new Ratchet\Http\HttpServer(
            new Ratchet\WebSocket\WsServer(new Server($loop))
        ), $webSock
    );

$loop->run();

stunnel.conf:

key = <key file dir>
cert = <crt file dir>

debug = 7
output = /var/log/stunnel_log.log

setgid = 0

[websocket]
accept = 32770
connect = 8888
transparent = source

尝试使用transparent = source:

命中套接字时的整个调试输出
2015.07.26 15:09:26 LOG7[14108:140701658388224]: local socket: FD=0 allocated (non-blocking mode)
2015.07.26 15:09:26 LOG7[14108:140701658388224]: Service websocket accepted FD=0 from <MY EXTERNAL IP>:54421
2015.07.26 15:09:26 LOG7[14108:140701658478336]: Service websocket started
2015.07.26 15:09:26 LOG7[14108:140701658478336]: Option TCP_NODELAY set on local socket
2015.07.26 15:09:26 LOG7[14108:140701658478336]: Waiting for a libwrap process
2015.07.26 15:09:26 LOG7[14108:140701658478336]: Acquired libwrap process #0
2015.07.26 15:09:26 LOG7[14108:140701658478336]: Releasing libwrap process #0
2015.07.26 15:09:26 LOG7[14108:140701658478336]: Released libwrap process #0
2015.07.26 15:09:26 LOG7[14108:140701658478336]: Service websocket permitted by libwrap from <MY EXTERNAL IP>:54421
2015.07.26 15:09:26 LOG5[14108:140701658478336]: Service websocket accepted connection from <MY EXTERNAL IP>:54421
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): before/accept initialization
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 read client hello A
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 write server hello A
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 write certificate A
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 write key exchange A
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 write server done A
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 flush data
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 read client key exchange A
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 read finished A
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 write session ticket A
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 write change cipher spec A
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 write finished A
2015.07.26 15:09:26 LOG7[14108:140701658478336]: SSL state (accept): SSLv3 flush data
2015.07.26 15:09:26 LOG7[14108:140701658478336]:    0 items in the session cache
2015.07.26 15:09:26 LOG7[14108:140701658478336]:    0 client connects (SSL_connect())
2015.07.26 15:09:26 LOG7[14108:140701658478336]:    0 client connects that finished
2015.07.26 15:09:26 LOG7[14108:140701658478336]:    0 client renegotiations requested
2015.07.26 15:09:26 LOG7[14108:140701658478336]:    1 server connects (SSL_accept())
2015.07.26 15:09:26 LOG7[14108:140701658478336]:    1 server connects that finished
2015.07.26 15:09:26 LOG7[14108:140701658478336]:    0 server renegotiations requested
2015.07.26 15:09:26 LOG7[14108:140701658478336]:    0 session cache hits
2015.07.26 15:09:26 LOG7[14108:140701658478336]:    0 external session cache hits
2015.07.26 15:09:26 LOG7[14108:140701658478336]:    0 session cache misses
2015.07.26 15:09:26 LOG7[14108:140701658478336]:    0 session cache timeouts
2015.07.26 15:09:26 LOG6[14108:140701658478336]: SSL accepted: new session negotiated
2015.07.26 15:09:26 LOG6[14108:140701658478336]: Negotiated ciphers: ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
2015.07.26 15:09:26 LOG7[14108:140701658478336]: remote socket: FD=1 allocated (non-blocking mode)
2015.07.26 15:09:26 LOG3[14108:140701658478336]: setsockopt IP_TRANSPARENT: Operation not permitted (1)
2015.07.26 15:09:26 LOG3[14108:140701658478336]: local_bind (original port): Cannot assign requested address (99)
2015.07.26 15:09:26 LOG5[14108:140701658478336]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2015.07.26 15:09:26 LOG7[14108:140701658478336]: Service websocket finished (0 left)
2015.07.26 15:09:26 LOG7[14108:140701658478336]: str_stats: 0 block(s), 0 byte(s)
检查权限时

Bash输出:

# ps aux | grep stunnel4
root     14103  0.0  0.1  29820  1032 pts/2    S    15:09   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     14104  0.0  0.1  29820   704 pts/2    S    15:09   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     14105  0.0  0.1  29820   704 pts/2    S    15:09   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     14106  0.0  0.1  29820   704 pts/2    S    15:09   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     14107  0.0  0.1  29820   704 pts/2    S    15:09   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     14108  0.0  0.4  95424  2252 ?        Ss   15:09   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     20477  0.0  0.1   6460   776 pts/5    S+   17:00   0:00 grep --color=auto stunnel4

0 个答案:

没有答案