僅啟用私有網絡時從雲 VM 訪問 Internet-LinuxTechBlog


寬度e 有一些虛擬服務器託管 軟層 用於數據處理和備份目的。公共接口完全關閉。也就是說,您無法訪問互聯網。 您只能使用 VPN 訪問 VM。這降低了後端服務器的成本,並帶來了許多安全問題。但是,如果您訂購了“僅專用網絡”雲 VM,則無法使用該 VM 將出站流量路由到 Internet。

以下是訂購貴公司服務器的方法:

您無法訪問互聯網或將文件下載或上傳到互聯網。

圖 02:看互聯網

使用代理服務器

我正在公共 VM 上設置 squid3 代理服務器。此 VM 可以訪問同一 VLAN 上的私有云和公共 Internet。示例 squid3.conf:

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
## private vm ##
acl zfsbackup src 10.81.33.4
http_access allow zfsbackup
http_access allow localhost
http_access deny all
## this server with eth0 connected to VLAN ##
http_port 10.86.115.100:3128
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|?) 0	0%	0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .		0	20%	4320
## this server with eth1 connected to the Internt ##
tcp_outgoing_address 75.zzz.xxx.yyy
forwarded_for delete 
via off
forwarded_for off
follow_x_forwarded_for deny all
request_header_access X-Forwarded-For deny all
cache_mem 1024 MB

現在您所要做的就是在您的私有 VM 上設置 http_proxy 變量,然後從 Internet 或 git 存儲庫下載文件。

# set http_proxy, do not forget to set ftp_proxy, https_proxy, socks_proxy etc
export http_proxy="https://10.86.115.100:3128"
export HTTP_PROXY="https://10.86.115.100:3128"
# Now we have access to the internet ##
wget https://some-url/file.foo.gz
curl -I google.com
lynx google.com
# special case 
git config --global http.proxy $http_proxy
git commands here
# Use proxy sever with user and password
export http_proxy=https://USERNAME:[email protected]:3128"
wget ..
curl ..

請務必閱讀需要 http_proxy 訪問的命令的手冊頁。不要忘記在你的shell啟動文件中添加http_proxy,也就是~/.bash_profile。